Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

It was a connection error to letsencrypt servers. Hopefully it was a temporary outage. 

 

If you continue having that problem, look into your internet connection, something in your network might be blocking the request (pihole?) 

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

On 2/12/2018 at 5:04 PM, saarg said:

 

Your Wan port forward is wrong for port 80. Change it from 81 to 80.

 

Thanks! this was my issue too!

2 hours ago, aptalca said:

It was a connection error to letsencrypt servers. Hopefully it was a temporary outage. 

 

If you continue having that problem, look into your internet connection, something in your network might be blocking the request (pihole?) 

 

Turns out my docker couldn't communicate out to the internet. I reset the network settings under the docker LAN settings and that fixed it.

So I'm trying to migrate from a standalone instance of this container to the unraid container now that I can assign IP addresses directly to containers. I'm running into an issue where the container doesn't seem to be able to reach the host(where all the services being reverse-proxied live). The container can talk to other systems on the same network with no issue but not the unraid host it is running on.

 

# letsencrypt container to an nzbget container on unRAID
root@73977ce49f97:/root$ nc -vz 192.168.1.10 6789
nc: 192.168.1.10 (192.168.1.10:6789): Host is unreachable
root@73977ce49f97:/root$

# nzbget container accessible from another system on my network
nc -vz 192.168.1.10 6789
Connection to 192.168.1.10 6789 port [tcp/*] succeeded!

# letsencrypt container can talk to systems that aren't unraid on the network
root@73977ce49f97:/root$ nc -vz 192.168.1.11 5000
192.168.1.11 (192.168.1.11:5000) open
root@73977ce49f97:/root$

Am I missing something in my configuration to make them able to talk to each other over the network? here is my container config in unraid

 

5a851f334e1b5_ScreenShot2018-02-14at10_46_37PM.thumb.png.d4730d5c96215641cd68e532998896a0.png

14 minutes ago, rjorgenson said:

So I'm trying to migrate from a standalone instance of this container to the unraid container now that I can assign IP addresses directly to containers. I'm running into an issue where the container doesn't seem to be able to reach the host(where all the services being reverse-proxied live). The container can talk to other systems on the same network with no issue but not the unraid host it is running on.

 


# letsencrypt container to an nzbget container on unRAID
root@73977ce49f97:/root$ nc -vz 192.168.1.10 6789
nc: 192.168.1.10 (192.168.1.10:6789): Host is unreachable
root@73977ce49f97:/root$

# nzbget container accessible from another system on my network
nc -vz 192.168.1.10 6789
Connection to 192.168.1.10 6789 port [tcp/*] succeeded!

# letsencrypt container can talk to systems that aren't unraid on the network
root@73977ce49f97:/root$ nc -vz 192.168.1.11 5000
192.168.1.11 (192.168.1.11:5000) open
root@73977ce49f97:/root$

Am I missing something in my configuration to make them able to talk to each other over the network? here is my container config in unraid

 

 

 

That is how the security works when making macvlan in docker. The container can't talk to host. Only way around it is to set up some routing if I remember correctly. Don't know how, so use the search function of the forum to find it. 

15 minutes ago, saarg said:

 

That is how the security works when making macvlan in docker. The container can't talk to host. Only way around it is to set up some routing if I remember correctly. Don't know how, so use the search function of the forum to find it. 

 

Yeah I was just reading about that shortly after I posted. I had some spare NIC's on the box so I was able setup a second interface solely for use with docker which has allowed the container to communicate with the host. Thanks for the quick reply =]

hi, guys i use this docker a lot, is there anyway to make the changes to the php.ini permanent and dont lose the config when the docker is updated?

Just mount the file in /config

 

/config/php.ini = /etc/php7/php.ini

 

Thanks, but how i do that i have serching how to do it on the site and google and i cant fount how, i mount the folder but give me error.

 

1 hour ago, CHBMB said:

 

 


/config/php.ini = /etc/php7/php.ini

 

 

Edited by loomitz

8 hours ago, loomitz said:

Thanks, but how i do that i have serching how to do it on the site and google and i cant fount how, i mount the folder but give me error.

 

 

 

There is a PR just merged, it will be in next Friday's image, and will let you append php.ini via editing a file in the config folder

 

If you want to see how the sausage is made: https://github.com/linuxserver/docker-baseimage-nginx-armhf/pull/18/files

On 2/12/2018 at 5:04 PM, saarg said:

 

Your Wan port forward is wrong for port 80. Change it from 81 to 80.

 

I'm running into the same issue as deadnote. My LetsEncrypt was working fine prior to updating, but the container update seems to have broken it.

 

My port forwarding is set to port 80, and I have 80->81 in the container.

 

Does anyone know what else I can try?

9 minutes ago, Ezro said:

 

I'm running into the same issue as deadnote. My LetsEncrypt was working fine prior to updating, but the container update seems to have broken it.

 

My port forwarding is set to port 80, and I have 80->81 in the container.

 

Does anyone know what else I can try?

 

As far as I'm aware all the issues have fallen into 2 categories.  Those whose ISP blocks port 80 and those who haven't configured the container correctly

 

So post your docker logs, docker run command and screenshot of your port forwarding settings in your router and maybe we can help.  All we know from the info you've given is it isn't working, which isn't really enough to go on.

30 minutes ago, CHBMB said:

 

As far as I'm aware all the issues have fallen into 2 categories.  Those whose ISP blocks port 80 and those who haven't configured the container correctly

 

So post your docker logs, docker run command and screenshot of your port forwarding settings in your router and maybe we can help.  All we know from the info you've given is it isn't working, which isn't really enough to go on.

 

That makes sense.

 

Here's my setup:

Docker Settings

image.thumb.png.d99cbc1c8e8c91051c28d336fe422a7a.png

 

Docker Command

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/Los_Angeles" -e HOST_OS="unRAID" -e "EMAIL"="..." -e "URL"="duckdns.org" -e "SUBDOMAINS"="..." -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "VALIDATION"="http" -e "DNSPLUGIN"="" -e "PUID"="99" -e "PGID"="100" -p 81:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt

 

Docker Log

-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Backwards compatibility check. . .
2048 bit DH parameters present
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d domain.duckdns.org -d subdomain.domain.duckdns.org
E-mail address entered: ...
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.duckdns.org
http-01 challenge for subdomain.domain.duckdns.org
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
Failed authorization procedure. subdomain.domain.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://subdomain.domain.duckdns.org/.well-known/acme-challenge/KuPVPz-1dTvVdvyW6XP2zYitXLgejpWJoblhVxuYUiU [100.2.67.27]: 401, domain.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.duckdns.org/.well-known/acme-challenge/iknfqFylSG_2b4MGv1uEkubeRgaHO6OzVJPmOqDM2u8 [100.2.67.27]: 401
- The following errors were reported by the server:

Domain: subdomain.domain.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://subdomain.domain.duckdns.org/.well-known/acme-challenge/KuPVPz-1dTvVdvyW6XP2zYitXLgejpWJoblhVxuYUiU
[100.2.67.27]: 401

Domain: domain.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://domain.duckdns.org/.well-known/acme-challenge/iknfqFylSG_2b4MGv1uEkubeRgaHO6OzVJPmOqDM2u8
[100.2.67.27]: 401

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

Port Forwarding

image.png.16b04d2548b6504b6fe41fba55862988.png
 

Edited by Ezro
Adding docker log

14 minutes ago, Ezro said:

 

That makes sense.

 

Here's my setup:

Docker Settings

image.thumb.png.d99cbc1c8e8c91051c28d336fe422a7a.png

 

Docker Command

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/Los_Angeles" -e HOST_OS="unRAID" -e "EMAIL"="..." -e "URL"="duckdns.org" -e "SUBDOMAINS"="..." -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "VALIDATION"="http" -e "DNSPLUGIN"="" -e "PUID"="99" -e "PGID"="100" -p 81:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt

 

Docker Log

-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Backwards compatibility check. . .
2048 bit DH parameters present
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d domain.duckdns.org -d subdomain.domain.duckdns.org
E-mail address entered: ...
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.duckdns.org
http-01 challenge for subdomain.domain.duckdns.org
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
Failed authorization procedure. subdomain.domain.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://subdomain.domain.duckdns.org/.well-known/acme-challenge/KuPVPz-1dTvVdvyW6XP2zYitXLgejpWJoblhVxuYUiU [100.2.67.27]: 401, domain.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.duckdns.org/.well-known/acme-challenge/iknfqFylSG_2b4MGv1uEkubeRgaHO6OzVJPmOqDM2u8 [100.2.67.27]: 401
- The following errors were reported by the server:

Domain: subdomain.domain.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://subdomain.domain.duckdns.org/.well-known/acme-challenge/KuPVPz-1dTvVdvyW6XP2zYitXLgejpWJoblhVxuYUiU
[100.2.67.27]: 401

Domain: domain.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://domain.duckdns.org/.well-known/acme-challenge/iknfqFylSG_2b4MGv1uEkubeRgaHO6OzVJPmOqDM2u8
[100.2.67.27]: 401

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

Port Forwarding

image.png.16b04d2548b6504b6fe41fba55862988.png
 

 

As the others, your port forward is wrong. You need to forward 80 external to 81 on the IP you have unraid. 

49 minutes ago, saarg said:

 

As the others, your port forward is wrong. You need to forward 80 external to 81 on the IP you have unraid. 

 

I think I understand.

 

I updated my router to forward to 81:

image.png.67977c5add0440c84ccd482bc0eaf6a0.png

 

But now I'm running into an error with finding my 'default' file:

 

Docker Log

[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [emerg] open() "/config/nginx/common" failed (2: No such file or directory) in /config/nginx/site-confs/default:8

 

Edit: Disregard. I copied my common file over and now everything's working!

 

Thanks saarg / CHBMB!

Edited by Ezro

Struggling with an issue around htpasswd, no matter what I do the auth fails.

 

Here is my latest test I tried

- Create plaintext .htpasswd for testing 

root@1f99f655951c:/config/nginx$ htpasswd -cpb .htpasswd test test
Warning: storing passwords as plain text might just not work on this platform.
Adding password for user test

- verify .htpassword 

root@1f99f655951c:/config/nginx$ cat .htpasswd
test:test

- test the user:pass (with inline password and without)

root@1f99f655951c:/config/nginx$ htpasswd -vb .htpasswd test test
password verification failed

I've gone as far as running chmod 777 .htpasswd, nothing seems to fix this.

 

Anyone have any ideas?

I have a question about multiple local ip's working with my website.

 

eg. i have unraid on two servers. one at 192.168.1.11 running most dockers. and a second unraid server at 192.168.1.17 running a few more dockers (cameras mostly)

 

Is it possible to connect to both internal ip's using letsencrypt on my 192.168.1.11 server?

 

I have all dockers on 192.168.1.11 working fine, but i tried to add a *.17 and it doesn't seem to work.  let me post my config file.

 

it's the /security entry specifically. I'm trying to connect to motioneye for my cameras.

server {
	listen 443 ssl default_server;
	listen 80 default_server;
	root /config/www;
	index index.html index.htm index.php;

	server_name _;

	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;

	client_max_body_size 0;

	location = / {
		return 301 /htpc;
	}

	location /sonarr {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.1.11:8989/sonarr;
	}    
		
	location /radarr {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.1.11:7878/radarr;
	}
	
	location /ombi {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.1.11:3579/ombi;
	}

	location /plexpy {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.1.11:8181/plexpy;
	}
	
	location /booksonic {
		include /config/nginx/proxy.conf;
		proxy_pass  http://192.168.1.11:4040/booksonic;
	}
	
	location /airsonic {
		include /config/nginx/proxy.conf;
		proxy_pass  http://192.168.1.11:5050/airsonic;
	}
	
	location /security {
		include /config/nginx/proxy.conf;
		proxy_pass  http://192.168.1.17:8765;
	}
	
	#PLEX
	location /web {
		# serve the CSS code
		proxy_pass http://192.168.1.11:32400;
	}

	# Main /plex rewrite
	location /plex {
		# proxy request to plex server
		proxy_pass http://192.168.1.11:32400/web;
	}

	location /nextcloud {
		include /config/nginx/proxy.conf;
		proxy_pass https://192.168.1.11:4343/nextcloud;
	}
	
	#NZBGET rewrite-command
	location ~ ^/nzbget($|./*) {
			rewrite /nzbget/(.*) /$1 break;
			proxy_pass http://192.168.1.11:6789;
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
	location ~ ^/nzbget$ {
		return 302 $scheme://$host$request_uri/;
	}
	
	location ~ /netdata/(?<ndpath>.*) {
		proxy_set_header X-Forwarded-Host $host;
		proxy_set_header X-Forwarded-Server $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass http://backend/$ndpath$is_args$args;
		proxy_http_version 1.1;
		proxy_pass_request_headers on;
		proxy_set_header Connection "keep-alive";
		proxy_store off;
	}
}

 

13 hours ago, munit85 said:

I have a question about multiple local ip's working with my website.

 

eg. i have unraid on two servers. one at 192.168.1.11 running most dockers. and a second unraid server at 192.168.1.17 running a few more dockers (cameras mostly)

 

Is it possible to connect to both internal ip's using letsencrypt on my 192.168.1.11 server?

 

I have all dockers on 192.168.1.11 working fine, but i tried to add a *.17 and it doesn't seem to work.  let me post my config file.

 

it's the /security entry specifically. I'm trying to connect to motioneye for my cameras.


server {
	listen 443 ssl default_server;
	listen 80 default_server;
	root /config/www;
	index index.html index.htm index.php;

	server_name _;

	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;

	client_max_body_size 0;

	location = / {
		return 301 /htpc;
	}

	location /sonarr {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.1.11:8989/sonarr;
	}    
		
	location /radarr {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.1.11:7878/radarr;
	}
	
	location /ombi {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.1.11:3579/ombi;
	}

	location /plexpy {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.1.11:8181/plexpy;
	}
	
	location /booksonic {
		include /config/nginx/proxy.conf;
		proxy_pass  http://192.168.1.11:4040/booksonic;
	}
	
	location /airsonic {
		include /config/nginx/proxy.conf;
		proxy_pass  http://192.168.1.11:5050/airsonic;
	}
	
	location /security {
		include /config/nginx/proxy.conf;
		proxy_pass  http://192.168.1.17:8765;
	}
	
	#PLEX
	location /web {
		# serve the CSS code
		proxy_pass http://192.168.1.11:32400;
	}

	# Main /plex rewrite
	location /plex {
		# proxy request to plex server
		proxy_pass http://192.168.1.11:32400/web;
	}

	location /nextcloud {
		include /config/nginx/proxy.conf;
		proxy_pass https://192.168.1.11:4343/nextcloud;
	}
	
	#NZBGET rewrite-command
	location ~ ^/nzbget($|./*) {
			rewrite /nzbget/(.*) /$1 break;
			proxy_pass http://192.168.1.11:6789;
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
	location ~ ^/nzbget$ {
		return 302 $scheme://$host$request_uri/;
	}
	
	location ~ /netdata/(?<ndpath>.*) {
		proxy_set_header X-Forwarded-Host $host;
		proxy_set_header X-Forwarded-Server $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass http://backend/$ndpath$is_args$args;
		proxy_http_version 1.1;
		proxy_pass_request_headers on;
		proxy_set_header Connection "keep-alive";
		proxy_store off;
	}
}

 

 

Different IP shouldn't cause any issue. Your problem is likely due to your proxied app not using a base url

On 2/21/2018 at 7:14 AM, aptalca said:

 

Different IP shouldn't cause any issue. Your problem is likely due to your proxied app not using a base url

Thank you.

 

The app deprecated the base url and instead stopped using absolute url's which they say solves the problem. I'll have a look around for solutions.

 

edit// turns out the trailing slashes are very important. for anyone who comes across this.

cams needs that trailing slash as well as the trailing slash after the port #

 

	location /cams/ {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.1.17:8765/;
	}

 

 

Edited by munit85
fixed issue

2 hours ago, munit85 said:

Thank you.

 

The app deprecated the base url and instead stopped using absolute url's which they say solves the problem. I'll have a look around for solutions.

 

 

 

You can try proxying it from either the root location or from a subdomain to test if it is indeed a base url issue

Bingo! Shame you can't get Cipher to 100 without excluding a lot of older devices.

 

preview

Bingo! Shame you can't get Cipher to 100 without excluding a lot of older devices.
 
preview&key=e693cef5cb85d696994baaf555737f4e2e9c9543146992dc23471a560079ef5b
Why don't you post your config for others to use matey?

Sent from my LG-H815 using Tapatalk

I will as soon as i clean it up ;)

 

I'm getting the following error after trying to login to my nextcloud. This was all working sometime last week, I don't believe I changed anything. Ports 80 and 443  are forwarded from my router

 

EDIT: Ended up just blowing it up and re-doing and all is working now.

2018/02/22 08:11:15 [error] 385#385: *9699 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.2.1, server: mydomain.com, request: "GET /status.php HTTP/1.1", upstream: "https://192.168.2.10:444/status.php", host: "mydomain.com"
server {
    listen 443 ssl;
    server_name mydomain.com;
    root /config/www;
    index index.html index.htm index.php;
    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;
    ###SSL Ciphers
    ssl_ciphers
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-$
    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;
    client_max_body_size 0;
    location / {
        proxy_pass https://192.168.2.10:444/;
        proxy_max_temp_file_size 4096m;
        include /config/nginx/proxy.conf;
    }
}

 

Edited by ffhelllskjdje

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.