bmdegraaf Posted July 5, 2018 Share Posted July 5, 2018 I am using the preset. The only thing I changed was the port number of the proxy pass :server { listen 443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:444/; Quote Link to comment
aptalca Posted July 6, 2018 Share Posted July 6, 2018 (edited) 2 hours ago, bmdegraaf said: I am using the preset. The only thing I changed was the port number of the proxy pass : server { listen 443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:444/; You're not supposed to change the port It tells you what you need to do at the top. It does not tell you to change the port ? Edited July 6, 2018 by aptalca Quote Link to comment
Tuumke Posted July 6, 2018 Share Posted July 6, 2018 (edited) Having troubles with the LE container All i did was edit the site-config/default and uncomment the 80 to 443 redirect with nano. [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 Server ready nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 -edit- Found the culprit. All the proxy-conf subfolder conf files have a /servicename and organizr just has the / Edited July 6, 2018 by Tuumke Found the problem Quote Link to comment
bmdegraaf Posted July 6, 2018 Share Posted July 6, 2018 You're not supposed to change the port It tells you what you need to do at the top. It does not tell you to change the port [emoji6]Changed the port back to 443 ! And it works!Sent from my iPhone using Tapatalk Quote Link to comment
aptalca Posted July 6, 2018 Share Posted July 6, 2018 1 hour ago, Tuumke said: Having troubles with the LE container All i did was edit the site-config/default and uncomment the 80 to 443 redirect with nano. [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 Server ready nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 -edit- Found the culprit. All the proxy-conf subfolder conf files have a /servicename and organizr just has the / https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/proxy-confs/organizr.subfolder.conf.sample#L2 ? 1 Quote Link to comment
Tuumke Posted July 6, 2018 Share Posted July 6, 2018 Yes! Or change the organizr to /organizr? But then i need to see if i can somehow edit the base of organizr.. Quote Link to comment
hermy65 Posted July 6, 2018 Share Posted July 6, 2018 Im getting emails from letsencrypt about my certs expiring soon, do i need to do anything or does it take care of it on its own? Quote Link to comment
IamSpartacus Posted July 6, 2018 Share Posted July 6, 2018 3 minutes ago, hermy65 said: Im getting emails from letsencrypt about my certs expiring soon, do i need to do anything or does it take care of it on its own? Have you recently made any changes from say registering specific subdomains to now using wildcards? Also, I believe the certs need to renew every 90 days so if you haven't rebooted your container within the past 90 days you may be nearing that deadline. Quote Link to comment
hermy65 Posted July 6, 2018 Share Posted July 6, 2018 I have not restarted in a while, will do that and see what happens. Quote Link to comment
sparklyballs Posted July 6, 2018 Share Posted July 6, 2018 3 minutes ago, IamSpartacus said: Have you recently made any changes from say registering specific subdomains to now using wildcards? Also, I believe the certs need to renew every 90 days so if you haven't rebooted your container within the past 90 days you may be nearing that deadline. no need to reboot the container as there's a cronjob that checks for renewal of the certs Quote Link to comment
IamSpartacus Posted July 6, 2018 Share Posted July 6, 2018 22 minutes ago, sparklyballs said: no need to reboot the container as there's a cronjob that checks for renewal of the certs Oh, good to know. Quote Link to comment
nekromantik Posted July 13, 2018 Share Posted July 13, 2018 (edited) hi on the instructions it states to forward port you using for this container to the docker host in your router. i have got the container listening on specific ip on bridgemode and my router can see this IP for the container. so got forwarding configured. however nginx does not seem to start at all. i have a custom config in site-config running netstat shows nginx not running any ideas? Edited July 13, 2018 by nekromantik Quote Link to comment
CHBMB Posted July 13, 2018 Share Posted July 13, 2018 25 minutes ago, nekromantik said: hi on the instructions it states to forward port you using for this container to the docker host in your router. i have got the container listening on specific ip on bridgemode and my router can see this IP for the container. so got forwarding configured. however nginx does not seem to start at all. i have a custom config in site-config running netstat shows nginx not running any ideas? Docker run command and logs Quote Link to comment
nekromantik Posted July 13, 2018 Share Posted July 13, 2018 52 minutes ago, CHBMB said: Docker run command and logs So docker logs show it cant connect to port 80 for validation. Its not my router as other ports I have forwarded from WAN work. Does the container run iptables so blocking all incoming connections? Quote Link to comment
CHBMB Posted July 14, 2018 Share Posted July 14, 2018 8 hours ago, nekromantik said: So docker logs show it cant connect to port 80 for validation. Its not my router as other ports I have forwarded from WAN work. Does the container run iptables so blocking all incoming connections? No, something else is blocking port 80. Check your ISP isn't blocking port 80. This isn't a container issue, it's an issue outside the container. Nginx won't start unless LetsEncrypt completes validation. Quote Link to comment
nekromantik Posted July 14, 2018 Share Posted July 14, 2018 7 hours ago, CHBMB said: No, something else is blocking port 80. Check your ISP isn't blocking port 80. This isn't a container issue, it's an issue outside the container. Nginx won't start unless LetsEncrypt completes validation. Got that issue fixed. It was not ISP blocking, it was router not forwarding 80 so changed to 8080 on container and forwarding from 80 to 8080. But now I am getting 404 not found error when it tried to validate. here is log [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/London URL=nekromantik.io SUBDOMAINS=www,nextcloud EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= Backwards compatibility check. . . No compatibility action needed 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d www.nekromantik.io -d nextcloud.nekromantik.io E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for nekromantik.io http-01 challenge for nextcloud.nekromantik.io http-01 challenge for www.nekromantik.io Waiting for verification... Cleaning up challenges Failed authorization procedure. www.nekromantik.io (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.nekromantik.io/.well-known/acme-challenge/M7U5BloCEAFN4O9RC8nGjDfF5R_xrIfpQ35lDaKE1x8: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.nekromantik.io Type: unauthorized Detail: Invalid response from http://www.nekromantik.io/.well-known/acme-challenge/M7U5BloCEAFN4O9RC8nGjDfF5R_xrIfpQ35lDaKE1x8: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
CHBMB Posted July 14, 2018 Share Posted July 14, 2018 Your DNS is wrongSent from my Mi A1 using Tapatalk Quote Link to comment
nekromantik Posted July 14, 2018 Share Posted July 14, 2018 (edited) Got that fixed. Switched to DNS validation via Cloudflare instead. much easier as no need to open port 80 anymore. thanks Edited July 14, 2018 by nekromantik Quote Link to comment
local.bin Posted July 16, 2018 Share Posted July 16, 2018 (edited) Quote nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/config/keys/cert.crt" I wondered if anything had changed recently and I've missed it? I am using http validation. The odd thing is, I have not pointed any configs to that cert as the letsencrypt certs are elsewhere.... Thanks Edited July 16, 2018 by local.bin Quote Link to comment
local.bin Posted July 19, 2018 Share Posted July 19, 2018 (edited) Request for support for the ngx_stream_geoip module to be added please. load_module modules/ngx_stream_geoip_module.so; --with-stream_geoip_module Thanks for the consideration. Edit: I added apk add nginx-mod-stream-geoip which seamed to solve the module loading issue. Edited July 19, 2018 by local.bin Quote Link to comment
aptalca Posted July 19, 2018 Share Posted July 19, 2018 2 hours ago, local.bin said: Request for support for the ngx_stream_geoip module to be added please. load_module modules/ngx_stream_geoip_module.so; --with-stream_geoip_module Thanks for the consideration. Edit: I added apk add nginx-mod-stream-geoip which seamed to solve the module loading issue. It's already in there: https://github.com/linuxserver/docker-letsencrypt/blob/master/Dockerfile#L36 Quote Link to comment
local.bin Posted July 19, 2018 Share Posted July 19, 2018 36 minutes ago, aptalca said: It's already in there: https://github.com/linuxserver/docker-letsencrypt/blob/master/Dockerfile#L36 Mhh that's strange as it failed to load until I added the apk and when I added it again it said it was already installed; which it didn't do the first time. Quote Link to comment
zyphermonkey Posted July 20, 2018 Share Posted July 20, 2018 Are you supposed to be able to see the default index.html landing page even if there are errors loading certs? I have the ports forwarded on my firewall, but even if I go to the local ip:port I don't get anything like I do if I just load up a plain nginx docker. I just get the default "This site can’t be reached" page in chrome. and I also tried using a custom br0 interface so this docker would get it's own IP and could use port 80 and 443 on it's own and still no landing page. Here's the error I'm getting, but I fear it's because nginx isn't starting up correctly for some reason. Failed authorization procedure. zyphermonkey.strangled.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://zyphermonkey.strangled.net/.well-known/acme-challenge/0FLixOl9CLlYQEihDp7YvgO-I6GnyYZGjM7Jvb2Vvjg: Timeout during connect (likely firewall problem) and Domain: zyphermonkey.strangled.net Type: connection Detail: Fetching http://zyphermonkey.strangled.net/.well-known/acme-challenge/0FLixOl9CLlYQEihDp7YvgO-I6GnyYZGjM7Jvb2Vvjg: Timeout during connect (likely firewall problem) Quote Link to comment
JonathanM Posted July 20, 2018 Share Posted July 20, 2018 3 minutes ago, zyphermonkey said: Are you supposed to be able to see the default index.html landing page even if there are errors loading certs? No. Quote Link to comment
zyphermonkey Posted July 20, 2018 Share Posted July 20, 2018 Okay so I got that part fixed. I have no idea how it happened but the "container ports" got changed to match the "host ports" and obviously nothing worked after that. Now I'm trying to set up some subfolder services and the only way I can get them to work without getting a 500 error is to have the following with a lot of the default settings commented out. I don't think I should be doing this. Is there something I need to configure in proxy.conf to get the default way to work? # first go into tautulli settings, under "Web Interface", click on show advanced, set the HTTP root to /tautulli and restart the tautulli container # to enable password access, uncomment the two auth_basic lines location /tautulli { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; # resolver 127.0.0.11 valid=30s; # set $upstream_tautulli tautulli; # proxy_pass http://$upstream_tautulli:8181; proxy_pass http://192.168.1.10:8282; } Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.