aptalca Posted February 14, 2018 Share Posted February 14, 2018 It was a connection error to letsencrypt servers. Hopefully it was a temporary outage. If you continue having that problem, look into your internet connection, something in your network might be blocking the request (pihole?) Quote Link to comment
needslipo Posted February 14, 2018 Share Posted February 14, 2018 On 2/12/2018 at 5:04 PM, saarg said: Your Wan port forward is wrong for port 80. Change it from 81 to 80. Thanks! this was my issue too! Quote Link to comment
NyHoK Posted February 14, 2018 Share Posted February 14, 2018 2 hours ago, aptalca said: It was a connection error to letsencrypt servers. Hopefully it was a temporary outage. If you continue having that problem, look into your internet connection, something in your network might be blocking the request (pihole?) Turns out my docker couldn't communicate out to the internet. I reset the network settings under the docker LAN settings and that fixed it. Quote Link to comment
rjorgenson Posted February 15, 2018 Share Posted February 15, 2018 So I'm trying to migrate from a standalone instance of this container to the unraid container now that I can assign IP addresses directly to containers. I'm running into an issue where the container doesn't seem to be able to reach the host(where all the services being reverse-proxied live). The container can talk to other systems on the same network with no issue but not the unraid host it is running on. # letsencrypt container to an nzbget container on unRAID root@73977ce49f97:/root$ nc -vz 192.168.1.10 6789 nc: 192.168.1.10 (192.168.1.10:6789): Host is unreachable root@73977ce49f97:/root$ # nzbget container accessible from another system on my network nc -vz 192.168.1.10 6789 Connection to 192.168.1.10 6789 port [tcp/*] succeeded! # letsencrypt container can talk to systems that aren't unraid on the network root@73977ce49f97:/root$ nc -vz 192.168.1.11 5000 192.168.1.11 (192.168.1.11:5000) open root@73977ce49f97:/root$ Am I missing something in my configuration to make them able to talk to each other over the network? here is my container config in unraid Quote Link to comment
saarg Posted February 15, 2018 Share Posted February 15, 2018 14 minutes ago, rjorgenson said: So I'm trying to migrate from a standalone instance of this container to the unraid container now that I can assign IP addresses directly to containers. I'm running into an issue where the container doesn't seem to be able to reach the host(where all the services being reverse-proxied live). The container can talk to other systems on the same network with no issue but not the unraid host it is running on. # letsencrypt container to an nzbget container on unRAID root@73977ce49f97:/root$ nc -vz 192.168.1.10 6789 nc: 192.168.1.10 (192.168.1.10:6789): Host is unreachable root@73977ce49f97:/root$ # nzbget container accessible from another system on my network nc -vz 192.168.1.10 6789 Connection to 192.168.1.10 6789 port [tcp/*] succeeded! # letsencrypt container can talk to systems that aren't unraid on the network root@73977ce49f97:/root$ nc -vz 192.168.1.11 5000 192.168.1.11 (192.168.1.11:5000) open root@73977ce49f97:/root$ Am I missing something in my configuration to make them able to talk to each other over the network? here is my container config in unraid That is how the security works when making macvlan in docker. The container can't talk to host. Only way around it is to set up some routing if I remember correctly. Don't know how, so use the search function of the forum to find it. Quote Link to comment
rjorgenson Posted February 15, 2018 Share Posted February 15, 2018 15 minutes ago, saarg said: That is how the security works when making macvlan in docker. The container can't talk to host. Only way around it is to set up some routing if I remember correctly. Don't know how, so use the search function of the forum to find it. Yeah I was just reading about that shortly after I posted. I had some spare NIC's on the box so I was able setup a second interface solely for use with docker which has allowed the container to communicate with the host. Thanks for the quick reply =] Quote Link to comment
loomitz Posted February 17, 2018 Share Posted February 17, 2018 hi, guys i use this docker a lot, is there anyway to make the changes to the php.ini permanent and dont lose the config when the docker is updated? Quote Link to comment
CHBMB Posted February 17, 2018 Share Posted February 17, 2018 Just mount the file in /config /config/php.ini = /etc/php7/php.ini Quote Link to comment
loomitz Posted February 17, 2018 Share Posted February 17, 2018 (edited) Thanks, but how i do that i have serching how to do it on the site and google and i cant fount how, i mount the folder but give me error. 1 hour ago, CHBMB said: /config/php.ini = /etc/php7/php.ini Edited February 17, 2018 by loomitz Quote Link to comment
aptalca Posted February 17, 2018 Share Posted February 17, 2018 8 hours ago, loomitz said: Thanks, but how i do that i have serching how to do it on the site and google and i cant fount how, i mount the folder but give me error. There is a PR just merged, it will be in next Friday's image, and will let you append php.ini via editing a file in the config folder If you want to see how the sausage is made: https://github.com/linuxserver/docker-baseimage-nginx-armhf/pull/18/files 3 Quote Link to comment
Ezro Posted February 17, 2018 Share Posted February 17, 2018 On 2/12/2018 at 5:04 PM, saarg said: Your Wan port forward is wrong for port 80. Change it from 81 to 80. I'm running into the same issue as deadnote. My LetsEncrypt was working fine prior to updating, but the container update seems to have broken it. My port forwarding is set to port 80, and I have 80->81 in the container. Does anyone know what else I can try? Quote Link to comment
CHBMB Posted February 17, 2018 Share Posted February 17, 2018 9 minutes ago, Ezro said: I'm running into the same issue as deadnote. My LetsEncrypt was working fine prior to updating, but the container update seems to have broken it. My port forwarding is set to port 80, and I have 80->81 in the container. Does anyone know what else I can try? As far as I'm aware all the issues have fallen into 2 categories. Those whose ISP blocks port 80 and those who haven't configured the container correctly So post your docker logs, docker run command and screenshot of your port forwarding settings in your router and maybe we can help. All we know from the info you've given is it isn't working, which isn't really enough to go on. Quote Link to comment
Ezro Posted February 17, 2018 Share Posted February 17, 2018 (edited) 30 minutes ago, CHBMB said: As far as I'm aware all the issues have fallen into 2 categories. Those whose ISP blocks port 80 and those who haven't configured the container correctly So post your docker logs, docker run command and screenshot of your port forwarding settings in your router and maybe we can help. All we know from the info you've given is it isn't working, which isn't really enough to go on. That makes sense. Here's my setup: Docker Settings Docker Command root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/Los_Angeles" -e HOST_OS="unRAID" -e "EMAIL"="..." -e "URL"="duckdns.org" -e "SUBDOMAINS"="..." -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "VALIDATION"="http" -e "DNSPLUGIN"="" -e "PUID"="99" -e "PGID"="100" -p 81:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt Docker Log -------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...Backwards compatibility check. . .2048 bit DH parameters presentSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d domain.duckdns.org -d subdomain.domain.duckdns.orgE-mail address entered: ...Generating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator standalone, Installer NoneObtaining a new certificatePerforming the following challenges:http-01 challenge for domain.duckdns.orghttp-01 challenge for subdomain.domain.duckdns.orgWaiting for verification...Cleaning up challengesIMPORTANT NOTES:Failed authorization procedure. subdomain.domain.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://subdomain.domain.duckdns.org/.well-known/acme-challenge/KuPVPz-1dTvVdvyW6XP2zYitXLgejpWJoblhVxuYUiU [100.2.67.27]: 401, domain.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.duckdns.org/.well-known/acme-challenge/iknfqFylSG_2b4MGv1uEkubeRgaHO6OzVJPmOqDM2u8 [100.2.67.27]: 401- The following errors were reported by the server:Domain: subdomain.domain.duckdns.orgType: unauthorizedDetail: Invalid response fromhttp://subdomain.domain.duckdns.org/.well-known/acme-challenge/KuPVPz-1dTvVdvyW6XP2zYitXLgejpWJoblhVxuYUiU[100.2.67.27]: 401Domain: domain.duckdns.orgType: unauthorizedDetail: Invalid response fromhttp://domain.duckdns.org/.well-known/acme-challenge/iknfqFylSG_2b4MGv1uEkubeRgaHO6OzVJPmOqDM2u8[100.2.67.27]: 401To fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Port Forwarding Edited February 17, 2018 by Ezro Adding docker log Quote Link to comment
saarg Posted February 17, 2018 Share Posted February 17, 2018 14 minutes ago, Ezro said: That makes sense. Here's my setup: Docker Settings Docker Command root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="America/Los_Angeles" -e HOST_OS="unRAID" -e "EMAIL"="..." -e "URL"="duckdns.org" -e "SUBDOMAINS"="..." -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "VALIDATION"="http" -e "DNSPLUGIN"="" -e "PUID"="99" -e "PGID"="100" -p 81:80/tcp -p 443:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt Docker Log -------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...Backwards compatibility check. . .2048 bit DH parameters presentSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d domain.duckdns.org -d subdomain.domain.duckdns.orgE-mail address entered: ...Generating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator standalone, Installer NoneObtaining a new certificatePerforming the following challenges:http-01 challenge for domain.duckdns.orghttp-01 challenge for subdomain.domain.duckdns.orgWaiting for verification...Cleaning up challengesIMPORTANT NOTES:Failed authorization procedure. subdomain.domain.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://subdomain.domain.duckdns.org/.well-known/acme-challenge/KuPVPz-1dTvVdvyW6XP2zYitXLgejpWJoblhVxuYUiU [100.2.67.27]: 401, domain.duckdns.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.duckdns.org/.well-known/acme-challenge/iknfqFylSG_2b4MGv1uEkubeRgaHO6OzVJPmOqDM2u8 [100.2.67.27]: 401- The following errors were reported by the server:Domain: subdomain.domain.duckdns.orgType: unauthorizedDetail: Invalid response fromhttp://subdomain.domain.duckdns.org/.well-known/acme-challenge/KuPVPz-1dTvVdvyW6XP2zYitXLgejpWJoblhVxuYUiU[100.2.67.27]: 401Domain: domain.duckdns.orgType: unauthorizedDetail: Invalid response fromhttp://domain.duckdns.org/.well-known/acme-challenge/iknfqFylSG_2b4MGv1uEkubeRgaHO6OzVJPmOqDM2u8[100.2.67.27]: 401To fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Port Forwarding As the others, your port forward is wrong. You need to forward 80 external to 81 on the IP you have unraid. Quote Link to comment
Ezro Posted February 18, 2018 Share Posted February 18, 2018 (edited) 49 minutes ago, saarg said: As the others, your port forward is wrong. You need to forward 80 external to 81 on the IP you have unraid. I think I understand. I updated my router to forward to 81: But now I'm running into an error with finding my 'default' file: Docker Log [cont-init.d] 50-config: exited 0.[cont-init.d] done.[services.d] starting services[services.d] done.nginx: [emerg] open() "/config/nginx/common" failed (2: No such file or directory) in /config/nginx/site-confs/default:8 Edit: Disregard. I copied my common file over and now everything's working! Thanks saarg / CHBMB! Edited February 18, 2018 by Ezro Quote Link to comment
wreave Posted February 20, 2018 Share Posted February 20, 2018 Struggling with an issue around htpasswd, no matter what I do the auth fails. Here is my latest test I tried - Create plaintext .htpasswd for testing root@1f99f655951c:/config/nginx$ htpasswd -cpb .htpasswd test test Warning: storing passwords as plain text might just not work on this platform. Adding password for user test - verify .htpassword root@1f99f655951c:/config/nginx$ cat .htpasswd test:test - test the user:pass (with inline password and without) root@1f99f655951c:/config/nginx$ htpasswd -vb .htpasswd test test password verification failed I've gone as far as running chmod 777 .htpasswd, nothing seems to fix this. Anyone have any ideas? Quote Link to comment
munit85 Posted February 21, 2018 Share Posted February 21, 2018 I have a question about multiple local ip's working with my website. eg. i have unraid on two servers. one at 192.168.1.11 running most dockers. and a second unraid server at 192.168.1.17 running a few more dockers (cameras mostly) Is it possible to connect to both internal ip's using letsencrypt on my 192.168.1.11 server? I have all dockers on 192.168.1.11 working fine, but i tried to add a *.17 and it doesn't seem to work. let me post my config file. it's the /security entry specifically. I'm trying to connect to motioneye for my cameras. server { listen 443 ssl default_server; listen 80 default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location = / { return 301 /htpc; } location /sonarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.11:8989/sonarr; } location /radarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.11:7878/radarr; } location /ombi { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.11:3579/ombi; } location /plexpy { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.11:8181/plexpy; } location /booksonic { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.11:4040/booksonic; } location /airsonic { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.11:5050/airsonic; } location /security { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.17:8765; } #PLEX location /web { # serve the CSS code proxy_pass http://192.168.1.11:32400; } # Main /plex rewrite location /plex { # proxy request to plex server proxy_pass http://192.168.1.11:32400/web; } location /nextcloud { include /config/nginx/proxy.conf; proxy_pass https://192.168.1.11:4343/nextcloud; } #NZBGET rewrite-command location ~ ^/nzbget($|./*) { rewrite /nzbget/(.*) /$1 break; proxy_pass http://192.168.1.11:6789; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location ~ ^/nzbget$ { return 302 $scheme://$host$request_uri/; } location ~ /netdata/(?<ndpath>.*) { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend/$ndpath$is_args$args; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } } Quote Link to comment
aptalca Posted February 21, 2018 Share Posted February 21, 2018 13 hours ago, munit85 said: I have a question about multiple local ip's working with my website. eg. i have unraid on two servers. one at 192.168.1.11 running most dockers. and a second unraid server at 192.168.1.17 running a few more dockers (cameras mostly) Is it possible to connect to both internal ip's using letsencrypt on my 192.168.1.11 server? I have all dockers on 192.168.1.11 working fine, but i tried to add a *.17 and it doesn't seem to work. let me post my config file. it's the /security entry specifically. I'm trying to connect to motioneye for my cameras. server { listen 443 ssl default_server; listen 80 default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location = / { return 301 /htpc; } location /sonarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.11:8989/sonarr; } location /radarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.11:7878/radarr; } location /ombi { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.11:3579/ombi; } location /plexpy { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.11:8181/plexpy; } location /booksonic { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.11:4040/booksonic; } location /airsonic { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.11:5050/airsonic; } location /security { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.17:8765; } #PLEX location /web { # serve the CSS code proxy_pass http://192.168.1.11:32400; } # Main /plex rewrite location /plex { # proxy request to plex server proxy_pass http://192.168.1.11:32400/web; } location /nextcloud { include /config/nginx/proxy.conf; proxy_pass https://192.168.1.11:4343/nextcloud; } #NZBGET rewrite-command location ~ ^/nzbget($|./*) { rewrite /nzbget/(.*) /$1 break; proxy_pass http://192.168.1.11:6789; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location ~ ^/nzbget$ { return 302 $scheme://$host$request_uri/; } location ~ /netdata/(?<ndpath>.*) { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend/$ndpath$is_args$args; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } } Different IP shouldn't cause any issue. Your problem is likely due to your proxied app not using a base url Quote Link to comment
munit85 Posted February 21, 2018 Share Posted February 21, 2018 (edited) On 2/21/2018 at 7:14 AM, aptalca said: Different IP shouldn't cause any issue. Your problem is likely due to your proxied app not using a base url Thank you. The app deprecated the base url and instead stopped using absolute url's which they say solves the problem. I'll have a look around for solutions. edit// turns out the trailing slashes are very important. for anyone who comes across this. cams needs that trailing slash as well as the trailing slash after the port # location /cams/ { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.17:8765/; } Edited February 24, 2018 by munit85 fixed issue Quote Link to comment
aptalca Posted February 21, 2018 Share Posted February 21, 2018 2 hours ago, munit85 said: Thank you. The app deprecated the base url and instead stopped using absolute url's which they say solves the problem. I'll have a look around for solutions. You can try proxying it from either the root location or from a subdomain to test if it is indeed a base url issue Quote Link to comment
Shamalamadindong Posted February 21, 2018 Share Posted February 21, 2018 Bingo! Shame you can't get Cipher to 100 without excluding a lot of older devices. Quote Link to comment
CHBMB Posted February 22, 2018 Share Posted February 22, 2018 Bingo! Shame you can't get Cipher to 100 without excluding a lot of older devices. Why don't you post your config for others to use matey?Sent from my LG-H815 using Tapatalk Quote Link to comment
Shamalamadindong Posted February 22, 2018 Share Posted February 22, 2018 I will as soon as i clean it up Quote Link to comment
GilbN Posted February 22, 2018 Share Posted February 22, 2018 1 hour ago, CHBMB said: Why don't you post your config for others to use matey? Sent from my LG-H815 using Tapatalk Here are my configs for A+ everthing on sslabs and A+ on securityheaders.io https://github.com/gilbN/Nostromo/tree/master/Server/nginx Quote Link to comment
ffhelllskjdje Posted February 22, 2018 Share Posted February 22, 2018 (edited) I'm getting the following error after trying to login to my nextcloud. This was all working sometime last week, I don't believe I changed anything. Ports 80 and 443 are forwarded from my router EDIT: Ended up just blowing it up and re-doing and all is working now. 2018/02/22 08:11:15 [error] 385#385: *9699 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.2.1, server: mydomain.com, request: "GET /status.php HTTP/1.1", upstream: "https://192.168.2.10:444/status.php", host: "mydomain.com" server { listen 443 ssl; server_name mydomain.com; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-$ ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://192.168.2.10:444/; proxy_max_temp_file_size 4096m; include /config/nginx/proxy.conf; } } Edited February 22, 2018 by ffhelllskjdje Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.