Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

1 hour ago, clause said:

@d2dyno  I tired forwarding my domain name to my duckdns and then removed subdomains, but it still isnt working.

 

Are you sure there isn't something else running on port 81 on unraid?

 

According to your log, letsencrypt servers cannot reach your container when they try to connect to your domain on port 80, which could be that your dns is not set up correctly, or duckdns is forwarding to the wrong ip, or your router is not forwarding to the correct lan ip or port, or your container is not listening on the right port. 

 

You can temporarily put up a regular nginx container (while letsencrypt container is down) with the same ports and try to connect to it through your domain on port 80 and see if you get the default placeholder page

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

pihole? anyone got this to work through nginx?

 

I have it partially working, but it looks like only the html loads and not the php

 

# Pihole
 location /pihole/ {
 proxy_pass http://192.168.11.10:80/admin/;
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_read_timeout 90;
  }

 

 

This gets the page to load but the graphs and counters dont populate.

 

developer tools tell me this when i hit f12

 

Failed to load resource: the server responded with a status of 404 (Not Found)
https://domain.pw/pihole/api.php?overTimeData10mins

Failed to load resource: the server responded with a status of 404 (Not Found)
jquery.min.js:4 GET https://domain.pw/pihole/api.php?overTimeData10mins 404 (Not Found)

 

 

I've been hacking away at this all day and just cant get it to work. Any help Please?

 

Thanks

Edited by Kube

3 hours ago, aptalca said:

 

Are you sure there isn't something else running on port 81 on unraid?

 

According to your log, letsencrypt servers cannot reach your container when they try to connect to your domain on port 80, which could be that your dns is not set up correctly, or duckdns is forwarding to the wrong ip, or your router is not forwarding to the correct lan ip or port, or your container is not listening on the right port. 

 

You can temporarily put up a regular nginx container (while letsencrypt container is down) with the same ports and try to connect to it through your domain on port 80 and see if you get the default placeholder page

I put up a regular nginx container with the same ports, and I was able to connect to it fine.  Removed the nginx container and recreated the LE container, and still had the same error, so i think my forwarding is fine.  

1 hour ago, clause said:

I put up a regular nginx container with the same ports, and I was able to connect to it fine.  Removed the nginx container and recreated the LE container, and still had the same error, so i think my forwarding is fine.  

 

Try changing the config folder location to /mnt/cache or /mnt/disk (longshot) 

2 hours ago, clause said:

I put up a regular nginx container with the same ports, and I was able to connect to it fine.  Removed the nginx container and recreated the LE container, and still had the same error, so i think my forwarding is fine.  

 

I think I had the same problem... I had a variable in "show more settings" called HTTPVAL: - it was set to True as I had had to do that sometime in the past I believe. I changed it to "false" and started getting some stuff working.

 

Haven't finished testing, but wanted to pass it on.

1 hour ago, aptalca said:

 

Try changing the config folder location to /mnt/cache or /mnt/disk (longshot) 

Tried that. Still no luck.  

4 minutes ago, bdillahu said:

 

I think I had the same problem... I had a variable in "show more settings" called HTTPVAL: - it was set to True as I had had to do that sometime in the past I believe. I changed it to "false" and started getting some stuff working.

 

Haven't finished testing, but wanted to pass it on.

No HTTPVAL in my command.  Here it is.

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='bridge' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="unRAID" -e 'EMAIL'='XXXXXXXX' -e 'URL'='duckdns.org' -e 'SUBDOMAINS'='XXXXXXX,' -e 'ONLY_SUBDOMAINS'='true' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'PUID'='99' -e 'PGID'='100' -p '81:80/tcp' -p '444:443/tcp' -v '/mnt/cache/appdata/letsencrypt/':'/config':'rw' 'linuxserver/letsencrypt'

d3a3282f734239ff8f7722288607e7cb56b6cd74a45022ed17f02f97b32a8b77

The command finished successfully!

I ended up setting up Cloudflare and got it working that way.

On 2.4.2018 at 12:47 AM, Kube said:

pihole? anyone got this to work through nginx?

 

I have it partially working, but it looks like only the html loads and not the php

 

# Pihole
 location /pihole/ {
 proxy_pass http://192.168.11.10:80/admin/;
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_read_timeout 90;
  }

 

 

This gets the page to load but the graphs and counters dont populate.

 

developer tools tell me this when i hit f12

 

Failed to load resource: the server responded with a status of 404 (Not Found)
https://domain.pw/pihole/api.php?overTimeData10mins

Failed to load resource: the server responded with a status of 404 (Not Found)
jquery.min.js:4 GET https://domain.pw/pihole/api.php?overTimeData10mins 404 (Not Found)

 

 

I've been hacking away at this all day and just cant get it to work. Any help Please?

 

Thanks

 

Try location /admin/ instead 

 

You can also try with this rewrite (I haven't tried it)

 

if ($http_referer ~* /pihole/) {
        rewrite ^/admin/(.*) /pihole/admin/$1? redirect;
    }
	

Edited by GilbN

Hi,

 

I have some troubles with LetsEncrypt.

 

I got now several times an email, that my certs are expiring soon. So I checked the logs on LetsEncrypt and noticed the follwoing warning:

 

Attempting to renew cert (xxx.yyy.com) from /etc/letsencrypt/... produced and unexpected error: Failed authorization procedure xxx.yyy.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain.

 

In the past I had issues after a LetsEncrypt-Update and I had to add the HTTPVAL Key with setting true. Regardless if I set it to false or true, it is still not working.

 

Br,

Johannes

1 hour ago, ebnerjoh said:

Hi,

 

I have some troubles with LetsEncrypt.

 

I got now several times an email, that my certs are expiring soon. So I checked the logs on LetsEncrypt and noticed the follwoing warning:

 


Attempting to renew cert (xxx.yyy.com) from /etc/letsencrypt/... produced and unexpected error: Failed authorization procedure xxx.yyy.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain.

 

In the past I had issues after a LetsEncrypt-Update and I had to add the HTTPVAL Key with setting true. Regardless if I set it to false or true, it is still not working.

 

Br,

Johannes

 

My mistake. I somehow removed the Portforwarding for Port 80 and only allowed 443. Added 80 and now it is working again.

 

Br,

Johannes

6 hours ago, ebnerjoh said:

 

My mistake. I somehow removed the Portforwarding for Port 80 and only allowed 443. Added 80 and now it is working again.

 

Br,

Johannes

 

Also keep in mind that httpval is deprecated and replaced with "VALIDATION", which can be set to http or dns. So far it is still backwards compatible, but in the future, httpval support will get dropped

1 hour ago, aptalca said:

 

Also keep in mind that httpval is deprecated and replaced with "VALIDATION", which can be set to http or dns. So far it is still backwards compatible, but in the future, httpval support will get dropped

 Well crap, what page is that on?

 

Nevermind I found it

Edited by ijuarez
resolved

4 hours ago, ijuarez said:

 Well crap, what page is that on?

 

Nevermind I found it

 

Docker hub info, github page, blog post on the website ;)

Two unRAID servers, a Plex docker on each machine, DuckDNS and LetsEncrypt on the first machine - how to do that? Below is my current configuration.

 

Because I can open port 80/443 to one single machine only, I create redirections in the nginx default conf.

 

My questions:

- Is this ok/safe or is there a better way?

- Plex on the second machine reports indirect connections only. Is there a way to get around that?

- Please have a look at my proxy_pass settings. I use https there. Is this ok?

 

Many thanks in advance.

 

Router:

port 80 (extern) --> port 81 (intern)

port 443 (extern) --> port 444 (intern)

 

DuckDNS subdomains

t***1.duckdns.org

t***2.duckdns.org

 

DuckDNS container (on first unRAID machine):

SUBDOMAINS: t***1,t***2

 

LetsEncrypt container (on first unRAID machine):

Email: h***[email protected]

Domainname: duckdns.org

Subdomain(s): t***1

Only subdomains: true

 

Plex network settings (on first machine):

External URL: https://t***1.duckdns.org/plex01/

--> working perfect

 

Plex network settings (on second machine):

External URL: https://t***1.duckdns.org/plex02/

--> working indirect

 

nginx/site-confs/default:

- first machine is 192.168.178.35

- second machine is 192.168.178.34

 

Many thanks in advance.

upstream backend {
	server 192.168.178.35:19999;
	keepalive 64;
}

server {
	listen 443 ssl default_server;
	listen 80 default_server;
	root /config/www;
	index index.html index.htm index.php;

	server_name _;

	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers '***';
	ssl_prefer_server_ciphers on;

	client_max_body_size 0;

	location = / {
		return 301 /;
	}

	location /web {
		# serve the CSS code
		proxy_pass https://192.168.178.35:32400;
	}

	location /plex01 {
		# proxy request to plex server
        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;
		proxy_pass https://192.168.178.35:32400/web;
	}

	location /plex02 {
		# proxy request to plex server
        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;
		proxy_pass https://192.168.178.34:32400/web;
	}

	location ~ /netdata/(?<ndpath>.*) {
		proxy_set_header X-Forwarded-Host $host;
		proxy_set_header X-Forwarded-Server $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass http://backend/$ndpath$is_args$args;
		proxy_http_version 1.1;
		proxy_pass_request_headers on;
		proxy_set_header Connection "keep-alive";
		proxy_store off;
	}
}

 

 

Can this be used without using 443 and 80?

1 hour ago, nuhll said:

Can this be used without using 443 and 80?

 

If you use dns validation, yes

Are the last two posts related to my questions? If yes, what does that mean?

 

15 hours ago, aptalca said:

 

If you use dns validation, yes

I guess, i cant use that with a free dns. I really dont like exposing 80 or 443 to the internet...

1 hour ago, nuhll said:

I guess, i cant use that with a free dns. I really dont like exposing 80 or 443 to the internet...

 

Just get your own domain and point the name servers to cloudflare. It's free and works great. Then you can use whatever port you like

5 hours ago, hawihoney said:

Are the last two posts related to my questions? If yes, what does that mean?

 

 

It was a separate question. 

 

Can't answer your question fully because I haven't reverse proxied plex, let alone two of them. 

 

At first look, it seems that the /web location is shared between both plex servers and all requests are forwarded to one and not the other. 

 

You might be better off proxying them via subdomains at the root so you don't have to worry about proxying additional subfolders like web. 

 

Change your URL in letsencrypt settings to yoursubdomain.duckdns.org, set only_subdomains to false (should have been that way from the start, but I guess you followed an external guide rather than the description in the container settings, it is specifically spelled out there). Then you can set the subdomains to plex1,plex2

 

In the default site config, use the first server block for plex1.yoursubdomain.duckdns.org and the second one for plex2

Edited by aptalca

16 minutes ago, aptalca said:

 

Just get your own domain and point the name servers to cloudflare. It's free and works great. Then you can use whatever port you like

Yes, i thought about that, but.. i have dynamic ip.

 

And also, i guess, letsencrypt needs to redo the cert at some time and will check again on 80 and 443, or not!?

3 hours ago, nuhll said:

Yes, i thought about that, but.. i have dynamic ip.

 

And also, i guess, letsencrypt needs to redo the cert at some time and will check again on 80 and 443, or not!?

 

Ddclient updates ip on cloudflare

 

If you do dns validation, all renewals will also validate through dns, not through ports

4 hours ago, aptalca said:

 

Just get your own domain and point the name servers to cloudflare. It's free and works great. Then you can use whatever port you like

hmmm this is an interesting way to do it. I like the fact you don't have to use ports, i don't use ddclient but pfsense will have to work that gem out.

 

 

 

Quote

Change your URL in letsencrypt settings to yoursubdomain.duckdns.org, set only_subdomains to false (should have been that way from the start, but I guess you followed an external guide rather than the description in the container settings, it is specifically spelled out there). Then you can set the subdomains to plex1,plex2

 

In the default site config, use the first server block for plex1.yoursubdomain.duckdns.org and the second one for plex2

 

Could it be that easy? Wow, worked immediately. Out of the box. Have plex1.t***.duckdns.org and plex2.t***.duckdns.org now. Thanks a million.

 

One last question - more Plex related: If I remove port forwarding of 3240x from my router Plex tells me about missing direct connection. I mean, what is that 3240x port used for if the connection works over 443? This one puzzles me a bit.

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.