aptalca Posted April 6, 2018 Share Posted April 6, 2018 26 minutes ago, hawihoney said: Could it be that easy? Wow, worked immediately. Out of the box. Have plex1.t***.duckdns.org and plex2.t***.duckdns.org now. Thanks a million. One last question - more Plex related: If I remove port forwarding of 3240x from my router Plex tells me about missing direct connection. I mean, what is that 3240x port used for if the connection works over 443? This one puzzles me a bit. That's the port plex's cloud servers use to connect to your local plex server. They try over 32400, can't connect, hence the missing direct connection Since you are now serving plex over port 443 (via proxy), perhaps you need to tell plex to use that in the gui settings? Again, I never proxied plex so take my suggestions with a grain of salt. Quote Link to comment
NewDisplayName Posted April 6, 2018 Share Posted April 6, 2018 Nop. I dont think nginx can, out of the box, "just" redirect other traffic then http/https. Quote Link to comment
Rudder2 Posted April 7, 2018 Share Posted April 7, 2018 @aptalca I'm having problems with the CloudFlare DNS-01. Is it main stream or should I still be on the preview update you made 3 months ago? I'm getting this error in the log: <------------------------------------------------->cronjob running on Sat Apr 7 12:33:51 CDT 2018Running certbot renewSaving debug log to /var/log/letsencrypt/letsencrypt.log-------------------------------------------------------------------------------Processing /etc/letsencrypt/renewal/MYDOMAIN.conf-------------------------------------------------------------------------------expected /etc/letsencrypt/live/MYDOMAIN.com/cert.pem to be a symlinkRenewal configuration file /etc/letsencrypt/renewal/MYDOMAIN.com.conf is broken. Skipping.-------------------------------------------------------------------------------No renewals were attempted.Additionally, the following renewal configuration files were invalid:/etc/letsencrypt/renewal/MYDOMAIN.com.conf (parsefail)-------------------------------------------------------------------------------0 renew failure(s), 1 parse failure(s)[cont-init.d] 50-config: exited 0.[cont-init.d] done.[services.d] starting services[services.d] done.nginx: [emerg] PEM_read_bio_X509_AUX("/config/keys/letsencrypt/fullchain.pem") failed (SSL: error:09FFF06C:PEM routines:CRYPTO_internal:no start line:Expecting: TRUSTED CERTIFICATE)Server readynginx: [emerg] PEM_read_bio_X509_AUX("/config/keys/letsencrypt/fullchain.pem") failed (SSL: error:09FFF06C:PEM routines:CRYPTO_internal:no start line:Expecting: TRUSTED CERTIFICATE) Quote Link to comment
aptalca Posted April 7, 2018 Share Posted April 7, 2018 1 hour ago, Rudder2 said: @aptalca I'm having problems with the CloudFlare DNS-01. Is it main stream or should I still be on the preview update you made 3 months ago? I'm getting this error in the log: <------------------------------------------------->cronjob running on Sat Apr 7 12:33:51 CDT 2018Running certbot renewSaving debug log to /var/log/letsencrypt/letsencrypt.log-------------------------------------------------------------------------------Processing /etc/letsencrypt/renewal/MYDOMAIN.conf-------------------------------------------------------------------------------expected /etc/letsencrypt/live/MYDOMAIN.com/cert.pem to be a symlinkRenewal configuration file /etc/letsencrypt/renewal/MYDOMAIN.com.conf is broken. Skipping.-------------------------------------------------------------------------------No renewals were attempted.Additionally, the following renewal configuration files were invalid:/etc/letsencrypt/renewal/MYDOMAIN.com.conf (parsefail)-------------------------------------------------------------------------------0 renew failure(s), 1 parse failure(s)[cont-init.d] 50-config: exited 0.[cont-init.d] done.[services.d] starting services[services.d] done.nginx: [emerg] PEM_read_bio_X509_AUX("/config/keys/letsencrypt/fullchain.pem") failed (SSL: error:09FFF06C:PEM routines:CRYPTO_internal:no start line:Expecting: TRUSTED CERTIFICATE)Server readynginx: [emerg] PEM_read_bio_X509_AUX("/config/keys/letsencrypt/fullchain.pem") failed (SSL: error:09FFF06C:PEM routines:CRYPTO_internal:no start line:Expecting: TRUSTED CERTIFICATE) It is stable, no need to use the preview build Can you post your renewal config file? It's under the config folder etc letsencrypt Quote Link to comment
Rudder2 Posted April 7, 2018 Share Posted April 7, 2018 3 minutes ago, aptalca said: It is stable, no need to use the preview build Can you post your renewal config file? It's under the config folder etc letsencrypt Here is is. I purposely changed my domain to MYDOMAIN.com and my account number to ACCT# trying to prevent privet data from being posted in a form. AWESOME! just changed it back to the linuxserver/letsencrypt channel. MYDOMAIN.com.conf Quote Link to comment
Rudder2 Posted April 7, 2018 Share Posted April 7, 2018 14 minutes ago, aptalca said: It is stable, no need to use the preview build Can you post your renewal config file? It's under the config folder etc letsencrypt 4 minutes ago, Rudder2 said: Here is is. I purposely changed my domain to MYDOMAIN.com and my account number to ACCT# trying to prevent privet data from being posted in a form. AWESOME! just changed it back to the linuxserver/letsencrypt channel. MYDOMAIN.com.conf I changed the channel back to main channel and now I get this error: -------------------------------------_ ()| | ___ _ __| | / __| | | / \| | \__ \ | | | () ||_| |___/ |_| \__/Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...4096 bit DH parameters presentSUBDOMAINS entered, processingSub-domains processed are: -d www.MYDOMAIN.com -d nextcloud.MYDOMAIN.com -d vpn.MYDOMAIN.com -d onlyoffice.MYDOMAIN.com -d collabora.MYDOMAIN.comE-mail address entered: [email protected]Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be createdSaving debug log to /var/log/letsencrypt/letsencrypt.logUnable to load: [('PEM routines', 'CRYPTO_internal', 'no start line')],[('asn1 encoding routines', 'CRYPTO_internal', 'header too long')]Generating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator standalone, Installer NoneObtaining a new certificatePerforming the following challenges:Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.IMPORTANT NOTES:- Your account credentials have been saved in your Certbotconfiguration directory at /etc/letsencrypt. You should make asecure backup of this folder now. This configuration directory willalso contain certificates and private keys obtained by Certbot somaking regular backups of this folder is ideal.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
aptalca Posted April 8, 2018 Share Posted April 8, 2018 10 hours ago, Rudder2 said: I changed the channel back to main channel and now I get this error: -------------------------------------_ ()| | ___ _ __| | / __| | | / \| | \__ \ | | | () ||_| |___/ |_| \__/Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...4096 bit DH parameters presentSUBDOMAINS entered, processingSub-domains processed are: -d www.MYDOMAIN.com -d nextcloud.MYDOMAIN.com -d vpn.MYDOMAIN.com -d onlyoffice.MYDOMAIN.com -d collabora.MYDOMAIN.comE-mail address entered: [email protected]Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be createdSaving debug log to /var/log/letsencrypt/letsencrypt.logUnable to load: [('PEM routines', 'CRYPTO_internal', 'no start line')],[('asn1 encoding routines', 'CRYPTO_internal', 'header too long')]Generating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator standalone, Installer NoneObtaining a new certificatePerforming the following challenges:Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.IMPORTANT NOTES:- Your account credentials have been saved in your Certbotconfiguration directory at /etc/letsencrypt. You should make asecure backup of this folder now. This configuration directory willalso contain certificates and private keys obtained by Certbot somaking regular backups of this folder is ideal.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container That doesn't look like the log of the latest image. Make sure you pull the latest linuxserver/letsencrypt If that doesn't work, try backing up your default site config, then nuke the container, image and config folder and start over because something is messed up on your system Quote Link to comment
Rudder2 Posted April 8, 2018 Share Posted April 8, 2018 8 hours ago, aptalca said: That doesn't look like the log of the latest image. Make sure you pull the latest linuxserver/letsencrypt If that doesn't work, try backing up your default site config, then nuke the container, image and config folder and start over because something is messed up on your system Your right. I think I know what killed it. I had a problem where I lost 2 DATA disks (Make sure that the new controller card you buy is compatible with unRAID...) When I recovered the Disks I had to restore my APPs folder from a back up to recover my Databases because they scanned and saw the missing DATA and I didn't feel like rebuilding it my self because I would have to correct a lot of incorrect matches. Not thinking about it I recovered all APPs DATA instead of just the ones I needed. I wander if this broke LetsEncrypt. I nuked the APPs folder and Docker Image let it start using the LinuxServer/LetsEncrypt repository to create the APP DATA and them copied back in the CloudFlare.ini and the site-confs back in and it's back up. Should of done this to begin with...This is the beauty of the way the Docker Images from LinuxServer.io are written, easy recovery. One good thing from all this is I discovered I was still on the Preview Channel when I should of been back on the Main update channel. This happens often (usually BETA channel) and I never figure it out till the Docker brakes. Thank you for all your help! Your AWESOME! Quote Link to comment
aptalca Posted April 8, 2018 Share Posted April 8, 2018 6 hours ago, Rudder2 said: Your right. I think I know what killed it. I had a problem where I lost 2 DATA disks (Make sure that the new controller card you buy is compatible with unRAID...) When I recovered the Disks I had to restore my APPs folder from a back up to recover my Databases because they scanned and saw the missing DATA and I didn't feel like rebuilding it my self because I would have to correct a lot of incorrect matches. Not thinking about it I recovered all APPs DATA instead of just the ones I needed. I wander if this broke LetsEncrypt. I nuked the APPs folder and Docker Image let it start using the LinuxServer/LetsEncrypt repository to create the APP DATA and them copied back in the CloudFlare.ini and the site-confs back in and it's back up. Should of done this to begin with...This is the beauty of the way the Docker Images from LinuxServer.io are written, easy recovery. One good thing from all this is I discovered I was still on the Preview Channel when I should of been back on the Main update channel. This happens often (usually BETA channel) and I never figure it out till the Docker brakes. Thank you for all your help! Your AWESOME! Glad it worked Quote Link to comment
EdgarWallace Posted April 9, 2018 Share Posted April 9, 2018 Hi, I am having an issue with my Letsencrypt Docker whenever I am updating it. The log is showing: LOG After each update I have to remove the Subdomain(s) but I am sure that there is a smarter way to deal with this. Anyone able to help? Thanks a lot. Quote Link to comment
allanp81 Posted April 9, 2018 Share Posted April 9, 2018 1 hour ago, EdgarWallace said: Hi, I am having an issue with my Letsencrypt Docker whenever I am updating it. The log is showing: LOG After each update I have to remove the Subdomain(s) but I am sure that there is a smarter way to deal with this. Anyone able to help? Thanks a lot. I always have the same issue as well, it's very annoying as it means I can't have it set to auto update the docker. Would love to know how to solve this. Quote Link to comment
aptalca Posted April 9, 2018 Share Posted April 9, 2018 4 hours ago, EdgarWallace said: Hi, I am having an issue with my Letsencrypt Docker whenever I am updating it. The log is showing: LOG After each update I have to remove the Subdomain(s) but I am sure that there is a smarter way to deal with this. Anyone able to help? Thanks a lot. I'm guessing unraid keeps putting in the subdomains field because it is in the template? Then instead of deleting it, try setting it to either blank, or if that doesn't work set it to just a comma Quote Link to comment
GreenEyedMonster Posted April 10, 2018 Share Posted April 10, 2018 On 4/1/2018 at 12:32 AM, fivestones said: I went back and looked at cloudflare again, and while I'm pretty sure that a few months ago when I was trying it it wouldn't let me use *.mydomain.com to make a DNS A record, now it does. They say that using a wildcard DNS like this will make the wildcard subdomains not be protected by the cloudflare network (unless you pay for the enterprise version), but it will still point to your server as intended. So I set it up for my domain, made the wildcard subdomain in cloudflare, and then set the letsencrypt docker to make a wildcard cert, and it all works! Now I can go to any random subdomain random.mydomain.com and it points to mydomain.com if nothing is specified in letsencrypt config/nginx/site-confs/default. Or if I specify something in that file random.mydomain.com can point to a particular port on my server like ghost or plex. I'm so excited to see it all working! Thanks for the tip on cloudflare. Mind giving a step by step for us Noobs that have a slight idea on how you got this to work? Quote Link to comment
munit85 Posted April 10, 2018 Share Posted April 10, 2018 (edited) I'm not getting what you mean about using cloudflare with dns. edit// Made a cloudflare account. added my website. went to namecheap and pointed nameservers to cloudflare servers as indicated updated file in dns-conf named cloudflare.ini with cloudflare email and api key, which i grabbed through their site updated docker values with dns validation and 'cloudflare' in dns-plugin field keep port 80->81 forward to route incoming connections correctly restarted docker and we're in business. double edit// Was working perfectly. Now I'm getting error 522 (cloudflare) when trying to connect. Edited April 10, 2018 by munit85 figured it out Quote Link to comment
ijuarez Posted April 10, 2018 Share Posted April 10, 2018 36 minutes ago, munit85 said: I'm not getting what you mean about using cloudflare with dns. I'm hosted on namecheap. what setting am I changing to make this work? today was renewal day and that failed. port forwarding didn't change, but I keep getting errors. I'm really at a frustrated point here. the dns solution sounds nice, but I'm missing some step as to what I need to do. edit// Made a cloudflare account. added my website. went to namecheap and pointed nameservers to cloudflare servers as indicated updated file in dns-conf named cloudflare.ini with cloudflare email and api key, which i grabbed through their site updated docker values with dns validation and 'cloudflare' in dns-plugin field went into router and kept port 443 forwarded over unraid IP deleted port 80->81 forward since that isn't needed anymore. restarted docker and we're in business. In namecheap you need to set the dns to cloud flare once that is done cloudflare will authenticate and then you will work. It took about 20 minutes for mine to resolve using namecheap and cloudflare *On mobile please excuse the bad engrish 1 Quote Link to comment
dalben Posted April 10, 2018 Share Posted April 10, 2018 Quick question beiore I get too detailed. If I install the docker and start it, should I at least get some sort of page when I go to https://192.168.1.10 and/or http://192.168.1.10:81 I have port forwarded the router 443 to the container 443 and the router 80 to container 81. 81 is set to the containers 80 and 443 to 443. I am getting errors in the log file about not being able to get validation data etc but before I delve there I just want to make sure that ngix and the port forwarding is working at least internally before looking at the outside world. This was originally set up with it's own IP address but it's now back to the server's IP in case that was a pre-req. Quote Link to comment
GilbN Posted April 10, 2018 Share Posted April 10, 2018 27 minutes ago, dalben said: Quick question beiore I get too detailed. If I install the docker and start it, should I at least get some sort of page when I go to https://192.168.1.10 and/or http://192.168.1.10:81 I have port forwarded the router 443 to the container 443 and the router 80 to container 81. 81 is set to the containers 80 and 443 to 443. I am getting errors in the log file about not being able to get validation data etc but before I delve there I just want to make sure that ngix and the port forwarding is working at least internally before looking at the outside world. This was originally set up with it's own IP address but it's now back to the server's IP in case that was a pre-req. Unraid uses port 443 on 6.4.0 so you will need to change that. Quote Link to comment
dalben Posted April 10, 2018 Share Posted April 10, 2018 (edited) 1 hour ago, GilbN said: Unraid uses port 443 on 6.4.0 so you will need to change that. OK, done. But https://192.168.1.10:7443/ gives me nothing here's the run command: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='br-letsencrypt' --net='bridge' --privileged=true -e TZ="Asia/Singapore" -e HOST_OS="unRAID" -e 'EMAIL'='[email protected]' -e 'URL'='mydomain.com' -e 'SUBDOMAINS'='www' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'PUID'='99' -e 'PGID'='100' -p '81:80/tcp' -p '7443:443/tcp' -v '/mnt/cache/appdata/letsencrypt':'/config':'rw' 'linuxserver/letsencrypt' OK, I have confirmed my port forwarding / DNS settings are working fine by installing the plain ngix docker from LSIO and managed to access the default site it throws up via 80 and 443. Edited April 10, 2018 by dalben Quote Link to comment
JonathanM Posted April 10, 2018 Share Posted April 10, 2018 3 hours ago, dalben said: OK, I have confirmed my port forwarding / DNS settings are working fine by installing the plain ngix docker from LSIO and managed to access the default site it throws up via 80 and 443. So, when you type in your FQDN(not IP address) on a device NOT connected to your internal LAN, it brings up the plain nginx page? If not, the LE-nginx isn't going to work. Quote Link to comment
dalben Posted April 10, 2018 Share Posted April 10, 2018 8 hours ago, jonathanm said: So, when you type in your FQDN(not IP address) on a device NOT connected to your internal LAN, it brings up the plain nginx page? If not, the LE-nginx isn't going to work. Correct. When I have the standalone nginx docker running, it gives me the default web pages whether I use http or https. This is is consistent on whether intranet or internet using my phone. I stop that docker and start the letsencrypt docker (same ports being used so no router or dns changes] and I get nothing. Again this is consistent whether intra or internet. I’ve killed the container a couple of times and recreated but the symptoms are the same. Quote Link to comment
JonathanM Posted April 10, 2018 Share Posted April 10, 2018 16 hours ago, dalben said: I am getting errors in the log file about not being able to get validation data 1 hour ago, dalben said: When I have the standalone nginx docker running, it gives me the default web pages whether I use http or https. This is is consistent on whether intranet or internet using my phone. Given those two statements, you definitely need to pursue the log errors. 16 hours ago, dalben said: If I install the docker and start it, should I at least get some sort of page when I go to https://192.168.1.10 and/or http://192.168.1.10:81 This docker won't fully start the webserver until it has a valid certificate, so the direct answer to your question is no. Quote Link to comment
aptalca Posted April 11, 2018 Share Posted April 11, 2018 8 hours ago, dalben said: Correct. When I have the standalone nginx docker running, it gives me the default web pages whether I use http or https. This is is consistent on whether intranet or internet using my phone. I stop that docker and start the letsencrypt docker (same ports being used so no router or dns changes] and I get nothing. Again this is consistent whether intra or internet. I’ve killed the container a couple of times and recreated but the symptoms are the same. Post a docker log Quote Link to comment
dalben Posted April 11, 2018 Share Posted April 11, 2018 2 hours ago, aptalca said: Post a docker log Two logs attached. One fresh start after zapping the container. One after a restart (in case it makes a difference). A couple of screen shots showing access to the nginx container from the interweb log_new.txt log_restart.txt Quote Link to comment
Drider Posted April 11, 2018 Share Posted April 11, 2018 (edited) Is there a guide or tutorial on setting up the \nginx\site-confs\default file? I'm on unRAID 6.1.9 (I know old), and when I configure a fresh install everything works great, meaning I can remote to my mail server 400 miles away, browse to subdomain.mydomain.com and get it to redirect me to the https://subdomain.mydomain.com default index.html. I actually impressed myself because I got it to work through Godaddy redirecting a CNAME to my free-dns subdomain back to the dynamic IP here at home, while keeping the secure lock and correct address in the address bar. Problem is, I've been hitting a severe roadblock trying to get the correct format in the default site-confs file to get to my OMBI docker container. It seems like everytime I edit the default file, it borks the whole system, and no matter where I connect from I get an ERROR_CONNECTION_REFUSED. Trying to undo edits and save, or replacing the file with a backup resolves nothing, and I end up having to uninstall/reinstall the container, to get back to functional. EDIT: I did try newperms Tool on my appdata folder, which actually help to speed up my server GUI navigation, but nothing else... Maybe someone can give me the quick version, but a guide or reference for editing that file would be just as appreciated. My base url for ombi: /request Ports are default at 3579 for both container and host as I can't seem to find where I can change that. and the server's host address is 192.168.0.69 I know I'm close, but just can't seem to get it... It would also be nice to utilize just the sub-domain.domain address for my users navigating to the site omitting </request>. From what I can tell in the default file example this is possible, no? Bonus Round: I have basic authentication turned on for myself and my users, using the built in PLEX account authentication, but what's the most secure way to implement this? To quote linuxserver.io: Quote If you'd like to password protect your sites, you can use htpasswd. Run the following command on your host to generate the htpasswd file docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd <username> Is this something I should be interested in setting as well? Any guides, or reference for implementation? I appreciate the help, as i'm finally getting around to actually using the 2xE5-2670 128GB RAM beast I built a couple years back, ... (The first one at least...) Edited April 11, 2018 by Drider Missed/Added information Quote Link to comment
EdgarWallace Posted April 11, 2018 Share Posted April 11, 2018 On 9.4.2018 at 2:32 PM, aptalca said: I'm guessing unraid keeps putting in the subdomains field because it is in the template? Then instead of deleting it, try setting it to either blank, or if that doesn't work set it to just a comma Thank you very much @aptalca adding a comma into the subdomain(s) field is working well (adding a blank isn't working btw. this is what I tried earlier..) @allanp81 you might want to try that as well. Let me know if it is working for you too. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.