karateo Posted June 19, 2018 Share Posted June 19, 2018 I had to add #!/usr/bin/with-contenv bash on top of the file which I found after a few tries! Thanks for the tip I figured also how to move the thumbnail cache to an external from the photos source folder so I am now going to try and strengthen security. I have already enabled 2-factor login My options 1) VPN and blocking all other access from WAN but I will lose let's encrypt which also would be useless as VPN encrypts everything. 2) allowing through firewall access to my IP addresses AND let's encrypt servers (need to find them) and block everything else 3) Allow all WAN from firewall and add .htaccess as well the extra 2-factor login I will host personal file so I think the option #2 is a good compromise. Any ideas? Quote Link to comment
karateo Posted June 20, 2018 Share Posted June 20, 2018 (edited) Another question! In Filerun I can only have one folder per user. So for user Teo I have mapped /files/ (inside docker) And from container settings I have mapped /mnt/user/Filerun:/files/ I also need Filerun to access /mnt/user/Photos so I added as Read Only /mnt/user/Photos:/files/photos/:ro I just need a confirmation that its a viable solution! Edited June 20, 2018 by karateo Quote Link to comment
Magma Posted June 20, 2018 Share Posted June 20, 2018 I have been trying to get Plex SSO working with Ombi V3 and Organizr V2. I have configured my reverse proxy according to https://github.com/causefx/Organizr/wiki/Plex-SSO. When I go to https://domain.com/plex I get a 401 error. If I go to https://domain.com/plex/web/index.html I am able to successfully reach plex. Any ideas as to what may be going on here? If it helps I've been following these guides: https://technicalramblings.com/blog/how-to-setup-organizr-with-letsencrypt-on-unraid/ https://technicalramblings.com/blog/installing-ombi-v3-beta-on-unraid-setting-up-sso-with-plex-and-ombi/ Thanks Quote Link to comment
JonathanM Posted June 20, 2018 Share Posted June 20, 2018 34 minutes ago, jbear said: LETSENCRYPT Docker Question: My ISP blocks port 80 inbound, can I pull a cert using a different --preferred-challenges? Possibly tls-sni (port 443) instead of http (port 80). If so, how can I modify this docker to make it work, right now when I start the docker, it's try to pull a cert on port 80 everytime. Failed authorization procedure. jsbear.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://jsbear.duckdns.org/.well-known/acme-challenge/5lYNDmQrZ7t7idpDLwGznLFtteLxkbUYPPrTPhVa2mg: Timeout during connect (likely firewall problem) ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Something like certbot certonly --standalone --preferred-challenges tls-sni -d example.com This has been discussed to death in this thread. starting at around page 45 or so. Read the "important notice" on this page that is linked in the first post of this thread. https://hub.docker.com/r/linuxserver/letsencrypt/ 1 Quote Link to comment
CiaoCiao Posted June 21, 2018 Share Posted June 21, 2018 (edited) I'm trying to setup my Nextcloud to work with Letsencrypt. (disclaimer : I am very new to this. Willing to learn but the learning curve seems a bit steep...) The problem I am facing is that I have forwarded the needed ports in my router and setup everything as explained in this video : Yet, I cannot access my Nextcloud. In the logs of Letsencrypt, there is the following content : Quote ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=America/Los_Angeles URL=*firstnamelastname*.net SUBDOMAINS=cloud EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=*myemailaddress* STAGING= Backwards compatibility check. . . No compatibility action needed 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d cloud.*firstnamelastname*.net E-mail address entered: *myemailaddress* http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for cloud.*firstnamelastname*.net http-01 challenge for *firstnamelastname*.net Waiting for verification... Cleaning up challenges Failed authorization procedure. mydomainname (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from mydomainname/.well-known/acme-challenge/c5ExrCYBltBQXThW2cgXibAto8FKit42sn_IbvIctGk: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title></title> <meta name=", mydomainname (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from mydomainname/.well-known/acme-challenge/KRzuKlcmy7Z0fHcfYMQgLVOr1F079Tp1OIXwxGX70fA: "<html xml:lang="fr-FR" lang="fr-FR"> <head> <title qtlid="28806">F\xe9licitations ! Votre domaine a bien \xe9t\xe9 cr\xe9\xe9 chez OVH !</" IMPORTANT NOTES: Error in atexit._run_exitfuncs: Traceback (most recent call last): File "/usr/lib/python2.7/atexit.py", line 24, in _run_exitfuncs func(*targs, **kargs) File "/usr/lib/python2.7/site-packages/certbot/util.py", line 665, in _atexit_call func(*args, **kwargs) File "/usr/lib/python2.7/site-packages/certbot/reporter.py", line 98, in print_messages next_wrapper.fill(line) for line in lines[1:])) UnicodeEncodeError: 'ascii' codec can't encode character u'\xe9' in position 600: ordinal not in range(128) Error in sys.exitfunc: An unexpected error occurred: - The following errors were reported by the server: UnicodeEncodeError: 'ascii' codec can't encode character u'\xe9' in position 600: ordinal not in range(128) Please see the logfiles in /var/log/letsencrypt for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container I've read different posts on different websites and I think I am supposed to add a file or folder somewhere but I didn't understand what and where (it was related to a folder named something along "well-known acme") When trying to access nextcloud from outside the network, I am getting a timeout error. Could you please help me out? I'm having a hard time figuring out what this means and what I'm supposed to do to solve it. Thank you in advance Edited January 12, 2020 by CiaoCiao Quote Link to comment
aptalca Posted June 21, 2018 Share Posted June 21, 2018 4 hours ago, CiaoCiao said: I'm trying to setup my Nextcloud to work with Letsencrypt. (disclaimer : I am very new to this. Willing to learn but the learning curve seems a bit steep...) The problem I am facing is that I have forwarded the needed ports in my router and setup everything as explained in this video : Yet, I cannot access my Nextcloud. In the logs of Letsencrypt, there is the following content : I've read different posts on different websites and I think I am supposed to add a file or folder somewhere but I didn't understand what and where (it was related to a folder named something along "well-known acme") When trying to access nextcloud from outside the network, I am getting a timeout error. Could you please help me out? I'm having a hard time figuring out what this means and what I'm supposed to do to solve it. Thank you in advance Your domain is not forwarded to your unraid. It is showing the hosting page at ovh Quote Link to comment
puncho Posted June 21, 2018 Share Posted June 21, 2018 (edited) Hi, re-visiting nextcloud and still trying to get it to work properly. I can access from IE after I get a page saying "there is a problem with this website's security certificate" and I press continue on. Likewise, when I access from my iphone, it seems to work correctly, albeit after seeing this page first: However, when I try to log on in chrome, I get this and can't get past it to the log-on page. Any ideas? Is it a letsencrypt issue? Thank you! Edited June 21, 2018 by puncho Quote Link to comment
aptalca Posted June 21, 2018 Share Posted June 21, 2018 3 minutes ago, puncho said: Hi, re-visiting nextcloud and still trying to get it to work properly. I can access from IE after I get a page saying "there is a problem with this website's security certificate" and I press continue on. Likewise, when I access from my iphone, it seems to work correctly, albeit after seeing this page first: However, when I try to log on in chrome, I get this and can't get past it to the log-on page. Any ideas? Is it a letsencrypt issue? Thank you! You enabled hsts so Chrome refuses to connect unless the cert is valid. Post your logs and reverse proxy configs and we'll take a look. Quote Link to comment
puncho Posted June 21, 2018 Share Posted June 21, 2018 2 minutes ago, aptalca said: You enabled hsts so Chrome refuses to connect unless the cert is valid. Post your logs and reverse proxy configs and we'll take a look. Thanks for your help! Here's the letsencrypt log Quote [s6-init] making user provided files available at /var/run/s6/etc...exited 0.[s6-init] ensuring user provided files have correct perms...exited 0.[fix-attrs.d] applying ownership & permissions fixes...[fix-attrs.d] done.[cont-init.d] executing container initialization scripts...[cont-init.d] 10-adduser: executing...-------------------------------------_ ()| | ___ _ __| | / __| | | / \| | \__ \ | | | () ||_| |___/ |_| \__/Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...Variables set:PUID=99PGID=100TZ=URL=duckdns.orgSUBDOMAINS=testEXTRA_DOMAINS=ONLY_SUBDOMAINS=trueDHLEVEL=2048VALIDATION=httpDNSPLUGIN=[email protected]STAGING=Backwards compatibility check. . .No compatibility action needed2048 bit DH parameters presentSUBDOMAINS entered, processingSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d test.duckdns.orgE-mail address entered: [email protected]http validation is selectedCertificate exists; parameters unchanged; attempting renewal<-------------------------------------------------><------------------------------------------------->cronjob running on Thu Jun 21 04:32:03 UTC 2018Running certbot renewSaving debug log to /var/log/letsencrypt/letsencrypt.log-------------------------------------------------------------------------------Processing /etc/letsencrypt/renewal/test.duckdns.org.conf-------------------------------------------------------------------------------Cert not yet due for renewalPlugins selected: Authenticator standalone, Installer None-------------------------------------------------------------------------------The following certs are not due for renewal yet:/etc/letsencrypt/live/test.duckdns.org/fullchain.pem expires on 2018-09-07 (skipped)No renewals were attempted.No hooks were run.-------------------------------------------------------------------------------[cont-init.d] 50-config: exited 0.[cont-init.d] done.[services.d] starting services[services.d] done.Server ready The letsencrypt config is as follows: Quote upstream backend { server 192.168.0.100:19999; keepalive 64; } server { listen 443 ssl default_server; listen 80 default_server; root /config/www; index index.html index.htm index.php; server_name test.duckdns.org; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location = / { return 301 /htpc; } location /sonarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.0.100:8989/sonarr; } location /hydra { include /config/nginx/proxy.conf; proxy_pass http://192.168.0.100:5075/hydra; } location /nzbget { include /config/nginx/proxy.conf; proxy_pass http://192.168.0.100:6789/nzbget; } location /radarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.0.100:7878/radarr; } location /request { include /config/nginx/proxy.conf; proxy_pass http://192.168.0.100:3579/request; } location /htpc { include /config/nginx/proxy.conf; proxy_pass http://192.168.0.100:8085/htpc; } location /cops { include /config/nginx/proxy.conf; proxy_pass http://192.168.0.100:88/cops; } location /books { proxy_bind $server_addr; proxy_pass http://192.168.0.100:8083; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /books; } location /plexpy { proxy_pass http://192.168.0.100:8181; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 90; proxy_set_header X-Forwarded-Proto $scheme; set $xforwardedssl "off"; if ($scheme = https) { set $xforwardedssl "on"; } proxy_set_header X-Forwarded-Ssl $xforwardedssl; proxy_redirect ~^(http(?:s)?://)([^:/]+)(?::\d+)?(/.*)?$ $1$2:$server_port$3; } location /downloads { include /config/nginx/proxy.conf; proxy_pass http://192.168.0.100:8112/; proxy_set_header X-Deluge-Base "/downloads/"; } #PLEX location /web { # serve the CSS code proxy_pass http://192.168.0.100:32400; } # Main /plex rewrite location /plex { # proxy request to plex server proxy_pass http://192.168.0.100:32400/web; } location /nextcloud { include /config/nginx/proxy.conf; proxy_pass https://192.168.0.100:444/nextcloud; } location ~ /netdata/(?<ndpath>.*) { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend/$ndpath$is_args$args; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } } Quote Link to comment
aptalca Posted June 21, 2018 Share Posted June 21, 2018 14 minutes ago, puncho said: Thanks for your help! Here's the letsencrypt log The letsencrypt config is as follows: Your cert doesn't cover a "nextcloud" subdomain. In fact it doesn't cover any subdomains underneath the custom one you got from duckdns. You probably should have read the instructions in the container settings right underneath the url and subdomains fields Quote Link to comment
puncho Posted June 21, 2018 Share Posted June 21, 2018 I think I fixed it, it works now without any messages in chrome/iphone/IE. I had originally followed cyanlabs so I didn't enter the nextcloud subdomain in the container settings. Sorry, pretty noob at this and just follow tutorials to get things up and running. Here's the new logs...not sure what the new error is about? Thanks again Quote ErrorWarningSystemArrayLogin [s6-init] making user provided files available at /var/run/s6/etc...exited 0.[s6-init] ensuring user provided files have correct perms...exited 0.[fix-attrs.d] applying ownership & permissions fixes...[fix-attrs.d] done.[cont-init.d] executing container initialization scripts...[cont-init.d] 10-adduser: executing...-------------------------------------_ ()| | ___ _ __| | / __| | | / \| | \__ \ | | | () ||_| |___/ |_| \__/Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...Variables set:PUID=99PGID=100TZ=America/Los_AngelesURL=duckdns.orgSUBDOMAINS=test,nextcloud.test,EXTRA_DOMAINS=ONLY_SUBDOMAINS=trueDHLEVEL=2048VALIDATION=httpDNSPLUGIN=[email protected]STAGING=Backwards compatibility check. . .No compatibility action needed2048 bit DH parameters presentSUBDOMAINS entered, processingSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d test.duckdns.org -d nextcloud.test.duckdns.orgE-mail address entered: [email protected]http validation is selectedDifferent validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be createdSaving debug log to /var/log/letsencrypt/letsencrypt.logYou should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.Generating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator standalone, Installer NoneObtaining a new certificatePerforming the following challenges:http-01 challenge for nextcloud.test.duckdns.orghttp-01 challenge for test.duckdns.orgWaiting for verification...Cleaning up challenges[cont-finish.d] executing container finish scripts...[cont-finish.d] done.[s6-finish] syncing disks.[s6-finish] sending all processes the TERM signal.[s6-finish] sending all processes the KILL signal and exiting.[s6-init] making user provided files available at /var/run/s6/etc...exited 0.[s6-init] ensuring user provided files have correct perms...exited 0.[fix-attrs.d] applying ownership & permissions fixes...[fix-attrs.d] done.[cont-init.d] executing container initialization scripts...[cont-init.d] 10-adduser: executing...usermod: no changes-------------------------------------_ ()| | ___ _ __| | / __| | | / \| | \__ \ | | | () ||_| |___/ |_| \__/Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-config: executing...[cont-init.d] 20-config: exited 0.[cont-init.d] 30-keygen: executing...using keys found in /config/keys[cont-init.d] 30-keygen: exited 0.[cont-init.d] 50-config: executing...Variables set:PUID=99PGID=100TZ=America/Los_AngelesURL=duckdns.orgSUBDOMAINS=test,nextcloud.test,EXTRA_DOMAINS=ONLY_SUBDOMAINS=trueDHLEVEL=2048VALIDATION=httpDNSPLUGIN=[email protected]STAGING=Backwards compatibility check. . .No compatibility action needed2048 bit DH parameters presentSUBDOMAINS entered, processingSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d test.duckdns.org -d nextcloud.test.duckdns.orgE-mail address entered: [email protected]http validation is selectedCertificate exists; parameters unchanged; attempting renewal<-------------------------------------------------><------------------------------------------------->cronjob running on Thu Jun 21 00:30:44 PDT 2018Running certbot renewSaving debug log to /var/log/letsencrypt/letsencrypt.log-------------------------------------------------------------------------------Processing /etc/letsencrypt/renewal/test.duckdns.org.conf-------------------------------------------------------------------------------Traceback (most recent call last):File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 63, in _reconstituterenewal_candidate = storage.RenewableCert(full_path, config)File "/usr/lib/python2.7/site-packages/certbot/storage.py", line 415, in __init__"file reference".format(self.configfile))CertStorageError: renewal config file {} is missing a required file referenceRenewal configuration file /etc/letsencrypt/renewal/test.duckdns.org.conf is broken. Skipping.-------------------------------------------------------------------------------No renewals were attempted.No hooks were run.Additionally, the following renewal configuration files were invalid:/etc/letsencrypt/renewal/test.duckdns.org.conf (parsefail)-------------------------------------------------------------------------------0 renew failure(s), 1 parse failure(s)[cont-init.d] 50-config: exited 0.[cont-init.d] done.[services.d] starting services[services.d] done.Server ready Quote Link to comment
aptalca Posted June 21, 2018 Share Posted June 21, 2018 4 hours ago, puncho said: I think I fixed it, it works now without any messages in chrome/iphone/IE. I had originally followed cyanlabs so I didn't enter the nextcloud subdomain in the container settings. Sorry, pretty noob at this and just follow tutorials to get things up and running. Here's the new logs...not sure what the new error is about? Thanks again Again, please read the instructions. It literally says underneath that field that if you're using a dynamic dns address, the URL should be customsubdomain.domain.url so for you it would be test.duckdns.org and for SUBDOMAINS you can put nextcloud and anything else you like. Also uncheck subdomains only because you want the cert to cover the url as well. I'm not sure what the error was, but it could be due to inputting the subdomain like that. Quote Link to comment
CiaoCiao Posted June 21, 2018 Share Posted June 21, 2018 9 hours ago, aptalca said: Your domain is not forwarded to your unraid. It is showing the hosting page at ovh I think it's redirected though? I just tried to go to myip:444 on my smartphone not through WiFi so as to access from outside the network. But it does not work either. Quote Link to comment
aptalca Posted June 21, 2018 Share Posted June 21, 2018 4 hours ago, CiaoCiao said: I think it's redirected though? I just tried to go to myip:444 on my smartphone not through WiFi so as to access from outside the network. But it does not work either. Why ip? You need to set the A record for your domain name so it forwards to your home ip. Then this container will be able to validate the certs and only then nginx will start working and start responding to requests. Right now the webserver is down due to missing cert Quote Link to comment
puncho Posted June 22, 2018 Share Posted June 22, 2018 19 hours ago, aptalca said: Again, please read the instructions. It literally says underneath that field that if you're using a dynamic dns address, the URL should be customsubdomain.domain.url so for you it would be test.duckdns.org and for SUBDOMAINS you can put nextcloud and anything else you like. Also uncheck subdomains only because you want the cert to cover the url as well. I'm not sure what the error was, but it could be due to inputting the subdomain like that. Thank you, seems to be all working error free now Quote Link to comment
schford Posted June 22, 2018 Share Posted June 22, 2018 HI guys, Has anyone managed to get this working with the home assistant docker for the reverse proxy. I have tried the following location /ha { proxy_pass http://192.168.0.24:8123; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } but I just get anyone got any ideas? Thanks! 502 Bad Gateway nginx/1.12.2 Quote Link to comment
saarg Posted June 22, 2018 Share Posted June 22, 2018 4 hours ago, schford said: HI guys, Has anyone managed to get this working with the home assistant docker for the reverse proxy. I have tried the following location /ha { proxy_pass http://192.168.0.24:8123; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } but I just get anyone got any ideas? Thanks! 502 Bad Gateway nginx/1.12.2 Did you try to Google it? Look at the bottom of the nginx config in this link https://www.home-assistant.io/docs/ecosystem/nginx/ 1 Quote Link to comment
schford Posted June 23, 2018 Share Posted June 23, 2018 14 hours ago, saarg said: Did you try to Google it? Look at the bottom of the nginx config in this link https://www.home-assistant.io/docs/ecosystem/nginx/ I tried many variations of home assistant docker, lets encrypt etc when googling but didn't actually search for NGINX - doh!!!! Thank you so much for the link cant believe it was documented on HASS pages - right off to play and thanks once more ? Quote Link to comment
schford Posted June 23, 2018 Share Posted June 23, 2018 SO Just in case any one else is looking ? I had to add the below to get it working, it wont work with anything but the root rather than location / hass or something which I woudl prefer but can live with this unless anyone has any suggestions map $http_upgrade $connection_upgrade { default upgrade; '' close; } location / { proxy_pass http://192.168.0.23:8123; proxy_set_header Host $host; proxy_redirect http:// https://; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } Quote Link to comment
smakdafrog Posted June 25, 2018 Share Posted June 25, 2018 On 3/17/2017 at 4:06 AM, dmacias said: This works for me. Add the real ip lines to the nginx default site-confs for the nextcloud docker. Then restart the nextcloud docker. server { listen 443 ssl; server_name _; real_ip_header X-Forwarded-For; set_real_ip_from 172.17.0.0/16; real_ip_recursive on; I'm trying to do something similar here, but have been unable to get it to work. I'm trying to get Fail2ban working with DelugeVPN, using LetsEncrypt reverse proxy. Everything is setup and functional, but in the DelugeVPN logs, I get 172.17.0.0/16 ips listed from the docker bridge. ****** 2018-06-25 13:55:28,812 DEBG 'deluge-web-script' stderr output: [ERROR ] 13:55:28 auth:330 Login failed (ClientIP 172.17.0.1) ****** I've set up the real ip stuff that I've seen in this thread ****** server { listen 443 ssl; server_name deluge.domain.com; set_real_ip_from 172.17.0.0/16; real_ip_header X-Forwarded-For; real_ip_recursive on; location / { proxy_pass http://192.168.50.50:8112/; } } ****** Not sure how to get the clients actual IP to populate in the delugevpn logs instead of the bridge IPs. Anyone have an idea? Quote Link to comment
aptalca Posted June 25, 2018 Share Posted June 25, 2018 4 hours ago, smakdafrog said: I'm trying to do something similar here, but have been unable to get it to work. I'm trying to get Fail2ban working with DelugeVPN, using LetsEncrypt reverse proxy. Everything is setup and functional, but in the DelugeVPN logs, I get 172.17.0.0/16 ips listed from the docker bridge. ****** 2018-06-25 13:55:28,812 DEBG 'deluge-web-script' stderr output: [ERROR ] 13:55:28 auth:330 Login failed (ClientIP 172.17.0.1) ****** I've set up the real ip stuff that I've seen in this thread ****** server { listen 443 ssl; server_name deluge.domain.com; set_real_ip_from 172.17.0.0/16; real_ip_header X-Forwarded-For; real_ip_recursive on; location / { proxy_pass http://192.168.50.50:8112/; } } ****** Not sure how to get the clients actual IP to populate in the delugevpn logs instead of the bridge IPs. Anyone have an idea? ? Delugevpn uses its vpn tunnel for incoming connections. They don't come through the wan. Not sure how the host iptables would block that. It may be possible, but I'm not a networking guru Quote Link to comment
smakdafrog Posted June 26, 2018 Share Posted June 26, 2018 (edited) 14 hours ago, aptalca said: ? Delugevpn uses its vpn tunnel for incoming connections. They don't come through the wan. Not sure how the host iptables would block that. It may be possible, but I'm not a networking guru Even for just the website? (not actual download/upload traffic). Figured if I went to domain.com/deluge, my external IP hitting that site should be able to get logged correctly because its going through Nginx reverse proxy to get there. I mainly just want to stop anyone from brute forcing their way into my deluge client. Edited June 26, 2018 by smakdafrog Quote Link to comment
GilbN Posted June 29, 2018 Share Posted June 29, 2018 (edited) On 6/26/2018 at 2:56 PM, smakdafrog said: Even for just the website? (not actual download/upload traffic). Figured if I went to domain.com/deluge, my external IP hitting that site should be able to get logged correctly because its going through Nginx reverse proxy to get there. I mainly just want to stop anyone from brute forcing their way into my deluge client. Easier to just use basic auth then. Fail2ban is already pre configured to ban failed auths with basic http authentication. Or if you want to get "fancy", lock it behind organizr server auth and setup fail2ban on organizr. Edited June 29, 2018 by GilbN 1 Quote Link to comment
bmdegraaf Posted July 5, 2018 Share Posted July 5, 2018 I am trying to get nextcloud to work under nextcloud.xxxxx.com I have sonarr, ombi, etc... working fine under their respective subdomains, but for nextcloud I keep getting a 502 Bad Gateway error nginx/1.12.2 I have followed the guide on linuxserver.io, including amending /config/www/nextcloud/config/config.php When accessing the nextcloud docker from within unraid [unraid IP adress:444], I do get the message that safari cannot access the page securely. Letsencrypt wise, the certificate is available. Quote Link to comment
aptalca Posted July 5, 2018 Share Posted July 5, 2018 4 hours ago, bmdegraaf said: I am trying to get nextcloud to work under nextcloud.xxxxx.com I have sonarr, ombi, etc... working fine under their respective subdomains, but for nextcloud I keep getting a 502 Bad Gateway error nginx/1.12.2 I have followed the guide on linuxserver.io, including amending /config/www/nextcloud/config/config.php When accessing the nextcloud docker from within unraid [unraid IP adress:444], I do get the message that safari cannot access the page securely. Letsencrypt wise, the certificate is available. There is also a preset proxy conf in there for nextcloud on a subdomain. They are under /config/nginx/proxy-confs Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.