October 25, 20187 yr Without having paged through all 102 pages of this one, I do have a question. With this container acting as a proxy/gateway for all the configured services, are there any plans for (or does anyone think it might be worth having): An internal admin/control panel for the web server Ability to configure sites/services without needing to create config files or restart the container Ability to "switch off/on" a configured service within a control panel Some stat's on what services are being used (traffic by service over time, average response times etc..) I just think these could be really useful or am I wrong?
October 25, 20187 yr Without having paged through all 102 pages of this one, I do have a question. With this container acting as a proxy/gateway for all the configured services, are there any plans for (or does anyone think it might be worth having): An internal admin/control panel for the web server Ability to configure sites/services without needing to create config files or restart the container Ability to "switch off/on" a configured service within a control panel Some stat's on what services are being used (traffic by service over time, average response times etc..) I just think these could be really useful or am I wrong?They may be useful if that's what you need, but they are way beyond an install of Nginx. They won't be included by default. Sent from my Mi A1 using Tapatalk
October 25, 20187 yr 7 minutes ago, CHBMB said: They may be useful if that's what you need, but they are way beyond an install of Nginx. They won't be included by default. Sent from my Mi A1 using Tapatalk Absolutely, I agree - for the majority of users the basic Nginx container suits them fine. How easy (or hard) do you think it could be to write a plugin to sit within unraid to integrate with it? I might actually have a go if I can get some time. Edited October 25, 20187 yr by Saldash
October 25, 20187 yr 8 hours ago, YouAreTheOneNeo said: Log: ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/London URL=example.com SUBDOMAINS=www, unifi, tautulli, pihole, cp, sonarr, heimdall, plex, calibre, ombi EXTRA_DOMAINS=vpn.example.com ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d www.example.com -d unifi.example.com -d tautulli.example.com -d pihole.example.com -d cp.example.com -d sonarr.example.com -d heimdall.example.com -d plex.example.com -d calibre.example.com -d ombi.example.com EXTRA_DOMAINS entered, processing Extra domains processed are: -d vpn.example.com E-mail address entered: [email protected] http validation is selected Certificate exists; parameters unchanged; attempting renewal <-------------------------------------------------> <-------------------------------------------------> cronjob running on Thu Oct 25 08:50:56 BST 2018 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/example.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator standalone, Installer None Running pre-hook command: if ps aux | grep [n]ginx: > /dev/null; then s6-svc -d /var/run/s6/services/nginx; fi Renewing an existing certificate Performing the following challenges: http-01 challenge for calibre.example.com http-01 challenge for cp.example.com http-01 challenge for heimdall.example.com http-01 challenge for ombi.example.com http-01 challenge for pihole.example.com http-01 challenge for plex.example.com http-01 challenge for sonarr.example.com http-01 challenge for tautulli.example.com http-01 challenge for unifi.example.com http-01 challenge for vpn.example.com http-01 challenge for www.example.com http-01 challenge for example.com Waiting for verification... Cleaning up challenges Cleaning up challenges Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Failed authorization procedure. example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [88.98.197.66]: 404. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/example.com/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/example.com/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Running post-hook command: if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem Hook command "if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem" returned error code 1 Error output from if: cat: {privkey,fullchain}.pem: No such file or directory 1 renew failure(s), 0 parse failure(s) IMPORTANT NOTES: - The following errors were reported by the server: Domain: example.com Type: unauthorized Detail: Invalid response from http://example.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [1.1.1.1]: 404 To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready and container settings: Based on the error, it seems your port 80 is not correctly forwarded by your router to this container
October 26, 20187 yr 12 hours ago, aptalca said: Based on the error, it seems your port 80 is not correctly forwarded by your router to this container Thanks - it is forwarded correctly, but my site-conf has a permanent 301 redirect from HTTP to HTTPS: server { listen 80 default_server; root /config/www; index index.html index.htm index.php; server_name _; return 301 https://$host$request_uri; } Presumably this is redirecting the certbot to https when it needs to use insecure http to do validation. Is there a way to add an exception to the site config? I am not too hot on nginx configuration. I would assume the more secure method of validation is to use the dns method, perhaps it is time for me to switch over. Edit: I also had the .htaccess file on my domain provider set up with the following redirect from example.com to www.example.com: RewriteEngine On RewriteCond %{REQUEST_URI} !\.well-known/acme-challenge RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] RewriteRule ^(.*)$ https://%1/$1 [R=301,L] I have removed that now, and when browsing to http://example.com, nginx is now rewriting the URL to httpS://www.example.com/example, and I can't figure out why. Browsing to http://example.com/.well-known/acme-challenge/CHALLENGEKEY is returning https://example.com/404. Edited October 26, 20187 yr by YouAreTheOneNeo Additional information
October 26, 20187 yr 3 hours ago, YouAreTheOneNeo said: Presumably this is redirecting the certbot to https when it needs to use insecure http to do validation. No, the validation script sets up a temporary server that doesn't use your site configs. It's only online long enough to validate through port 80, then the server is restarted with your configuration.
October 26, 20187 yr so my ISP provider doesn't give me the Admin password for my router (pifffff) and the router remote management using https (443) so i want to change the port for the ngnix to something else. so i open a new port forwarding to internal 443 but some of the reverse proxy doesn't work, i am connecting to the server with the custom port but when the reverse proxy forward me the custom port get deleted and forward me to normal https (443) is there a way to make ngnix always add the custom port to the outside world?
October 26, 20187 yr 5 hours ago, YouAreTheOneNeo said: Thanks - it is forwarded correctly, but my site-conf has a permanent 301 redirect from HTTP to HTTPS: server { listen 80 default_server; root /config/www; index index.html index.htm index.php; server_name _; return 301 https://$host$request_uri; } Presumably this is redirecting the certbot to https when it needs to use insecure http to do validation. Is there a way to add an exception to the site config? I am not too hot on nginx configuration. I would assume the more secure method of validation is to use the dns method, perhaps it is time for me to switch over. Edit: I also had the .htaccess file on my domain provider set up with the following redirect from example.com to www.example.com: RewriteEngine On RewriteCond %{REQUEST_URI} !\.well-known/acme-challenge RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] RewriteRule ^(.*)$ https://%1/$1 [R=301,L] I have removed that now, and when browsing to http://example.com, nginx is now rewriting the URL to httpS://www.example.com/example, and I can't figure out why. Browsing to http://example.com/.well-known/acme-challenge/CHALLENGEKEY is returning https://example.com/404. I don't know why or where you're using an .htaccess file but that's likely your issue. You need to pass ports 443 and 80 to the letsencrypt container unaltered. Browser thing is just a cache issue. 301 redirects are permanently cached
October 26, 20187 yr 1 hour ago, syniex said: so my ISP provider doesn't give me the Admin password for my router (pifffff) and the router remote management using https (443) so i want to change the port for the ngnix to something else. so i open a new port forwarding to internal 443 but some of the reverse proxy doesn't work, i am connecting to the server with the custom port but when the reverse proxy forward me the custom port get deleted and forward me to normal https (443) is there a way to make ngnix always add the custom port to the outside world? I would put a different router in there to be honest. Different port should work unless you have incorrect redirects in your site config files
October 26, 20187 yr 3 hours ago, aptalca said: I don't know why or where you're using an .htaccess file but that's likely your issue. You need to pass ports 443 and 80 to the letsencrypt container unaltered. Browser thing is just a cache issue. 301 redirects are permanently cached I was using the .htaccess because I am stupid. Managed to get the root domain to point to my static IP rather than forward the request via the .htaccess file that I was doing before. Everything fine now. Thanks!
October 26, 20187 yr 8 hours ago, aptalca said: I would put a different router in there to be honest. Different port should work unless you have incorrect redirects in your site config files not up to me, the server is located at my friend house (he has 1gb/1gb connection, i got only 100mb/3mb).
October 27, 20187 yr My tale of woe: Followed SpaceinvaderOne's lovely video all the way through, successfully... except I still can't see my site, when trying to navigate to it off my phone (so not on the home WiFi!); am using Namecheap for my domain name. Port forwarding settings / namecheap settings / docker setting screenshots attached. Logs are all fine, letsencrypt below. Can ping all three subdomains (radarr/sonarr/nextcloud) but can't even get into the first two -- I'm aware nextcloud might take more finagling, left that one to last. Any ideas? Quote ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at:https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=America/New_York URL=___REDACTED___ SUBDOMAINS=nextcloud,sonarr,radarr EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=___REDACTED___ STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d nextcloud.___REDACTED___ -d sonarr.___REDACTED___ -d radarr.___REDACTED___ E-mail address entered: ___REDACTED___ http validation is selected Certificate exists; parameters unchanged; attempting renewal <-------------------------------------------------> <-------------------------------------------------> cronjob running on Fri Oct 26 23:10:54 EDT 2018 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/nextcloud.___REDACTED___.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/nextcloud.___REDACTED___/fullchain.pem expires on 2019-01-25 (skipped) No renewals were attempted. No hooks were run. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready
October 27, 20187 yr 10 hours ago, superpsych0 said: My tale of woe: Followed SpaceinvaderOne's lovely video all the way through, successfully... except I still can't see my site, when trying to navigate to it off my phone (so not on the home WiFi!); am using Namecheap for my domain name. Port forwarding settings / namecheap settings / docker setting screenshots attached. Logs are all fine, letsencrypt below. Can ping all three subdomains (radarr/sonarr/nextcloud) but can't even get into the first two -- I'm aware nextcloud might take more finagling, left that one to last. Any ideas? Did you enable the preset proxy confs? Did you create the new network as described in the readme in the proxy conf folder?
October 27, 20187 yr 16 hours ago, syniex said: not up to me, the server is located at my friend house (he has 1gb/1gb connection, i got only 100mb/3mb). We need more info on your setup. Describe where and how you're running the container (friend's or yours?) and how you're trying to access. Also post your site config that's giving you issues
October 28, 20187 yr 10 hours ago, aptalca said: Did you enable the preset proxy confs? Did you create the new network as described in the readme in the proxy conf folder? Yes and yes, as per the video... Ed is really thorough about these things. Like I said, I wanted to get at least Radarr and Sonarr working as I know Nextcloud can be a little more work. Getting worried that my ISP (Rogers in Toronto, Canada) is blocking port 80, that would be a hell of a kick in the nuts! So, the screenshots! And, by the by, thanks for replying... it's appreciated! Edited October 28, 20187 yr by superpsych0
October 28, 20187 yr Yes and yes, as per the video... Ed is really thorough about these things. Like I said, I wanted to get at least Radarr and Sonarr working as I know Nextcloud can be a little more work. Getting worried that my ISP (Rogers in Toronto, Canada) is blocking port 80, that would be a hell of a kick in the nuts! So, the screenshots! [emoji4] And, by the by, thanks for replying... it's appreciated!If you get to server ready, ports shouldn’t be block. To check anyway you can go to canyouseeme and check your ports Also if you haven’t setup http to https redirect you need to put https:// Sent from my iPhone using Tapatalk Pro
October 28, 20187 yr I am already using subdomain "plex.mydomain.com" for ombi because it's easier for my users to remember. So I want to change the reverse proxy domain for plex to be say "plexw". How can I change the "plex.subdomain.conf" in proxy-confs to be "plexw.mydomain.com" instead? EDIT: Solved it by just changing the "plex.*" in the conf to "whatever.*" works like a charm. Edited November 4, 20187 yr by truetype
October 29, 20187 yr Hi, I'm trying to to get calibre-web to reverse proxy. since there is no sample conf file for it in the proxy-confs folder I tried to copy one using the location block I found on the docker page. I really have no experience in this kind of thing. server { listen 443 ssl; server_name books.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location /calibre-web { proxy_pass http://192.168.0.9:8083; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /calibre-web; } } i only ever get the attached nginx page. Any help would be greatly appreciated. Regards, Bilal
October 29, 20187 yr 25 minutes ago, Bilal Yassine said: Hi, I'm trying to to get calibre-web to reverse proxy. since there is no sample conf file for it in the proxy-confs folder I tried to copy one using the location block I found on the docker page. I really have no experience in this kind of thing. server { listen 443 ssl; server_name books.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location /calibre-web { proxy_pass http://192.168.0.9:8083; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /calibre-web; } } I don't use a subdomain but my subfolder setup works and it looks a lot like yours: location /calibre-web { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; proxy_pass http://192.168.1.111:8083; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /calibre-web; } that I put in appdata\letsencrypt\nginx\proxy-confs\calibre-web.subfolder.conf So that looks fine. It seems that you are configuring books.apolo.... but you are also configuring a subfolder. Try https://books.unabolo.net/calibre-web or set your location as root: "location /"
October 29, 20187 yr I've tried searching this threadnought to no avail, but is there a way to have a 2nd domain on the same docker? Eg. everything currently is on domain1.com, with several subdomains, I need to set up www.domain2.org as well, but this seems not possible? Running a 2nd instance of the docker is of little help as the router will port forward all the traffic to the first... Edit: Ignore me I have figured it out. For anyone else finding this, you have to add an extra variable to the docker settings with the key "EXTRA_DOMAINS" (no quotes) and put in the full domain you want a cert for. Edited October 29, 20187 yr by rtho782
October 29, 20187 yr 47 minutes ago, Gog said: I don't use a subdomain but my subfolder setup works and it looks a lot like yours: location /calibre-web { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; proxy_pass http://192.168.1.111:8083; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /calibre-web; } that I put in appdata\letsencrypt\nginx\proxy-confs\calibre-web.subfolder.conf So that looks fine. It seems that you are configuring books.apolo.... but you are also configuring a subfolder. Try https://books.unabolo.net/calibre-web or set your location as root: "location /" wow, thanks so much... it's starting to make sense and seems like such a trivial error. it works now, I decided to change the location from /calibre-web to / just so it stays the same as all my other subdomains.
October 31, 20187 yr My tale of woe: Followed SpaceinvaderOne's lovely video all the way through, successfully... except I still can't see my site, when trying to navigate to it off my phone (so not on the home WiFi!); am using Namecheap for my domain name. Port forwarding settings / namecheap settings / docker setting screenshots attached. Logs are all fine, letsencrypt below. Can ping all three subdomains (radarr/sonarr/nextcloud) but can't even get into the first two -- I'm aware nextcloud might take more finagling, left that one to last. Any ideas? ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at:https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=America/New_York URL=___REDACTED___ SUBDOMAINS=nextcloud,sonarr,radarr EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=___REDACTED___ STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d nextcloud.___REDACTED___ -d sonarr.___REDACTED___ -d radarr.___REDACTED___ E-mail address entered: ___REDACTED___ http validation is selected Certificate exists; parameters unchanged; attempting renewal cronjob running on Fri Oct 26 23:10:54 EDT 2018 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/nextcloud.___REDACTED___.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/nextcloud.___REDACTED___/fullchain.pem expires on 2019-01-25 (skipped) No renewals were attempted. No hooks were run. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready Not sure what brand if router you have but the very first line you have http going from port 80 to 80 then later on you have your let's encrypt forward. I assuming that your router applies forwards from top to bottom that maybe your problem. If not they might blocking port 80. Sent from my BND-L34 using Tapatalk
October 31, 20187 yr 20 hours ago, ijuarez said: Not sure what brand if router you have but the very first line you have http going from port 80 to 80 then later on you have your let's encrypt forward. I assuming that your router applies forwards from top to bottom that maybe your problem. If not they might blocking port 80. Sent from my BND-L34 using Tapatalk Damn good catch, God knows how Cisco interprets "rule is first but is disabled." I'll give it a shot, thanks for taking a look!
November 5, 20187 yr @happyagnostic So I tried that (adding port forward 32400, protocol = TCP) and adding the lines that you wrote. The good news: I can actually open the Plex GUI now, but I just get a page saying: Plex is not reachable. Make sure your server has an internet connection and any firewalls or other programs are set to allow access. So back to square one. (This is when I run it in custom bridge mode - if I run it in host mode, I can at least access my files but still get complaints about not being able to reach Plex and I can't sign in).
November 8, 20187 yr So reading the release notes for Unraid 6.6.4 I see they have integrated nginx and letsencrypt into the OS. What does this mean for your docker? I am using it quite heavily as I have subdomained every app I want to access externally. Is it safe to upgrade? or will it break this oh so useful docker?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.