Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

Hello everyone, I was wandering if there was a tutorial on how to install and run a wordpress site using the lextsencrypt container? i am already using it as reverse proxy on sub-domains now but want to host the main domain i own. i am new to the unraid community but am really enjoying the software, great job!!! any help would be appreciated. 

 

Thanks

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

On 11/22/2018 at 4:18 PM, crgcputech79 said:

Hello everyone, I was wandering if there was a tutorial on how to install and run a wordpress site using the lextsencrypt container? i am already using it as reverse proxy on sub-domains now but want to host the main domain i own. i am new to the unraid community but am really enjoying the software, great job!!! any help would be appreciated. 

 

Thanks

No need for a tutorial. Download the wordpress files into the www folder and navigate to the configuration page. Follow the steps on the wordpress website

Thanks, i got it figured out, im a noob is all lol i have been using the lets encrypt docker for about 2 weeks and it is the ticket. awesome stuff

 

Edited by crgcputech79

Suddenly my configuration is not working. I use this to connect to my Home Assistant from outside my home network. I didn't make any changes and the only thing recently did was to update this container to the latest version.

 

Anyone can help me out to figure out this issue?

 

Here is the log file:

 

<------------------------------------------------->
cronjob running on Sun Nov 25 21:48:37 CST 2018
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/xx.my.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Running pre-hook command: if ps aux | grep [n]ginx: > /dev/null; then s6-svc -d /var/run/s6/services/nginx; fi
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for xx.my.duckdns.org
http-01 challenge for yy.my.duckdns.org
Performing the following challenges:
http-01 challenge for xx.my.duckdns.org
http-01 challenge for yy.my.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (xx.my.duckdns.org) from /etc/letsencrypt/renewal/xx.myduckdns.org.conf produced an unexpected error: Failed authorization procedure. xx.my.duckdns.org (http-01): urn: ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://xx.my.duckdns.org/.well-known/acme-challenge/[tokencode]: Timeout during connect (likely firewall problem), yy.my.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://yy.my.duckdns.org/.well-known/acme-challenge/[tokencode]: Timeout during connect (likely firewall problem). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/xx.my.duckdns.org/fullchain.pem (failure)

 


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/xx.test.duckdns.org/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Running post-hook command: if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && sleep 1 && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem
Hook command "if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && sleep 1 && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem" returned error code 1
Error output from if:

 

cat: {privkey,fullchain}.pem: No such file or directory

42 minutes ago, stlrox said:

Suddenly my configuration is not working. I use this to connect to my Home Assistant from outside my home network. I didn't make any changes and the only thing recently did was to update this container to the latest version.

 

Anyone can help me out to figure out this issue?

 

Here is the log file:

 

<------------------------------------------------->
cronjob running on Sun Nov 25 21:48:37 CST 2018
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/xx.my.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Running pre-hook command: if ps aux | grep [n]ginx: > /dev/null; then s6-svc -d /var/run/s6/services/nginx; fi
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for xx.my.duckdns.org
http-01 challenge for yy.my.duckdns.org
Performing the following challenges:
http-01 challenge for xx.my.duckdns.org
http-01 challenge for yy.my.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (xx.my.duckdns.org) from /etc/letsencrypt/renewal/xx.myduckdns.org.conf produced an unexpected error: Failed authorization procedure. xx.my.duckdns.org (http-01): urn: ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://xx.my.duckdns.org/.well-known/acme-challenge/[tokencode]: Timeout during connect (likely firewall problem), yy.my.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://yy.my.duckdns.org/.well-known/acme-challenge/[tokencode]: Timeout during connect (likely firewall problem). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/xx.my.duckdns.org/fullchain.pem (failure)

 


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/xx.test.duckdns.org/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Running post-hook command: if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && sleep 1 && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem
Hook command "if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && sleep 1 && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem" returned error code 1
Error output from if:

 

cat: {privkey,fullchain}.pem: No such file or directory

Either your ip on duckdns is wrong, or your port forwarding for 80 is wrong (or your isp blocks port 80)

6 minutes ago, aptalca said:

Either your ip on duckdns is wrong, or your port forwarding for 80 is wrong (or your isp blocks port 80)

I have Duckdns container and it's running to update any changes to IP address. Also verified IP address from my router to the IP address at the duckdns page and they both match. 

 

And my ISP doesn't block port 80.

 

This issue happening since last week and the only thing that was changed was an update to this container.

8 hours ago, stlrox said:

I have Duckdns container and it's running to update any changes to IP address. Also verified IP address from my router to the IP address at the duckdns page and they both match. 

 

And my ISP doesn't block port 80.

 

This issue happening since last week and the only thing that was changed was an update to this container.

Actually, it was something you did within the last 2-3 months. The update only caused a forced validation due to expiring certs, and that process failed. 

 

Check your port forwarding on your router

14 hours ago, aptalca said:

Actually, it was something you did within the last 2-3 months. The update only caused a forced validation due to expiring certs, and that process failed. 

 

Check your port forwarding on your router

Is there any way to renew from the command line?

 

Earlier I used Letsencrypt along with Home Assistant on Raspberry Pi and every three months I used to renew Letsencrypt certs manually.

2 hours ago, stlrox said:

Is there any way to renew from the command line?

 

Earlier I used Letsencrypt along with Home Assistant on Raspberry Pi and every three months I used to renew Letsencrypt certs manually.

We don't support that

Hi, I was wondering if anyone knows if it's possible to use the reverse proxy aspect of this docker to open a webpage hosted on a VM in unraid. so, for example, say I hosted a website or installed GitLab in a VM would I be able to reverse proxy to it with a subdomain. (not sure if i'm explaining this correctly. this field is really not my element of study)

 

Regards,

Bilal Yassine

4 hours ago, Bilal Yassine said:

Hi, I was wondering if anyone knows if it's possible to use the reverse proxy aspect of this docker to open a webpage hosted on a VM in unraid. so, for example, say I hosted a website or installed GitLab in a VM would I be able to reverse proxy to it with a subdomain. (not sure if i'm explaining this correctly. this field is really not my element of study)

 

Regards,

Bilal Yassine

Sure, you just use the ip of the vm in the proxy_pass directive

16 minutes ago, aptalca said:

Sure, you just use the ip of the vm in the proxy_pass directive

cool thanks I will give it a shot. as a side question. if I had something running on a raspberry pi so obviously not on my unraid box could I do the same thing to have reverse proxy working for it or is this docker just for things running on unraid?

3 hours ago, Bilal Yassine said:

cool thanks I will give it a shot. as a side question. if I had something running on a raspberry pi so obviously not on my unraid box could I do the same thing to have reverse proxy working for it or is this docker just for things running on unraid?

No, you can reverse proxy anything through the ip address.

16 hours ago, aptalca said:

No, you can reverse proxy anything through the ip address.

fantastic thanks for the help.

Is there any tutorial on how to setup "something" with this docker?

I have been reading a little bit but there are 104 pages and I'm not and IT pro.

 

Oh, thanks, I just watch it and followed it but I'm stuck when I try to change my dockers to the "proxynet" network. previously they were "custom:bro" or "bridge"

 

I get an error like this
 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='Radarr' --net='proxynet' --ip='192.168.1.205' --cpuset-cpus='4,6,5,7' -e TZ="Europe/Paris" -e HOST_OS="Unraid" -e 'PUID'='99' -e 'PGID'='100' -p '7878:7878/tcp' -v '/mnt/user/Storage/Downloads/':'/downloads':'rw' -v '/mnt/user/Storage/Movies/':'/movies':'rw' -v '/mnt/user/Docker/Radarr':'/config':'rw' 'linuxserver/radarr'

c034520ca18928484bd0140c2cc31100864be179d22fdcee0f7c8fd761191cc1
/usr/bin/docker: Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets.

how can I fix it?

 

When I dont place a fix IP and I just let fix IP address empty and network type "custom: proxynet" I get this

imagen.png.c24e147ed38594841701f1f930bdbb5a.png

There is nothing in port mappings so it doesn't work either

 

Then is possible to do the same with a webserver that I have in a virtual machine o unraid?

 

 

Edited by L0rdRaiden

34 minutes ago, L0rdRaiden said:

 

Oh, thanks, I just watch it and followed it but I'm stuck when I try to change my dockers to the "proxynet" network. previously they were "custom:bro" or "bridge"

 

I get an error like this
 


root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='Radarr' --net='proxynet' --ip='192.168.1.205' --cpuset-cpus='4,6,5,7' -e TZ="Europe/Paris" -e HOST_OS="Unraid" -e 'PUID'='99' -e 'PGID'='100' -p '7878:7878/tcp' -v '/mnt/user/Storage/Downloads/':'/downloads':'rw' -v '/mnt/user/Storage/Movies/':'/movies':'rw' -v '/mnt/user/Docker/Radarr':'/config':'rw' 'linuxserver/radarr'

c034520ca18928484bd0140c2cc31100864be179d22fdcee0f7c8fd761191cc1
/usr/bin/docker: Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets.

how can I fix it?

 

When I dont place a fix IP and I just let fix IP address empty and network type "custom: proxynet" I get this

imagen.png.c24e147ed38594841701f1f930bdbb5a.png

There is nothing in port mappings so it doesn't work either

 

Then is possible to do the same with a webserver that I have in a virtual machine o unraid?

 

 

First set it to the regular bridge and set up your port forwards if you like. Save and exit. Go into the container settings one more time, change it to proxynet, don't enter an ip and hit save. 

 

Unraid doesn't recognize your proxynet as a custom bridge network (assumes it is macvlan) so if you try to change port mappings after selecting proxynet, unraid won't do it properly.

59 minutes ago, aptalca said:

First set it to the regular bridge and set up your port forwards if you like. Save and exit. Go into the container settings one more time, change it to proxynet, don't enter an ip and hit save. 

 

Unraid doesn't recognize your proxynet as a custom bridge network (assumes it is macvlan) so if you try to change port mappings after selecting proxynet, unraid won't do it properly.

Thanks it works now :)

The only issue is that my docker container has a capital leter "Netdata" and only works if I call it "netdata" instead. In the nginx conf file doesn't make any difference if I call it "Netdata"

Quote

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_netdata Netdata;
        proxy_pass http://$upstream_netdata:19999;

It doesn't bother me a lot but it is possible to have a capital letter in the docker name and change the conf file accordingly?

Edited by L0rdRaiden

4 hours ago, L0rdRaiden said:

Thanks it works now :)

The only issue is that my docker container has a capital leter "Netdata" and only works if I call it "netdata" instead. In the nginx conf file doesn't make any difference if I call it "Netdata"

It doesn't bother me a lot but it is possible to have a capital letter in the docker name and change the conf file accordingly?

That's a dns hostname resolution thing. Not nginx's fault. Use all lowercase in container names or define a network alias for the container

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.