Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

I am using the preset. The only thing I changed was the port number of the proxy pass :

server {
listen 443 ssl;

server_name nextcloud.*;

include /config/nginx/ssl.conf;

client_max_body_size 0;

location / {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_nextcloud nextcloud;
proxy_max_temp_file_size 2048m;
proxy_pass https://$upstream_nextcloud:444/;

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

2 hours ago, bmdegraaf said:

I am using the preset. The only thing I changed was the port number of the proxy pass :

server {
listen 443 ssl;

server_name nextcloud.*;

include /config/nginx/ssl.conf;

client_max_body_size 0;

location / {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_nextcloud nextcloud;
proxy_max_temp_file_size 2048m;
proxy_pass https://$upstream_nextcloud:444/;

 

You're not supposed to change the port

 

It tells you what you need to do at the top. It does not tell you to change the port ?

Edited by aptalca

Having troubles with the LE container :(

All i did was edit the site-config/default and uncomment the 80 to 443 redirect with nano.

 

[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28
Server ready
nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28
nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28
nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28
nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28
nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28

 

-edit-

Found the culprit. All the proxy-conf subfolder conf files have a /servicename and organizr just has the /

Edited by Tuumke
Found the problem

 
You're not supposed to change the port
 
It tells you what you need to do at the top. It does not tell you to change the port [emoji6]


Changed the port back to 443 ! And it works!



Sent from my iPhone using Tapatalk
1 hour ago, Tuumke said:

Having troubles with the LE container :(

All i did was edit the site-config/default and uncomment the 80 to 443 redirect with nano.

 

[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28
Server ready
nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28
nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28
nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28
nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28
nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28

 

-edit-

Found the culprit. All the proxy-conf subfolder conf files have a /servicename and organizr just has the /

 

https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/proxy-confs/organizr.subfolder.conf.sample#L2

?

Yes! Or change the organizr to /organizr? But then i need to see if i can somehow edit the base of organizr..

Im getting emails from letsencrypt about my certs expiring soon, do i need to do anything or does it take care of it on its own?

3 minutes ago, hermy65 said:

Im getting emails from letsencrypt about my certs expiring soon, do i need to do anything or does it take care of it on its own?

 

Have you recently made any changes from say registering specific subdomains to now using wildcards?

 

Also, I believe the certs need to renew every 90 days so if you haven't rebooted your container within the past 90 days you may be nearing that deadline.

I have not restarted in a while, will do that and see what happens. 

3 minutes ago, IamSpartacus said:

 

Have you recently made any changes from say registering specific subdomains to now using wildcards?

 

Also, I believe the certs need to renew every 90 days so if you haven't rebooted your container within the past 90 days you may be nearing that deadline.

 

 

no need to reboot the container as there's a cronjob that checks for renewal of the certs

22 minutes ago, sparklyballs said:

 

 

no need to reboot the container as there's a cronjob that checks for renewal of the certs

 

Oh, good to know.

hi

on the instructions it states to forward port you using for this container to the docker host in your router.

i have got the container listening on specific ip on bridgemode and my router can see this IP for the container. 

so got forwarding configured.

however nginx does not seem to start at all.

i have a custom config in site-config

running netstat shows nginx not running

 

any ideas?

Edited by nekromantik

25 minutes ago, nekromantik said:

hi

on the instructions it states to forward port you using for this container to the docker host in your router.

i have got the container listening on specific ip on bridgemode and my router can see this IP for the container. 

so got forwarding configured.

however nginx does not seem to start at all.

i have a custom config in site-config

running netstat shows nginx not running

 

any ideas?

 

Docker run command and logs

52 minutes ago, CHBMB said:

 

Docker run command and logs

 

So docker logs show it cant connect to port 80 for validation.

Its not my router as other ports I have forwarded from WAN work. 

 

Does the container run iptables so blocking all incoming connections?

8 hours ago, nekromantik said:

 

So docker logs show it cant connect to port 80 for validation.

Its not my router as other ports I have forwarded from WAN work. 

 

Does the container run iptables so blocking all incoming connections?

 

No, something else is blocking port 80.  Check your ISP isn't blocking port 80.  This isn't a container issue, it's an issue outside the container.  Nginx won't start unless LetsEncrypt completes validation. 

7 hours ago, CHBMB said:

 

No, something else is blocking port 80.  Check your ISP isn't blocking port 80.  This isn't a container issue, it's an issue outside the container.  Nginx won't start unless LetsEncrypt completes validation. 

 

Got that issue fixed.

It was not ISP blocking, it was router not forwarding 80 so changed to 8080 on container and forwarding from 80 to 8080.

But now I am getting 404 not found error when it tried to validate.

 

here is log

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...
usermod: no changes

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Europe/London
URL=nekromantik.io
SUBDOMAINS=www,nextcloud
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
[email protected]
STAGING=

Backwards compatibility check. . .
No compatibility action needed
2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.nekromantik.io -d nextcloud.nekromantik.io
E-mail address entered: [email protected]
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nekromantik.io
http-01 challenge for nextcloud.nekromantik.io
http-01 challenge for www.nekromantik.io
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.nekromantik.io (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.nekromantik.io/.well-known/acme-challenge/M7U5BloCEAFN4O9RC8nGjDfF5R_xrIfpQ35lDaKE1x8: "<html>

<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: www.nekromantik.io
Type: unauthorized
Detail: Invalid response from
http://www.nekromantik.io/.well-known/acme-challenge/M7U5BloCEAFN4O9RC8nGjDfF5R_xrIfpQ35lDaKE1x8:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

Got that fixed.

Switched to DNS validation via Cloudflare instead. much easier as no need to open port 80 anymore.

thanks

Edited by nekromantik

Quote

nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/config/keys/cert.crt"

 

 

I wondered if anything had changed recently and I've missed it?

 

I am using http validation.

 

The odd thing is, I have not pointed any configs to that cert as the letsencrypt certs are elsewhere....

 

Thanks

 

 

Edited by local.bin

Request for support for the ngx_stream_geoip module to be added please.

 

load_module modules/ngx_stream_geoip_module.so;

 

--with-stream_geoip_module

 

Thanks for the consideration.

 

Edit: I added apk add nginx-mod-stream-geoip which seamed to solve the module loading issue.

Edited by local.bin

Are you supposed to be able to see the default index.html landing page even if there are errors loading certs?

I have the ports forwarded on my firewall, but even if I go to the local ip:port I don't get anything like I do if I just load up a plain nginx docker. I just get the default "This site can’t be reached" page in chrome.
and
I also tried using a custom br0 interface so this docker would get it's own IP and could use port 80 and 443 on it's own and still no landing page.

Here's the error I'm getting, but I fear it's because nginx isn't starting up correctly for some reason.
 

Failed authorization procedure. zyphermonkey.strangled.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://zyphermonkey.strangled.net/.well-known/acme-challenge/0FLixOl9CLlYQEihDp7YvgO-I6GnyYZGjM7Jvb2Vvjg: Timeout during connect (likely firewall problem)

and

Domain: zyphermonkey.strangled.net
Type: connection
Detail: Fetching
http://zyphermonkey.strangled.net/.well-known/acme-challenge/0FLixOl9CLlYQEihDp7YvgO-I6GnyYZGjM7Jvb2Vvjg:
Timeout during connect (likely firewall problem)

 

3 minutes ago, zyphermonkey said:

Are you supposed to be able to see the default index.html landing page even if there are errors loading certs?

No.

Okay so I got that part fixed. I have no idea how it happened but the "container ports" got changed to match the "host ports" and obviously nothing worked after that.

Now I'm trying to set up some subfolder services and the only way I can get them to work without getting a 500 error is to have the following with a lot of the default settings commented out. I don't think I should be doing this. Is there something I need to configure in proxy.conf to get the default way to work?

 

# first go into tautulli settings, under "Web Interface", click on show advanced, set the HTTP root to /tautulli and restart the tautulli container
# to enable password access, uncomment the two auth_basic lines

location /tautulli {
#    auth_basic "Restricted";
#    auth_basic_user_file /config/nginx/.htpasswd;
    include /config/nginx/proxy.conf;
#    resolver 127.0.0.11 valid=30s;
#    set $upstream_tautulli tautulli;
#    proxy_pass http://$upstream_tautulli:8181;
    proxy_pass http://192.168.1.10:8282;
}

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.