sparklyballs Posted November 25, 2017 Share Posted November 25, 2017 3 hours ago, steve1977 said: Thanks, that's quite of an issue... Any pointers on the first two issues? And maybe also any thoughts whether there is a tool around that allows me to check whether port forwarding is even possible with my ISP (and if so what ports). https://github.com/linuxserver/docker-letsencrypt#setting-up-the-application Quote Link to comment
steve1977 Posted November 25, 2017 Share Posted November 25, 2017 Thanks. I had read through it and tried to follow it. I have no clue what is occupying port 444. I assume from this thread that 443 is taken by Unraid. I can see i the docker settings what other dockers are using, but port 444 is not among them. Is there some other software or plugin for Unraid that can tell me what ports are being used by what? I have signed up for duckdns amd included all respective information (following the how-to). Duckdns is running. Not sure what I am missing within Letsecrypt though? Quote Link to comment
aptalca Posted November 25, 2017 Share Posted November 25, 2017 1 hour ago, steve1977 said: Thanks. I had read through it and tried to follow it. I have no clue what is occupying port 444. I assume from this thread that 443 is taken by Unraid. I can see i the docker settings what other dockers are using, but port 444 is not among them. Is there some other software or plugin for Unraid that can tell me what ports are being used by what? I have signed up for duckdns amd included all respective information (following the how-to). Duckdns is running. Not sure what I am missing within Letsecrypt though? You're missing the port forwarding on your router as sparklyballs wrote above. Validation requests from letsencrypt come to your router, but they need to be forwarded to your unraid's ip and the port you selected for letsencrypt Quote Link to comment
steve1977 Posted November 25, 2017 Share Posted November 25, 2017 Thanks. Sparklyballs mentioned three issues though. Do you suspect the closed ports causing the first two issues? Why is 445 "working", but 444 not. Quote Link to comment
Muff Posted November 25, 2017 Share Posted November 25, 2017 10 hours ago, aptalca said: Looks like you didn't forward the port on your router Ah, thank you! Quote Link to comment
Unthred Posted November 29, 2017 Share Posted November 29, 2017 Hi Guys, New to unraid and letsencrypt, cant seem to figure out what I am doing wrong. I am forwarding ports 80 and 443 from the router to my unraid box My domain is registered with namecheap I have replaced my domain with FooDomain in the log It certainly seems to have created certificates The log says - Saving debug log to /var/log/letsencrypt/letsencrypt.log - but there is no log there What can I do to debug it? Can I turn on extra logging? Here is the container log. Any help would be amazing! [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... ------------------------------------- _ _ _ | |___| (_) ___ | / __| | |/ _ \ | \__ \ | | (_) | |_|___/ |_|\___/ |_| Brought to you by linuxserver.io We gratefully accept donations at:https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... generating self-signed keys in /config/keys, you can replace these with your own keys if required Generating a 2048 bit RSA private key ....................................................................................................+++ + writing new private key to '/config/keys/cert.key' ----- Subject Attribute /C has no known NID, skipped [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time .............................. DH parameters successfully created - 2048 bits SUBDOMAINS entered, processing Sub-domains processed are: -d unraid.FooDomain.com E-mail address entered: [email protected] Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for FooDomain.com tls-sni-01 challenge for unraid.FooDomain.com Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/FooDomain.com/fullchain.pem. Your cert will expire on 2018-02-27. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le /var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. Quote Link to comment
ljm42 Posted November 29, 2017 Share Posted November 29, 2017 On 11/25/2017 at 7:33 AM, steve1977 said: Why is 445 "working", but 444 not. It is not really safe to randomly pick ports under 1023, as they are often already in use. Here is a list of known ports: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers you'll want to avoid reusing anything with an "official" IANA status. Good alternatives for port 443 are 2443 and 8443, as those are available and easy to remember. Quote Link to comment
aptalca Posted November 30, 2017 Share Posted November 30, 2017 14 hours ago, Unthred said: Hi Guys, New to unraid and letsencrypt, cant seem to figure out what I am doing wrong. I am forwarding ports 80 and 443 from the router to my unraid box My domain is registered with namecheap I have replaced my domain with FooDomain in the log It certainly seems to have created certificates The log says - Saving debug log to /var/log/letsencrypt/letsencrypt.log - but there is no log there What can I do to debug it? Can I turn on extra logging? Here is the container log. Any help would be amazing! [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... ------------------------------------- _ _ _ | |___| (_) ___ | / __| | |/ _ \ | \__ \ | | (_) | |_|___/ |_|\___/ |_| Brought to you by linuxserver.io We gratefully accept donations at:https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... generating self-signed keys in /config/keys, you can replace these with your own keys if required Generating a 2048 bit RSA private key ....................................................................................................+++ + writing new private key to '/config/keys/cert.key' ----- Subject Attribute /C has no known NID, skipped [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time .............................. DH parameters successfully created - 2048 bits SUBDOMAINS entered, processing Sub-domains processed are: -d unraid.FooDomain.com E-mail address entered: [email protected] Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for FooDomain.com tls-sni-01 challenge for unraid.FooDomain.com Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/FooDomain.com/fullchain.pem. Your cert will expire on 2018-02-27. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le /var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. Most likely a mapping issue. What settings did you use? Where is your config folder stored? Quote Link to comment
Unthred Posted November 30, 2017 Share Posted November 30, 2017 3 hours ago, aptalca said: Most likely a mapping issue. What settings did you use? Where is your config folder stored? Thanks for the prompt response Settings I used were pretty much the default as follows http: - Port 80 https: Port 443 email: [email protected] Domain Name: FooDomain.com subdomains: unraid, Only Subdomains: false Diffie Hellman: 2048 AppData Config Path: /mnt/user/appdata/letsencrypt After installing the docker I have this file structure in /mnt/user/appdata/letsencrypt drwxr-xr-x 1 root root 8 Nov 29 12:24 crontabs drwxr-xr-x 1 root root 22 Nov 29 12:24 etc drwxr-xr-x 1 root root 52 Nov 29 12:24 fail2ban drwxr-xr-x 1 nobody users 54 Nov 29 12:24 keys drwxr-xr-x 1 nobody users 54 Nov 29 12:24 log drwxrwxr-x 1 nobody users 84 Nov 29 12:24 nginx drwxrwxr-x 1 nobody users 20 Nov 29 12:24 www -rw-r--r-- 1 root root 118 Nov 29 12:24 donoteditthisfile.conf the logs dir contains drwxr-xr-x 1 root root 0 Nov 29 12:24 fail2ban drwxr-xr-x 1 root root 0 Nov 29 12:24 letsencrypt drwxr-xr-x 1 nobody users 0 Nov 29 12:24 nginx drwxr-xr-x 1 nobody users 0 Nov 29 12:24 php but nothing in any of these directories. without logs I am struggling to workout what is wrong. Is there anything I can do to increase the logging? Thanks Quote Link to comment
GilbN Posted November 30, 2017 Share Posted November 30, 2017 (edited) On 21.11.2017 at 3:25 PM, DZMM said: Has anyone got this working with organizr? https://blog.weyland.tech/blog/tag/fail2ban/ Edited December 6, 2017 by GilbN 1 Quote Link to comment
sparklyballs Posted November 30, 2017 Share Posted November 30, 2017 1 hour ago, GilbN said: https://blog.weyland.tech/tag:fail2ban Nice set of guides there Quote Link to comment
DZMM Posted November 30, 2017 Share Posted November 30, 2017 5 hours ago, GilbN said: https://blog.weyland.tech/tag:fail2ban thanks - had a quick look and will have to tackle this when I have time to concentrate. Quote Link to comment
aptalca Posted November 30, 2017 Share Posted November 30, 2017 6 hours ago, Unthred said: Thanks for the prompt response Settings I used were pretty much the default as follows http: - Port 80 https: Port 443 email: [email protected] Domain Name: FooDomain.com subdomains: unraid, Only Subdomains: false Diffie Hellman: 2048 AppData Config Path: /mnt/user/appdata/letsencrypt After installing the docker I have this file structure in /mnt/user/appdata/letsencrypt drwxr-xr-x 1 root root 8 Nov 29 12:24 crontabs drwxr-xr-x 1 root root 22 Nov 29 12:24 etc drwxr-xr-x 1 root root 52 Nov 29 12:24 fail2ban drwxr-xr-x 1 nobody users 54 Nov 29 12:24 keys drwxr-xr-x 1 nobody users 54 Nov 29 12:24 log drwxrwxr-x 1 nobody users 84 Nov 29 12:24 nginx drwxrwxr-x 1 nobody users 20 Nov 29 12:24 www -rw-r--r-- 1 root root 118 Nov 29 12:24 donoteditthisfile.conf the logs dir contains drwxr-xr-x 1 root root 0 Nov 29 12:24 fail2ban drwxr-xr-x 1 root root 0 Nov 29 12:24 letsencrypt drwxr-xr-x 1 nobody users 0 Nov 29 12:24 nginx drwxr-xr-x 1 nobody users 0 Nov 29 12:24 php but nothing in any of these directories. without logs I am struggling to workout what is wrong. Is there anything I can do to increase the logging? Thanks Try changing the config path to /mnt/cache or /mnt/disk Quote Link to comment
Unthred Posted November 30, 2017 Share Posted November 30, 2017 1 hour ago, aptalca said: Try changing the config path to /mnt/cache or /mnt/disk Tried changing it to /mnt/cache/appdata/letsencrypt still the same error So there is a symlink of letsencrypt in the dir its complaining about that does not go anywhere letsencrypt -> ../etc/letsencrypt/live/FooDomain the live dir is where it fails as it does not exist. Do you know what is trying to create that dir? oh also I dont have a /mnt/disk.... I have /mnt/disk1 and mnt/disk2 does that mean I have messed up somehow when installing unraid? This is my first play with it as an evaluation to buying it if it all goes well..... so far this is the only real issue I am having. Thanks Quote Link to comment
aptalca Posted November 30, 2017 Share Posted November 30, 2017 3 hours ago, Unthred said: Tried changing it to /mnt/cache/appdata/letsencrypt still the same error So there is a symlink of letsencrypt in the dir its complaining about that does not go anywhere letsencrypt -> ../etc/letsencrypt/live/FooDomain the live dir is where it fails as it does not exist. Do you know what is trying to create that dir? oh also I dont have a /mnt/disk.... I have /mnt/disk1 and mnt/disk2 does that mean I have messed up somehow when installing unraid? This is my first play with it as an evaluation to buying it if it all goes well..... so far this is the only real issue I am having. Thanks Does your domain name contain any weird characters? You can pm me if you don't want to post it publicly. I think a user had a similar issue that stemmed from the domain name being different (can't remember exactly how) that broke the scripts that create the folders Quote Link to comment
Darksurf Posted December 4, 2017 Share Posted December 4, 2017 I'm currently trying to get lychee working in this docker underneath the www folder and I get "Server error: API not found". Lychee has no issues in apache when accessed locally, but for some reason lychee doesn't want to work correctly when passed over from nginx to apache OR when just using the www folder in letsencrypt. This stuff is literally drag and drop into a www folder and it should work. As for the unraid UI, it seems to completely strip EVERYTHING but some text leaving the page bare and white with some text in one column. Whenever I try to access index.php it just downloads the php file instead of running it. Is there something wrong with this docker when it comes to php? Logs to docker look clean. No errors in log files. whats happening here? Quote Link to comment
CHBMB Posted December 4, 2017 Share Posted December 4, 2017 I'm currently trying to get lychee working in this docker underneath the www folder and I get "Server error: API not found". Lychee has no issues in apache when accessed locally, but for some reason lychee doesn't want to work correctly when passed over from nginx to apache OR when just using the www folder in letsencrypt. This stuff is literally drag and drop into a www folder and it should work. As for the unraid UI, it seems to completely strip EVERYTHING but some text leaving the page bare and white with some text in one column. Whenever I try to access index.php it just downloads the php file instead of running it. Is there something wrong with this docker when it comes to php? Logs to docker look clean. No errors in log files. whats happening here? Impossible to say without you posting any config files.Wouldn't recommend reverse proxying your Unraid webui either.I have lychee working on it's own subdomain photos.server.com without any issues.Sent from my LG-H815 using Tapatalk Quote Link to comment
Darksurf Posted December 4, 2017 Share Posted December 4, 2017 (edited) I've tried getting unifi passed through (has trouble loading), homeassist (has trouble loading), qbittorrent (502 bad gateway), lychee on apache (loads really big icons on white background out of order), lychee in www folder (Server error: API not found), and unraid has the same issue as if I were handing off to lychee on apache with all white background some text, but no acutal website. I'll be honest, I've never even used nginx before this docker. Any assistance would be extremely helpful. proxy.conf default Edited December 4, 2017 by Darksurf Quote Link to comment
sgt_spike Posted December 4, 2017 Share Posted December 4, 2017 I would appreciate some assistance setting this webserver up to host just a website. I don't need to access any dockers at this time. I am new to website hosting. I have setup the duckdns docker and have registered with the site. I have put my html files on a separate share in unraid. It seems was able to get a key from letenscypt. Which file do I edit, default, to get the server to publish the site Quote Link to comment
Darksurf Posted December 4, 2017 Share Posted December 4, 2017 sgt_spike you need to edit the "default" file. You can look at the one I have posted previously, but I'll be honest, it doesn't work right for me... I've got PLEX working in reverse proxy and keeweb working as nginx is hosting it, but thats about it... Everything else is broken Quote Link to comment
alturismo Posted December 5, 2017 Share Posted December 5, 2017 (edited) hi, as im testing this to change from apache to letsencrypt i start with a questions webdav, when i see this correctly it is builded with the regular webdav where OPTIONS and PROPFIND are missing ... https://github.com/arut/nginx-dav-ext-module any chance to add that module in some way for me into this container ? Edited December 5, 2017 by alturismo Quote Link to comment
sparklyballs Posted December 5, 2017 Share Posted December 5, 2017 6 minutes ago, alturismo said: hi, as im testing this to change from apache to letsencrypt i start with a questions webdav, when i see this correctly it is builded with the regular webdav where OPTIONS and PROPFIND are missing ... https://github.com/arut/nginx-dav-ext-module any chance to add that module in some way for me into this container ? Not likely as it stands currently as that requires compiling nginx adding that to the configure stage and we use the apk package manager version of nginx Quote Link to comment
alturismo Posted December 5, 2017 Share Posted December 5, 2017 1 minute ago, sparklyballs said: Not likely as it stands currently as that requires compiling nginx adding that to the configure stage and we use the apk package manager version of nginx ok, thanks for the info, then i better stay as is now Quote Link to comment
Darksurf Posted December 6, 2017 Share Posted December 6, 2017 On 12/4/2017 at 8:34 AM, Darksurf said: I've tried getting unifi passed through (has trouble loading), homeassist (has trouble loading), qbittorrent (502 bad gateway), lychee on apache (loads really big icons on white background out of order), lychee in www folder (Server error: API not found), and unraid has the same issue as if I were handing off to lychee on apache with all white background some text, but no acutal website. I'll be honest, I've never even used nginx before this docker. Any assistance would be extremely helpful. proxy.conf default If I were to post screenshots of what I'm seeing, would that help people diagnose my issue and give me some feedback? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.