Greygoose Posted December 29, 2017 Share Posted December 29, 2017 (edited) Ive changed this many times. When I run my sub domain from my webbrowser it takes me to my router page that gives me pfsense error screen (which is my router) I have port 443 forwarding to my Unraid ip. Edited December 29, 2017 by Greygoose Quote Link to comment
sgt_spike Posted December 30, 2017 Share Posted December 30, 2017 On 12/22/2017 at 9:34 AM, aptalca said: Don't set only subdomains to true. Set the domain/url to bacnet.duckdns.org Did you reboot the router after you set the port forward? Maybe you have to On 12/21/2017 at 11:30 PM, blurb2m said: @sgt_spike Did the above help? I figured out my problem. My ISP was giving me a different IP than the one being broadcast. Call them and they hooked me up with a public dynamic IP. The server started correctly and got the keys. I do have a question about the web pages. I have pages stored on a share and want to use that instead of the www directory. How do I configure default to point to those pages? The default has a line; root /config/www. does root = /mnt/user/appdata/letsencrypt? Quote Link to comment
aptalca Posted December 30, 2017 Share Posted December 30, 2017 (edited) 8 hours ago, sgt_spike said: I figured out my problem. My ISP was giving me a different IP than the one being broadcast. Call them and they hooked me up with a public dynamic IP. The server started correctly and got the keys. I do have a question about the web pages. I have pages stored on a share and want to use that instead of the www directory. How do I configure default to point to those pages? The default has a line; root /config/www. does root = /mnt/user/appdata/letsencrypt? Check the mapped paths in the container settings. /config inside the container is whatever you mapped it to on the host (I'm assuming /mnt/user/appdata/letsencrypt from your post) You can map additional paths Edited December 30, 2017 by aptalca Quote Link to comment
Greygoose Posted December 31, 2017 Share Posted December 31, 2017 im still trying, im about 10hrs invested and i cant get it to work I am starting from scratch, removed each dockers and doing each step, id be gratful for guidance 1. install lets encrypt docker 2. register namecheap domain and point back to my static IP address 3. ping domain name and i get a ping back from my static IP address 4. I try to start lets encrypt docker and i get Error (port 443 in use) Quote Link to comment
saarg Posted December 31, 2017 Share Posted December 31, 2017 49 minutes ago, Greygoose said: im still trying, im about 10hrs invested and i cant get it to work I am starting from scratch, removed each dockers and doing each step, id be gratful for guidance 1. install lets encrypt docker 2. register namecheap domain and point back to my static IP address 3. ping domain name and i get a ping back from my static IP address 4. I try to start lets encrypt docker and i get Error (port 443 in use) Are you running unraid 6.4? If you are, you need to change port 443 to something else. You also need to change the port forward on your ISP router to match the new port. Quote Link to comment
bonienl Posted December 31, 2017 Share Posted December 31, 2017 (edited) Alternatively (if you are on 6.4) the network type can be changed to br0 and the container can get its own IP address. This allows to keep using port 443, but still needs a change on the router and set forwarding to the new IP address of the container. Edited December 31, 2017 by bonienl Quote Link to comment
Greygoose Posted December 31, 2017 Share Posted December 31, 2017 (edited) im on 6.4 rb17 I hve changed port to 444 I got this response _ _ _| |___| (_) ___| / __| | |/ _ \| \__ \ | | (_) ||_|___/ |_|\___/|_|Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...2048 bit DH parameters presentSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d www.mydomain.com -d nextcloud.mydomain.comE-mail address entered: [email protected]Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be createdusage:certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,it will attempt to use a webserver both for obtaining and installing thecert.certbot: error: argument --cert-path: No such file or directoryGenerating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logObtaining a new certificatePerforming the following challenges:tls-sni-01 challenge for www.mydomain.comtls-sni-01 challenge for nextcloud.mydomain.comWaiting for verification...Obtaining a new certificatePerforming the following challenges:tls-sni-01 challenge for www.mydomain.comtls-sni-01 challenge for nextcloud.mydomain.comWaiting for verification...Cleaning up challengesIMPORTANT NOTES:- Congratulations! Your certificate and chain have been saved at/etc/letsencrypt/live/www.mydomain.com/fullchain.pem. Your certwill expire on 2018-03-31. To obtain a new or tweaked version ofthis certificate in the future, simply run certbot again. Tonon-interactively renew *all* of your certificates, run "certbot- Your account credentials have been saved in your Certbotconfiguration directory at /etc/letsencrypt. You should make asecure backup of this folder now. This configuration directory willalso contain certificates and private keys obtained by Certbot somaking regular backups of this folder is ideal.- If you like Certbot, please consider supporting our work by:Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donateDonating to EFF: https://eff.org/donate-le[cont-init.d] 50-config: exited 0.[cont-init.d] done.[services.d] starting services[services.d] done.IMPORTANT NOTES:- Congratulations! Your certificate and chain have been saved at/etc/letsencrypt/live/www.mydomain.com/fullchain.pem. Your certwill expire on 2018-03-31. To obtain a new or tweaked version ofthis certificate in the future, simply run certbot again. Tonon-interactively renew *all* of your certificates, run "certbot- Your account credentials have been saved in your Certbotconfiguration directory at /etc/letsencrypt. You should make asecure backup of this folder now. This configuration directory willalso contain certificates and private keys obtained by Certbot somaking regular backups of this folder is ideal.- If you like Certbot, please consider supporting our work by:Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donateDonating to EFF: https://eff.org/donate-le[cont-init.d] 50-config: exited 0.[cont-init.d] done.[services.d] starting services[services.d] done.Server ready Edited December 31, 2017 by Greygoose Quote Link to comment
Greygoose Posted December 31, 2017 Share Posted December 31, 2017 I am now going to follow this guide https://linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/ Quote Link to comment
mostlydave Posted December 31, 2017 Share Posted December 31, 2017 I'm having some trouble getting things up and running, I used this tutorial, but it seems a little out of date: https://cyanlabs.net/tutorials/the-complete-unraid-reverse-proxy-duck-dns-dynamic-dns-and-letsencrypt-guide/#comment-190 I ended up changing the ports in the docker config to 80 > 81 and 443 > 444 Here is my config file: upstream backend { server 192.168.1.2:19999; keepalive 64; } server { listen 444 ssl default_server; listen 81 default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location /sonarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.2:8989/sonarr; } location /radarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.2:7878/radarr; } #PLEX location /web { # serve the CSS code proxy_pass http://192.168.1.2:32400; } # Main /plex rewrite location /plex { # proxy request to plex server proxy_pass http://192.168.1.2:32400/web; } } whenever I try to access any of the apps by visiting mysubdomain.duckdns.org/radarr I get the "Welcome to our server" page. I'm not sure what I have wrong. Quote Link to comment
aptalca Posted January 1, 2018 Share Posted January 1, 2018 23 hours ago, mostlydave said: I'm having some trouble getting things up and running, I used this tutorial, but it seems a little out of date: https://cyanlabs.net/tutorials/the-complete-unraid-reverse-proxy-duck-dns-dynamic-dns-and-letsencrypt-guide/#comment-190 I ended up changing the ports in the docker config to 80 > 81 and 443 > 444 Here is my config file: upstream backend { server 192.168.1.2:19999; keepalive 64; } server { listen 444 ssl default_server; listen 81 default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location /sonarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.2:8989/sonarr; } location /radarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.2:7878/radarr; } #PLEX location /web { # serve the CSS code proxy_pass http://192.168.1.2:32400; } # Main /plex rewrite location /plex { # proxy request to plex server proxy_pass http://192.168.1.2:32400/web; } } whenever I try to access any of the apps by visiting mysubdomain.duckdns.org/radarr I get the "Welcome to our server" page. I'm not sure what I have wrong. When you change ports, only change the host mapped ports, not the internal container ones. Then, in the nginx site config, you'll set it to listen on 80 and 443 still. If you're confused, read the docker faq and pay attention to the port mapping info Quote Link to comment
mostlydave Posted January 1, 2018 Share Posted January 1, 2018 I changed the container to br0, since I am on unraid 6.4, now I get a 502 Bad Gateway. Quote Link to comment
local.bin Posted January 4, 2018 Share Posted January 4, 2018 Answer is likely no, but is there a way of hosting two separate domains using this docker, with their associated subdomains? I thought of two letsencrypt dockers but they of course will both require port 443 for use with two https websites. Thanks for any ideas of a workable method Quote Link to comment
joshuaavalon Posted January 4, 2018 Share Posted January 4, 2018 9 minutes ago, local.bin said: Answer is likely no, but is there a way of hosting two separate domains using this docker, with their associated subdomains? I thought of two letsencrypt dockers but they of course will both require port 443 for use with two https websites. Thanks for any ideas of a workable method Use "-e EXTRA_DOMAINS". Assume you have domain1.com and domain2.com ... -e URL=domain1.com \ -e SUBDOMAINS=subdomain1,subdomain2,subdomain3 \ -e EXTRA_DOMAINS subdomain1.domain2.com,subdomain2.domain2.com,subdomain3.domain2.com ... Or you can setup a second docker behind the first docker and use Nginx to forward all the traffic. First method is simpler though. Quote Link to comment
local.bin Posted January 4, 2018 Share Posted January 4, 2018 (edited) @joshuaavalon Thanks, I wasn't familiar with that option. I have a website configured in the root of the letsencrypt docker so not sure how or where my second domain website files go, but I will explore the options you suggest, thanks. Edit: Got it thanks, found the original post in the thread. Edited January 4, 2018 by local.bin Quote Link to comment
aptalca Posted January 4, 2018 Share Posted January 4, 2018 3 hours ago, local.bin said: @joshuaavalon Thanks, I wasn't familiar with that option. I have a website configured in the root of the letsencrypt docker so not sure how or where my second domain website files go, but I will explore the options you suggest, thanks. Edit: Got it thanks, found the original post in the thread. Put them somewhere in the config folder and set the root variable in the site config to point to it. One way is to have /config/www/site1 and /config/www/site2 Quote Link to comment
local.bin Posted January 4, 2018 Share Posted January 4, 2018 1 minute ago, aptalca said: Put them somewhere in the config folder and set the root variable in the site config to point to it. One way is to have /config/www/site1 and /config/www/site2 Ok course great thanks! Quote Link to comment
joshuaavalon Posted January 4, 2018 Share Posted January 4, 2018 32 minutes ago, aptalca said: Put them somewhere in the config folder and set the root variable in the site config to point to it. One way is to have /config/www/site1 and /config/www/site2 I doubt that would work. You need the environment variable for the script to get the cert for you. Adding conf in nginx will only allow access the second domain without cert. Quote Link to comment
local.bin Posted January 4, 2018 Share Posted January 4, 2018 (edited) @aptalca @joshuaavalon I have added the addtional domains and letsencrypt shows it has certs added for them ion the log. I understand changing the root directory for each, but how do I create a nginx config that redirects a https (443) connection to the appopriate website? I have all the site-confs configured for my original website but how do I create two 'default' confs for each website? Thanks for any further tips Edit: I was trying to keep the subdomains the same so the names of the sub domain site-confs would be the same..... so for nextcloud; cloud.domain1.com and cloud.domain2.com Edited January 4, 2018 by local.bin Quote Link to comment
joshuaavalon Posted January 4, 2018 Share Posted January 4, 2018 10 minutes ago, local.bin said: @aptalca @joshuaavalon I have added the addtional domains and letsencrypt shows it has certs added for them ion the log. I understand changing the root directory for each, but how do I create a nginx config that redirects a https (443) connection to the appopriate website? I have all the site-confs configured for my original website but how do I create two 'default' confs for each website? Thanks for any further tips Edit: I was trying to keep the subdomains the same so the names of the sub domain site-confs would be the same..... so for nextcloud; cloud.domain1.com and cloud.domain2.com There can be only 1 default conf (server_name _). You can filter by server name and use * for wildcard. server { listen 443 ssl; server_name subdomain1.domain1.com; location / { proxy_pass http://192.168.1.2:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 443 ssl; server_name domain2.com *.domain2.com; location / { proxy_pass http://192.168.1.2:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } Quote Link to comment
local.bin Posted January 4, 2018 Share Posted January 4, 2018 (edited) That seems to work with 2 websites now running on each domain with only this warning; nginx: [warn] conflicting server name "domain.org" on 0.0.0.0:443, ignored Do you get the same, or I have more config to do... Edited January 4, 2018 by local.bin Quote Link to comment
aptalca Posted January 5, 2018 Share Posted January 5, 2018 15 hours ago, joshuaavalon said: I doubt that would work. You need the environment variable for the script to get the cert for you. Adding conf in nginx will only allow access the second domain without cert. ?? He already has the cert generated for 2 domains. He just needs to separate the web files Quote Link to comment
aptalca Posted January 5, 2018 Share Posted January 5, 2018 12 hours ago, local.bin said: That seems to work with 2 websites now running on each domain with only this warning; nginx: [warn] conflicting server name "domain.org" on 0.0.0.0:443, ignored Do you get the same, or I have more config to do... Post your site conf and we'll take a look Quote Link to comment
local.bin Posted January 5, 2018 Share Posted January 5, 2018 4 hours ago, aptalca said: Post your site conf and we'll take a look Thanks. With this I can access both website domains on www.domain[x] and domain 1 without adding www, so just https://domain1 but if I try the same with https://domain2 I get a 502 bad gateway proxy error. Thanks in advance. Quote # redirect all traffic to https server { listen 80; server_name domain1 www.domain1 domain2 www.domain2; return 301 https://$server_name$request_uri; #enforce https } # domain1 server block server { listen 443 ssl; root /config/www/domain1; index index.html index.htm index.php; server_name domain1 www.domain1; include /config/nginx/proxy.conf; include /config/nginx/ssl_default.conf; } # domain2 server block server { listen 443 ssl; root /config/www/domain2; index index.html index.htm index.php; server_name domain2 www.domain2; include /config/nginx/proxy.conf; include /config/nginx/ssl_default.conf; } Quote Link to comment
aptalca Posted January 5, 2018 Share Posted January 5, 2018 4 hours ago, local.bin said: Thanks. With this I can access both website domains on www.domain[x] and domain 1 without adding www, so just https://domain1 but if I try the same with https://domain2 I get a 502 bad gateway proxy error. Thanks in advance. Could be browser cache (301 redirect from an earlier try). Try in a different browser, or mobile and see if it works Quote Link to comment
testtubetony Posted January 5, 2018 Share Posted January 5, 2018 (edited) Has anyone gotten this to work with a noip.com domain? Here's the errors i keep getting... [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... ------------------------------------- _ _ _ | |___| (_) ___ | / __| | |/ _ \ | \__ \ | | (_) | |_|___/ |_|\___/ |_| Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d mydomain.ddns.net E-mail address entered: [email protected] Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the cert. certbot: error: argument --cert-path: No such file or directory Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for ddns.net tls-sni-01 challenge for mydomain.ddns.net Waiting for verification... Cleaning up challenges Failed authorization procedure. ddns.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout IMPORTANT NOTES: - The following errors were reported by the server: Domain: ddns.net Type: connection Detail: Timeout To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. /var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. That was my last attempt. of course i edited out my personal infos... seems just having mydomain.ddns.net isn't enough, and in the noip panel I cant seem to add a www to my domain. any suggestions? EDIT: I got it to start finally. had to change the subdomains only flag. now i have webserver access. is there supposed to be a user interface, or do i have to configure the proxies manually via terminal? Edited January 5, 2018 by testtubetony Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.