munit85 Posted February 23, 2018 Share Posted February 23, 2018 I'm always afraid to modify my config because I tend to break things since I don't really know what does what. It would be nice to increase security though. Quote Link to comment
sse450 Posted February 26, 2018 Share Posted February 26, 2018 Dear friends, I tried to setup this container for a couple of days and arrived at a stupid position. Using https://hme.domain.com, I can connect to my server and see the "Welcome to our server" banner. So, nginx, certs, port forwarding, subdomain setup are all OK. If I use https://hme.domain.com/sonarr, then I just get "Sonarr Ver." in the top left corner and nothing else. Similarly, https://hme.domain.com/radarr prints "Radarr Ver." in the top left corner. Obviously, these are from the very bottom of sonarr and radarr pages. I think this shows that connection from the internet is OK. But, why can't I see the whole page of sonarr and radarr instead of just two words from the very bottom of these pages. The only additions to the /mnt/user/appdata/letsencrypt/nginx/site-confs/default are below: location /sonarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.100:8989/sonarr; } location /radarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.100:7878/radarr; } Does this problem ring any bell for anybody? Thank you for your support. Quote Link to comment
GilbN Posted February 26, 2018 Share Posted February 26, 2018 (edited) 1 hour ago, sse450 said: Dear friends, I tried to setup this container for a couple of days and arrived at a stupid position. Using https://hme.domain.com, I can connect to my server and see the "Welcome to our server" banner. So, nginx, certs, port forwarding, subdomain setup are all OK. If I use https://hme.domain.com/sonarr, then I just get "Sonarr Ver." in the top left corner and nothing else. Similarly, https://hme.domain.com/radarr prints "Radarr Ver." in the top left corner. Obviously, these are from the very bottom of sonarr and radarr pages. I think this shows that connection from the internet is OK. But, why can't I see the whole page of sonarr and radarr instead of just two words from the very bottom of these pages. The only additions to the /mnt/user/appdata/letsencrypt/nginx/site-confs/default are below: location /sonarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.100:8989/sonarr; } location /radarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.100:7878/radarr; } Does this problem ring any bell for anybody? Thank you for your support. Did you set base url in the apps? eg. /sonarr Edited February 26, 2018 by GilbN Quote Link to comment
sse450 Posted February 27, 2018 Share Posted February 27, 2018 That was it. Strange thing is that the question mark next to URL Base says "For reverse proxy support, default is empty". But, it works anyway with /sonarr. Thank you. Quote Link to comment
CHBMB Posted February 27, 2018 Share Posted February 27, 2018 That was it. Strange thing is that the question mark next to URL Base says "For reverse proxy support, default is empty". But, it works anyway with /sonarr. Thank you.Why is that strange?Sent from my LG-H815 using Tapatalk Quote Link to comment
sse450 Posted February 27, 2018 Share Posted February 27, 2018 My interpretation is that "leave it blank if reverse proxy is used". But, Sonarr didn't work when I left it blank. Quote Link to comment
tazire Posted February 27, 2018 Share Posted February 27, 2018 I'm trying to get this working for the first time. I have installed the docker as directed but keep getting this error repeating nginx: [emerg] BIO_new_file("/config/keys/fullchain.pem") failed (SSL: error:02FFF002:system library:func(4095):No such file or directory:fopen('/config/keys/fullchain.pem', 'r') error:20FFF080:BIO routines:CRYPTO_internal:no such file) Currently i just want to get the docker working before i actually begin reverse proxy access to other containers etc. And here is the container params Quote Link to comment
aptalca Posted February 28, 2018 Share Posted February 28, 2018 11 hours ago, tazire said: I'm trying to get this working for the first time. I have installed the docker as directed but keep getting this error repeating nginx: [emerg] BIO_new_file("/config/keys/fullchain.pem") failed (SSL: error:02FFF002:system library:func(4095):No such file or directory:fopen('/config/keys/fullchain.pem', 'r') error:20FFF080:BIO routines:CRYPTO_internal:no such file) Currently i just want to get the docker working before i actually begin reverse proxy access to other containers etc. And here is the container params Try changing /mnt/user to /mnt/cache or /mnt/diskX Quote Link to comment
tazire Posted February 28, 2018 Share Posted February 28, 2018 19 minutes ago, aptalca said: Try changing /mnt/user to /mnt/cache or /mnt/diskX Tried unfortunately gives the exact same results. Quote Link to comment
tazire Posted February 28, 2018 Share Posted February 28, 2018 ok i figured this out... stupid me i tried to get this working in the past and was using a different default config.... i found it and fixed it... so at least i have a base working. Quote Link to comment
Living Legend Posted February 28, 2018 Share Posted February 28, 2018 I did a search on this thread for "mqtt" and "mosquitto", but yielded no results. I currently use spants/mqtt docker in conjunction with homeassistant/home-assistant docker. All of my remote accessing is done through this docker, linuxserver/letsencrypt. Because of this, I've been able to greatly reduce the ports I have open on my router. I currently have 5. The basic 80, 8080, 443. And then 32400 for Plex and 1194 for OpenVPN as I have found no other way to get this working without doing so. I'm using OwnTracks on an Android OS phone to remotely send device location via MQTT. Because of this, I need to be able to access this docker remotely. I tried the most generic change to the default file under "site-confs": location /mqtt { proxy_pass http://192.168.1.3:1883/; include /config/nginx/proxy.conf; } Unfortunately, this does not work. Any experience with a similar setup that could possibly point me in the right direction so I can try to avoid opening up more ports on my router? Quote Link to comment
DZMM Posted February 28, 2018 Share Posted February 28, 2018 2 hours ago, Living Legend said: I did a search on this thread for "mqtt" and "mosquitto", but yielded no results. I currently use spants/mqtt docker in conjunction with homeassistant/home-assistant docker. All of my remote accessing is done through this docker, linuxserver/letsencrypt. Because of this, I've been able to greatly reduce the ports I have open on my router. I currently have 5. The basic 80, 8080, 443. And then 32400 for Plex and 1194 for OpenVPN as I have found no other way to get this working without doing so. I'm using OwnTracks on an Android OS phone to remotely send device location via MQTT. Because of this, I need to be able to access this docker remotely. I tried the most generic change to the default file under "site-confs": location /mqtt { proxy_pass http://192.168.1.3:1883/; include /config/nginx/proxy.conf; } Unfortunately, this does not work. Any experience with a similar setup that could possibly point me in the right direction so I can try to avoid opening up more ports on my router? I haven't opened up port 1883 to get owntracks to work. It's been a while since i setup, but I think owntracks responds to 'polls' from the local instance so you don't need to open up a port. Quote Link to comment
DZMM Posted February 28, 2018 Share Posted February 28, 2018 3 hours ago, DZMM said: I haven't opened up port 1883 to get owntracks to work. It's been a while since i setup, but I think owntracks responds to 'polls' from the local instance so you don't need to open up a port. Yep, just double-checked by putting my phone on cellular and pinging home-assistant and my owntracks works with the MQTT docker by ensuring the outgoing ports are open, not the incoming. I have for my appdata\MQTT\conf.d\myphone_mqtt.conf: connection cloudmqtt address mXX.cloudmqtt.com:non-ssl port remote_username MAIN CLOUDMQTT USERNAME remote_password MAIN CLOUDMQTT PASSWORD clientid cloudmqtt try_private false start_type automatic topic # in topic owntracks out and I've allowed outgoing the non-ssl and websockets port from the cloudmqtt instance in my router (running this ports using selective routing over my vpn for more peace of mind) . 'owntracks out' is so that cloudmqtt doesn't get flooded with my smartthings messages, or anything else I add in the future. Quote Link to comment
pingmanping Posted March 1, 2018 Share Posted March 1, 2018 I have been reading from page 46 and I could not find this HTTPVAL. I have enabled the “advanced view” and all I see at the bottom are PUID and PGID. I have port forward on my firewall 80:81 and 443:442. Here is my settings: Here is the error : Quote Link to comment
CHBMB Posted March 1, 2018 Share Posted March 1, 2018 I have been reading from page 46 and I could not find this HTTPVAL. I have enabled the “advanced view” and all I see at the bottom are PUID and PGID. I have port forward on my firewall 80:81 and 443:442. Here is my settings: Here is the error : It's changed again. Take a look at the Github readme for up to date info.Sent from my LG-H815 using Tapatalk Quote Link to comment
CHBMB Posted March 1, 2018 Share Posted March 1, 2018 It's changed again. Take a look at the Github readme for up to date info.Sent from my LG-H815 using TapatalkAlthough to be honest looking at the info you provided it does look like either your port forward or DNS isn't correct.Sent from my LG-H815 using Tapatalk Quote Link to comment
tazire Posted March 1, 2018 Share Posted March 1, 2018 Ok just looking for a little help getting nextcloud working as i'd like. I tried following the directions given in the earlier posts on the nextcloud support thread but it mostly applies to if you want to use the address xxx.server.com. I am trying to get it working with server.com/nextcloud. Currently I am having a couple of issues. Firstly I can access my nextcloud perfectly fine from outside my network with server.com/network however... within my network I am having issues and also I cant get it to play nice with the android app and the windows app either. At present while on the network I cant connect when using the unraid GUI. it sends me to 192.168.1.18:4433 but in order to access it on my network I have to input 192.168.1.18/nextcloud in order to access it. Also if I am on my own network and I go to server.com/nextcloud it redirects me to the correct local ip but does not seem to connect through letsencrypt as I get the insecure notice. Ill attach my configs for reference. Just FYI sonarr and couchpotato work exactly as i'd like with the setup I have. config.php default.txt Quote Link to comment
CHBMB Posted March 1, 2018 Share Posted March 1, 2018 Ok just looking for a little help getting nextcloud working as i'd like. I tried following the directions given in the earlier posts on the nextcloud support thread but it mostly applies to if you want to use the address xxx.server.com. I am trying to get it working with server.com/nextcloud. Currently I am having a couple of issues. Firstly I can access my nextcloud perfectly fine from outside my network with server.com/network however... within my network I am having issues and also I cant get it to play nice with the android app and the windows app either. At present while on the network I cant connect when using the unraid GUI. it sends me to 192.168.1.18:4433 but in order to access it on my network I have to input 192.168.1.18/nextcloud in order to access it. Also if I am on my own network and I go to server.com/nextcloud it redirects me to the correct local ip but does not seem to connect through letsencrypt as I get the insecure notice. Ill attach my configs for reference. Just FYI sonarr and couchpotato work exactly as i'd like with the setup I have. config.phpdefault.txtThis is one of the reasons I don't support the subfolder method.You probably need to look at hairpin NAT or NAT reflection on your router.Sent from my LG-H815 using Tapatalk Quote Link to comment
pingmanping Posted March 1, 2018 Share Posted March 1, 2018 Although to be honest looking at the info you provided it does look like either your port forward or DNS isn't correct.Sent from my LG-H815 using TapatalkWhat do you mean by DNS?This is the stateful flow from my SRX firewall. (I replaced my public IP with 1.1.1.1)Session ID: 48579, Policy name: untrust_TO_LENGINX/80, Timeout: 2, Valid In: 66.118.142.167/43834 --> 1.1.1.1/80;tcp, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 1, Bytes: 40, Out: 10.0.20.11/81 --> 66.118.142.167/43834;tcp, Conn Tag: 0x0, If: irb.20, Pkts: 1, Bytes: 40, Sent from my iPad using Tapatalk Quote Link to comment
aptalca Posted March 1, 2018 Share Posted March 1, 2018 4 hours ago, pingmanping said: I have been reading from page 46 and I could not find this HTTPVAL. I have enabled the “advanced view” and all I see at the bottom are PUID and PGID. I have port forward on my firewall 80:81 and 443:442. Here is my settings: Here is the error : Your outgoing connection to the letsencrypt server is failing Quote Link to comment
pingmanping Posted March 1, 2018 Share Posted March 1, 2018 Your outgoing connection to the letsencrypt server is failingI put my letsencrypt container to my DMZ subnet. Do you think this is the problem?I put a VM in the DMZ and I was able to browse the Internet. I disabled my pihole and letsencrypt was still failing with the same error. I did some testing to verified the destination NAT by installing the Linuxserver.io NGINX container and I was able to hit the page. But letsencrypt fails to work.Sent from my iPad using Tapatalk Quote Link to comment
pingmanping Posted March 1, 2018 Share Posted March 1, 2018 1 hour ago, aptalca said: Your outgoing connection to the letsencrypt server is failing Here is update. I used the bridge mode and everything works. I really don't want to use my unraid IP when opening inbound ports from the Internet. How are you deploying your letsencrypt? My plan was to put the LE container in my DMZ and this seems to fail to work. I would like to put my pivpn, emby, nextcloud behind the letsencrypt container. Quote Link to comment
aptalca Posted March 2, 2018 Share Posted March 2, 2018 10 hours ago, pingmanping said: Here is update. I used the bridge mode and everything works. I really don't want to use my unraid IP when opening inbound ports from the Internet. How are you deploying your letsencrypt? My plan was to put the LE container in my DMZ and this seems to fail to work. I would like to put my pivpn, emby, nextcloud behind the letsencrypt container. DMZ means opening up every single port. No firewall. Don't do it. Forward a single port (443) if you're using dns validation or 80 and 443 if using http validation, to letsencrypt on unraid and reverse proxy everything else. Configure the built in fail2ban for additional security like against ddos and brute force attempts (recidive does wonders) Quote Link to comment
tazire Posted March 2, 2018 Share Posted March 2, 2018 14 hours ago, CHBMB said: This is one of the reasons I don't support the subfolder method. You probably need to look at hairpin NAT or NAT reflection on your router. Sent from my LG-H815 using Tapatalk Ok I'm not going to lie I dont really know much about that NAT stuff. As you can probably see from my default config I have the method you suggest there but commented out. I did this as I was having issues getting that to work also. Should your method work fine even with the subfolder method on other containers? I'm willing to go back at it if its just going to work as intended. Quote Link to comment
CHBMB Posted March 2, 2018 Share Posted March 2, 2018 8 minutes ago, tazire said: Ok I'm not going to lie I dont really know much about that NAT stuff. As you can probably see from my default config I have the method you suggest there but commented out. I did this as I was having issues getting that to work also. Should your method work fine even with the subfolder method on other containers? I'm willing to go back at it if its just going to work as intended. Yeah it works fine with other stuff as subfolders, but you'll still have the issue with hairpin NAT. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.