saarg Posted November 9, 2018 Share Posted November 9, 2018 On 11/8/2018 at 8:15 AM, Squiggley said: So reading the release notes for Unraid 6.6.4 I see they have integrated nginx and letsencrypt into the OS. What does this mean for your docker? I am using it quite heavily as I have subdomained every app I want to access externally. Is it safe to upgrade? or will it break this oh so useful docker? nginx and letsencrypt have been in unraid for some time now. Which version are you on? If you are using port 80 and 443 for the letsencrypt container, you need to change either the container or the webgui of unraid. If you are using any other ports than 80 and 443 for letsencrypt container, you are good to go. Quote Link to comment
rcmpayne Posted November 11, 2018 Share Posted November 11, 2018 Hello All, I have been using letsencrypt nginx for a few years now and all is working fine except for a new entry i added. Ive added a docker for pihole which is using the following. Note: my unraid is on 192.168.0.100. pihole is the first docker to run in custom br0 mode. all other dockers are using host or bridge mode on the same ip ad unraid (.100) Current domains tv,sab,unifi,movies,guac,router,unraid,pihole in nginx i've added a new entry for pihole.domain.com and duplicated a existing nginx config but when i use this address i get a 502 bad gateway. server { ssl_session_cache shared:SSL:10m; ssl_session_timeout 4h; listen 443 ssl http2; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_session_tickets on; root /config/www; index index.html index.htm index.php; server_name pihole.mydomain.com; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!3DES:!ADH:!AECDH:!MD5; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.0.101; } } nginx log for pihole request 2018/11/11 19:17:34 [error] 377#377: *1 connect() failed (113: Host is unreachable) while connecting to upstream, client: 142.xxx.xxx.xxx, server: pihole.mydomain.com, request: "GET / HTTP/2.0", upstream: "http://192.168.0.101:80/admin", host: "pihole.mydomain.com" 2018/11/11 19:17:37 [error] 377#377: *1 connect() failed (113: Host is unreachable) while connecting to upstream, client: 142.xxx.xxx.xxx, server: pihole.mydomain.com, request: "GET /favicon.ico HTTP/2.0", upstream: "http://192.168.0.101:80/adminfavicon.ico", host: "pihole.mydomain.com", referrer: "https://pihole.mydomain.com/" Quote Link to comment
aptalca Posted November 12, 2018 Share Posted November 12, 2018 59 minutes ago, rcmpayne said: Hello All, I have been using letsencrypt nginx for a few years now and all is working fine except for a new entry i added. Ive added a docker for pihole which is using the following. Note: my unraid is on 192.168.0.100. pihole is the first docker to run in custom br0 mode. all other dockers are using host or bridge mode on the same ip ad unraid (.100) Current domains tv,sab,unifi,movies,guac,router,unraid,pihole in nginx i've added a new entry for pihole.domain.com and duplicated a existing nginx config but when i use this address i get a 502 bad gateway. server { ssl_session_cache shared:SSL:10m; ssl_session_timeout 4h; listen 443 ssl http2; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_session_tickets on; root /config/www; index index.html index.htm index.php; server_name pihole.mydomain.com; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!3DES:!ADH:!AECDH:!MD5; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.0.101; } } nginx log for pihole request 2018/11/11 19:17:34 [error] 377#377: *1 connect() failed (113: Host is unreachable) while connecting to upstream, client: 142.xxx.xxx.xxx, server: pihole.mydomain.com, request: "GET / HTTP/2.0", upstream: "http://192.168.0.101:80/admin", host: "pihole.mydomain.com" 2018/11/11 19:17:37 [error] 377#377: *1 connect() failed (113: Host is unreachable) while connecting to upstream, client: 142.xxx.xxx.xxx, server: pihole.mydomain.com, request: "GET /favicon.ico HTTP/2.0", upstream: "http://192.168.0.101:80/adminfavicon.ico", host: "pihole.mydomain.com", referrer: "https://pihole.mydomain.com/" Macvlan prevents access to host so your pihole won't be able to connect to your unraid host or any containers running in bridge or host mode (or vice versa) Quote Link to comment
alturismo Posted November 14, 2018 Share Posted November 14, 2018 Hi, may someone has a hint for me for a reverse setup, i get the following error in chrome dev view data.js:242 WebSocket connection to 'wss://web.mydomain/data/?Token=undefined' failed: Error during WebSocket handshake: Unexpected response code: 404 xTeVe @ data.js:242 toolbarContentscript.js:122 {message: "The message port closed before a response was received."} i tried all kinda several setups from google regarding websocket but im clueless ... may someone has a hint howto setup a reverse proxy here thanks ahead for a hint Quote Link to comment
aptalca Posted November 15, 2018 Share Posted November 15, 2018 7 hours ago, alturismo said: Hi, may someone has a hint for me for a reverse setup, i get the following error in chrome dev view data.js:242 WebSocket connection to 'wss://web.mydomain/data/?Token=undefined' failed: Error during WebSocket handshake: Unexpected response code: 404 xTeVe @ data.js:242 toolbarContentscript.js:122 {message: "The message port closed before a response was received."} i tried all kinda several setups from google regarding websocket but im clueless ... may someone has a hint howto setup a reverse proxy here thanks ahead for a hint What are you trying to proxy? Quote Link to comment
alturismo Posted November 15, 2018 Share Posted November 15, 2018 4 hours ago, aptalca said: What are you trying to proxy? in this case its the xteve webgui, a iptv proxy for plex application. Quote Link to comment
aptalca Posted November 15, 2018 Share Posted November 15, 2018 6 hours ago, alturismo said: in this case its the xteve webgui, a iptv proxy for plex application. See how we handle websocket proxy for unifi, these two lines are key: https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/proxy-confs/unifi.subdomain.conf.sample#L46-L47 Quote Link to comment
alturismo Posted November 15, 2018 Share Posted November 15, 2018 (edited) 7 hours ago, aptalca said: See how we handle websocket proxy for unifi, these two lines are key: https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/proxy-confs/unifi.subdomain.conf.sample#L46-L47 thats what i already found at google but without any luck heres my last config as sample, may i interpret something wrong error from chrome console is WebSocket connection to 'wss://web.mydomain.de/data/?Token=undefined' failed: Error during WebSocket handshake: Unexpected response code: 400 server { listen 443 ssl; root /config/www; index index.html index.htm index.php; server_name web.*; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { # auth_basic off; # allow all; # Allow all to see content # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; proxy_pass http://192.168.1.2:34400/web/; } location /data { ### location /wss { <-- same result include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; proxy_pass http://192.168.1.2:34400/web/; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_ssl_verify off; } } thanks again for trying to help Edited November 15, 2018 by alturismo Quote Link to comment
aptalca Posted November 15, 2018 Share Posted November 15, 2018 3 hours ago, alturismo said: thats what i already found at google but without any luck heres my last config as sample, may i interpret something wrong error from chrome console is WebSocket connection to 'wss://web.mydomain.de/data/?Token=undefined' failed: Error during WebSocket handshake: Unexpected response code: 400 server { listen 443 ssl; root /config/www; index index.html index.htm index.php; server_name web.*; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { # auth_basic off; # allow all; # Allow all to see content # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; proxy_pass http://192.168.1.2:34400/web/; } location /data { ### location /wss { <-- same result include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; proxy_pass http://192.168.1.2:34400/web/; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_ssl_verify off; } } thanks again for trying to help It looks like you're trying to proxy /web through the root domain, and also /web through subfolder /data or /wss and you only added the websocket bits to the /data or /wss subfolder. Does the app actually serve the websockets at subfolder /data or /wss? From the error message, it looks like it doesn't Quote Link to comment
CarlosRojo Posted November 16, 2018 Share Posted November 16, 2018 On 11/17/2016 at 9:09 AM, joachimvadseth said: Ok thanks, but first things first - how do I access the /mnt/user/appdata folder from my mac? A long long time ago I used ubuntu and mounting sshfs was not that big a deal and CLI is not my happiest place to work.. I think I did the following: go to Shares click on appdata, should be on top Go to either AFP or SMB, whichever you have credentials setup on unraid, personally I created the same user in unraid so it matches my user in my macbook and everything seems to be easier anyways, on the Export/Enhanced OS Interoperability i selected both to Yes, And leave the Security as is (Public).. Eject/Disconnect from mounted shares on your mac or better, restart your computer.. when you connect to the network shares you a) should see the appdata share b) be able to open it and open files from within TADA!!"! Quote Link to comment
CarlosRojo Posted November 16, 2018 Share Posted November 16, 2018 On 11/17/2016 at 3:24 AM, joachimvadseth said: Can anyone help me configure and set up sites in Nginx? I got the following docker apps installed: letsencrypt; 1.1.1.3:8833 1.1.1.3:8181 nextcloud: 1.1.1.3:3443 resolved to cloud.domain.com plex: rutorrent: 1.1.1.3:8099 resolved to torrent.domain.com 1.1.1.3:45566 1.1.1.3:8089 1.1.1.3:9527 unifi: 1.1.1.3:8080 resolved to unifi.domain.com 1.1.1.3:8081 1.1.1.3:8443 Quick question, how do you "resolve" the nextcloud, etc. to *cloud.domain.com or cloud.duckdns.org?? what does that "resolved" mean? Plz excuse the question, I'm trying to learn and troubleshooting nextcloud/letsencrypt to be accesible from outside my network.. not successful after so many attempts... Quote Link to comment
tillkrueger Posted November 16, 2018 Share Posted November 16, 2018 (edited) Ok, I am in way over my head here, but after working with the IT at my friend's web-agency in Berlin, where my unRAID server is hosted, we finally got to the point where he set up both an OpenVPN access to my server, that I can use to address most ports, and he also set up a vLAN for the server with a publicly reachable IP on port 80 and 443. I moved port 80 for the WebGUI to another port which only accessible via OpenVPN, but I don't remember now whether I did the same for port 443. Where do I check that, again? Anyway, I just installed the lets encrypt docker, but read that lets encrypt has already been part of the unRAID OS for a few versions, so should I not install this Docker on top of it if I am just now getting started on trying to use my unRAID system to host some websites? Be that as it may, I configured one of my domains to point to the publicly accessible IP of my unRAID server, and entered this domain name into the lets encrypt Docker's config page. The Docker is now running, but when I point my browser to the domain I mapped to the unRAID IP, I get "Safari Can't Connect to the Server" error message. Also, when I try to open the Docker's WebUI, I also get the same error message, although I am not surprised about that, as it tries to open this page at https://10.0.95.2, which is the OpenVPN IP of the server. Since I have no indication of an SSL connection being configured (I can't reach my server at https anything), I am now completely in the dark about where to even start trouble-shooting this rather naive approach at getting unRAID to be reachable via its public IP. Any pointers as to where to start? Since I pointed my domain host's entry for the domain to the IP number only about 45mins ago, could it be something as simple as a DNS propagation issue? What needs to happen before I can open the WebUI page for the Docker at https://10.0.95.2 ? I suppose that the WebUI page will give me the option of pointing to the public_html folder (which I have yet to create), so without that, is there even anything to connect to, for the browser? Edited November 16, 2018 by tillkrueger Quote Link to comment
alturismo Posted November 16, 2018 Share Posted November 16, 2018 20 hours ago, aptalca said: It looks like you're trying to proxy /web through the root domain, and also /web through subfolder /data or /wss and you only added the websocket bits to the /data or /wss subfolder. Does the app actually serve the websockets at subfolder /data or /wss? From the error message, it looks like it doesn't thats something idk, just thought cause in the error i see .../data/... now, when i do setup like this (without the 2nd location server { listen 443 ssl; root /config/www; index index.html index.htm index.php; server_name web.*; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AE..... ### <- cutted so paste is smaller ssl_prefer_server_ciphers on; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; proxy_pass http://192.168.1.2:34400/web/; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_ssl_verify off; } } i get the following error in browser 400 Bad Request: too many Host headers from console Quote Link to comment
tillkrueger Posted November 16, 2018 Share Posted November 16, 2018 Ok, in the settings page of the docker I saw that the "http:" and "https:" fields were empty...I had thought they auto-populate with the default ports, which obviously isn't the case. After entering 80 and 443, I can now see the default index.html page in the docker's www folder. So, since the www folder is inside appdata, which is on my Cache drive, how can I remap www to my protected array which has vastly more space? I tried moving the www folder to it and creating an alias inside the letsencrypt folder via the Mac OS Finder, but it won't let me...always complains that it already exists. What's the proper way of accomplishing hosting the www folder on the array? Quote Link to comment
tillkrueger Posted November 17, 2018 Share Posted November 17, 2018 and to pile even further on top of the questions I already asked, is there some sort of WebGUI that I can install fairly easily that lets me administer the web functionality of the nginx part of the letsencrypt docker? something like webadmin or maybe even Vesta (https://vestacp.com)? not being a Linux guy and knowing very little about how to use Terminal effectively, it would have to be something really easy to install, so that I *don't* have to rely on Terminal to administer the webserver. also, is PHP already a part of this docker or do I need to install something else to get PHP functionality, and if so, what and how? sine this discussion is already 103 pages long and contains dozens and dozens of ongoing issues various users are trying to figure out, would I be better off starting a new topic in one of the other forums, maybe? I have a feeling that come tomorrow, all my questions will have faded into the "distant" past. So what's the best way for a nginx/letsencrypt noob to get up and running properly? Quote Link to comment
scud133b Posted November 17, 2018 Share Posted November 17, 2018 (edited) I'm still stuck trying to provision the certificate. Getting the exact "timed out" error that @SpaceInvaderOne says is most likely caused by firewall issues. I've set the port forwarding in my router exactly how @SpaceInvaderOne describes in his tutorial, and I have the Let'sEncrypt container config set to the same ports: https://imgur.com/a/6fvhKWy I'm using the duckdns container and I've already confirmed that it has been updating correctly. Any ideas where to start troubleshooting this? Edited November 17, 2018 by scud133b Quote Link to comment
SpaceInvaderOne Posted November 17, 2018 Share Posted November 17, 2018 1 hour ago, scud133b said: I'm still stuck trying to provision the certificate. Getting the exact "timed out" error that @SpaceInvaderOne says is most likely caused by firewall issues. I've set the port forwarding in my router exactly how @SpaceInvaderOne describes in his tutorial, and I have the Let'sEncrypt container config set to the same ports: https://imgur.com/a/6fvhKWy I'm using the duckdns container and I've already confirmed that it has been updating correctly. Any ideas where to start troubleshooting this? Probably the problem is due to your isp blocking port 80, which some do. Because of this HTTP authentification will fail. But you can work around this but you will need to buy your own domain. Then sign up for a free Cloudflare account and add your domain to it You would point your own subdomains (using cname) to your duck DNS (example nextcloud. sonarr. radarr. yourdomain.com to myserver.duckdns.org) When this is set up you would then change the template for lets encrypt to use DNS authentification and Cloudflare like this. Then you will need to goto your appdata share then letsencrypt and the folder dns-config Here you will find a file called cloudflare.ini in this file you will need to put your email address which you used to sign up for cloudflare and also your cloudflare api key. Once you have done this, restart lets encrypt and it will validate and generate the certs that you need. Hope that helps. Quote Link to comment
aptalca Posted November 17, 2018 Share Posted November 17, 2018 23 hours ago, tillkrueger said: Ok, in the settings page of the docker I saw that the "http:" and "https:" fields were empty...I had thought they auto-populate with the default ports, which obviously isn't the case. After entering 80 and 443, I can now see the default index.html page in the docker's www folder. So, since the www folder is inside appdata, which is on my Cache drive, how can I remap www to my protected array which has vastly more space? I tried moving the www folder to it and creating an alias inside the letsencrypt folder via the Mac OS Finder, but it won't let me...always complains that it already exists. What's the proper way of accomplishing hosting the www folder on the array? Symlink to the array won't work because inside the container, nginx won't be able to follow that link to the array. Easiest way is to map another location to the container, one that resides on the array, and use that location in the root directive in the nginx site config Quote Link to comment
aptalca Posted November 17, 2018 Share Posted November 17, 2018 3 hours ago, SpaceInvaderOne said: Probably the problem is due to your isp blocking port 80, which some do. Because of this HTTP authentification will fail. But you can work around this but you will need to buy your own domain. Then sign up for a free Cloudflare account and add your domain to it You would point your own subdomains (using cname) to your duck DNS (example nextcloud. sonarr. radarr. yourdomain.com to myserver.duckdns.org) When this is set up you would then change the template for lets encrypt to use DNS authentification and Cloudflare like this. Then you will need to goto your appdata share then letsencrypt and the folder dns-config Here you will find a file called cloudflare.ini in this file you will need to put your email address which you used to sign up for cloudflare and also your cloudflare api key. Once you have done this, restart lets encrypt and it will validate and generate the certs that you need. Hope that helps. That was accurate until yesterday 😉 We just pushed a new build that supports dns validated wildcard certs with duckdns. It requires VALIDATION set to duckdns and a new environment variable added for the duckdns token. There is one big limitation though. The cert will only cover the sub-subdomains such as *.yoursubdomain.duckdns.org but it won't cover yoursubdomain.duckdns.org So if you want to use reverse proxies with the subfolder method, you would do it with a sub-subdomain like www.yoursubdomain.duckdns.org/nextcloud Details are also included in the image description on both github and docker hub 1 Quote Link to comment
scud133b Posted November 17, 2018 Share Posted November 17, 2018 3 hours ago, SpaceInvaderOne said: Probably the problem is due to your isp blocking port 80, which some do. Because of this HTTP authentification will fail. But you can work around this but you will need to buy your own domain. Then sign up for a free Cloudflare account and add your domain to it You would point your own subdomains (using cname) to your duck DNS (example nextcloud. sonarr. radarr. yourdomain.com to myserver.duckdns.org) When this is set up you would then change the template for lets encrypt to use DNS authentification and Cloudflare like this. Then you will need to goto your appdata share then letsencrypt and the folder dns-config Here you will find a file called cloudflare.ini in this file you will need to put your email address which you used to sign up for cloudflare and also your cloudflare api key. Once you have done this, restart lets encrypt and it will validate and generate the certs that you need. Hope that helps. Worked for generating the certificate. Thanks! Now just trying to get the reverse proxy to nextcloud working (whch it's not, still timing out). I edited the nginx config files in let's encrypt, and the config.php file in nextcloud, and I'm still getting a timeout error when trying to connect through my subdomain. Quote Link to comment
aptalca Posted November 17, 2018 Share Posted November 17, 2018 7 hours ago, tillkrueger said: and to pile even further on top of the questions I already asked, is there some sort of WebGUI that I can install fairly easily that lets me administer the web functionality of the nginx part of the letsencrypt docker? something like webadmin or maybe even Vesta (https://vestacp.com)? not being a Linux guy and knowing very little about how to use Terminal effectively, it would have to be something really easy to install, so that I *don't* have to rely on Terminal to administer the webserver. also, is PHP already a part of this docker or do I need to install something else to get PHP functionality, and if so, what and how? sine this discussion is already 103 pages long and contains dozens and dozens of ongoing issues various users are trying to figure out, would I be better off starting a new topic in one of the other forums, maybe? I have a feeling that come tomorrow, all my questions will have faded into the "distant" past. So what's the best way for a nginx/letsencrypt noob to get up and running properly? Not aware of a gui based management system. It's unlikely that one would work for our image since we changed the locations of a lot of the config files so they are in the appdata folder. You don't really have to use terminal or Linux since all the necessary files are in the appdata folder. You can edit them with notepad++ on windows or any decent file editor on mac. Restart the container for changes to take effect. Quote Link to comment
tillkrueger Posted November 17, 2018 Share Posted November 17, 2018 (edited) hm, ok, thanks for letting me know aptalca. If I still have you attention, could you tell me the easiest way to move the www folder out of appdata/letsencrypt and onto my array, where I have the necessary space to host all of my sites? I tried moving it and then dragging an alias back into it via the Mac Finder, but I get an error every time that such a folder already exists (even though I had moved it out of there and cannot see an alias or folder by the name of www). *never mind*, just saw your post pertaining to that question! Edited November 17, 2018 by tillkrueger Quote Link to comment
alturismo Posted November 18, 2018 Share Posted November 18, 2018 On 11/16/2018 at 12:58 AM, aptalca said: It looks like you're trying to proxy /web through the root domain, and also /web through subfolder /data or /wss and you only added the websocket bits to the /data or /wss subfolder. Does the app actually serve the websockets at subfolder /data or /wss? From the error message, it looks like it doesn't after some more reading i assume its not so easy for apps in golang behind a nginx reverse proxy, thanks for trying. Quote Link to comment
Jclendineng Posted November 21, 2018 Share Posted November 21, 2018 Was NGINX compiled with openssl? I am adding TLSv1.3 to my server but it does not seem to be working properly. Trying to narrow down the cause. I know it is still very new, but I am testing it for something. Thanks for any input! Quote Link to comment
saarg Posted November 22, 2018 Share Posted November 22, 2018 16 hours ago, Jclendineng said: Was NGINX compiled with openssl? I am adding TLSv1.3 to my server but it does not seem to be working properly. Trying to narrow down the cause. I know it is still very new, but I am testing it for something. Thanks for any input! If I remember correctly it's alpine based, so then we use libressl. Alpine deprecated openssl some releases ago. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.