hernandito Posted May 4, 2019 Share Posted May 4, 2019 (edited) Hi Guys, I need a little guidance.... I am almost there.... but there is a little bit of a struggle w/ NGINX's page serving... I have Goggled and nothing has helped. First Issue So, reverse proxies are working great. I have my own qualified domain and all external traffic get routed properly. I also have a personal web site for my private use, which I want to password protect when accessing it from the outside via domain name. The web site is stored in the \appdata\letsencrypt\www\personalwebsite folder. In my defaults file I have added the below code the bottom of the block: # main server block server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; root /config/www; index index.html index.htm index.php; server_name nandito.com; # enable subfolder method reverse proxy confs include /config/nginx/proxy-confs/*.subfolder.conf; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; # enable for ldap auth #include /config/nginx/ldap.conf; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } location ~^/personalwebsite/.* { try_files $uri $uri/ /index.html /index.php?$args =404; auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; } So this has properly password protected when acessing from the internet...: https://MyDomainName.com/personalwebsite but it has ALSO protected it when using it internally.... https://192.168.0.200/personalwebsite Is there a way to not require the password if accessing it internally? Second Issue I own 2 fully qualified domain names. I am only able to certify one of them... in the docker config, I have tried: Docker Name: FirstDomainName.com;SecondDomainName.com Subdomains: www, and Docker Name: FirstDomainName.com Subdomains: www,SecondDomainName.com Neither of these options creates the certificate for the second domain. Is there a way to fix? Once fixed, I will attempt giving the second domain its own folder.... but I don't know where to store this folder... /config/www2? and add a new non-default server block? Thank you guys.... for ages I have been trying to migrate to LE/NGINX... I resolved the php issues by changing some of the php callouts to a MariaDB database. I feel like I have been alone on a small deserted island and I now I am swimming to the shore to join the rest of the world! H. Edited May 4, 2019 by hernandito Quote Link to comment
aptalca Posted May 4, 2019 Share Posted May 4, 2019 1 hour ago, hernandito said: Hi Guys, I need a little guidance.... I am almost there.... but there is a little bit of a struggle w/ NGINX's page serving... I have Goggled and nothing has helped. First Issue So, reverse proxies are working great. I have my own qualified domain and all external traffic get routed properly. I also have a personal web site for my private use, which I want to password protect when accessing it from the outside via domain name. The web site is stored in the \appdata\letsencrypt\www\personalwebsite folder. In my defaults file I have added the below code the bottom of the block: # main server block server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; root /config/www; index index.html index.htm index.php; server_name hernandito.com; # enable subfolder method reverse proxy confs include /config/nginx/proxy-confs/*.subfolder.conf; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; # enable for ldap auth #include /config/nginx/ldap.conf; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } location ~^/personalwebsite/.* { try_files $uri $uri/ /index.html /index.php?$args =404; auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; } So this has properly password protected when acessing from the internet...: https://MyDomainName.com/personalwebsite but it has ALSO protected it when using it internally.... https://192.168.0.200/personalwebsite Is there a way to not require the password if accessing it internally? Second Issue I own 2 fully qualified domain names. I am only able to certify one of them... in the docker config, I have tried: Docker Name: FirstDomainName.com;SecondDomainName.com Subdomains: www, and Docker Name: FirstDomainName.com Subdomains: www,SecondDomainName.com Neither of these options creates the certificate for the second domain. Is there a way to fix? Once fixed, I will attempt giving the second domain its own folder.... but I don't know where to store this folder... /config/www2? and add a new non-default server block? Thank you guys.... for ages I have been trying to migrate to LE/NGINX... I resolved the php issues by changing some of the php callouts to a MariaDB database. I feel like I have been alone on a small deserted island and I now I am swimming to the shore to join the rest of the world! H. Use the extra domains variable for the second domain Quote Link to comment
hernandito Posted May 4, 2019 Share Posted May 4, 2019 (edited) 4 hours ago, aptalca said: Use the extra domains variable for the second domain Thank you.... EDITED - created the variable and it worked perfectly. Now, can anyone help on my first issue? thanks!!! h. Edited May 4, 2019 by hernandito Quote Link to comment
gacpac Posted May 7, 2019 Share Posted May 7, 2019 I'm wondering. I have a domain but also want to use duckdns.org as my other domain. Is it possible to certify 2 domains, if so. How can I do it? Quote Link to comment
saarg Posted May 7, 2019 Share Posted May 7, 2019 6 hours ago, gacpac said: I'm wondering. I have a domain but also want to use duckdns.org as my other domain. Is it possible to certify 2 domains, if so. How can I do it? You can add it as an extra domain. Read the Readme in the githublink in the first post. 1 Quote Link to comment
Draco Posted May 7, 2019 Share Posted May 7, 2019 Hi There, I have done a bunch of searching here and elsewhere and can't seem to find an answer on this. 1. I have OpenVPN AS setup in a docker with ports 943 Web and 9443 TCP VPN port open 2. I am looking to use letsencrypt to redirect 443 for domain vpn.duckdns.org to local server 192.168.1.5:9443 for vpn connections Does anyone have any idea how i would set this up in the letsencrypt docker. Reason for this is work is blocking anything but HTTP/HTTPS so need to be accessing on one of these open ports. Help would greatly be appreciated. Thanks! 1 Quote Link to comment
gacpac Posted May 7, 2019 Share Posted May 7, 2019 Hi There, I have done a bunch of searching here and elsewhere and can't seem to find an answer on this. 1. I have OpenVPN AS setup in a docker with ports 943 Web and 9443 TCP VPN port open 2. I am looking to use letsencrypt to redirect 443 for domain vpn.duckdns.org to local server 192.168.1.5:9443 for vpn connections Does anyone have any idea how i would set this up in the letsencrypt docker. Reason for this is work is blocking anything but HTTP/HTTPS so need to be accessing on one of these open ports. Help would greatly be appreciated. Thanks!I'll like to know for future deployments too. I was able to get les encrypt forwarding the address without the port, but this port needs to be open regardless [emoji17]Sent from my Pixel 2 XL using Tapatalk Quote Link to comment
gacpac Posted May 7, 2019 Share Posted May 7, 2019 You can add it as an extra domain. Read the Readme in the githublink in the first post.ThanksSent from my Pixel 2 XL using Tapatalk Quote Link to comment
aptalca Posted May 7, 2019 Share Posted May 7, 2019 1 hour ago, Draco said: Hi There, I have done a bunch of searching here and elsewhere and can't seem to find an answer on this. 1. I have OpenVPN AS setup in a docker with ports 943 Web and 9443 TCP VPN port open 2. I am looking to use letsencrypt to redirect 443 for domain vpn.duckdns.org to local server 192.168.1.5:9443 for vpn connections Does anyone have any idea how i would set this up in the letsencrypt docker. Reason for this is work is blocking anything but HTTP/HTTPS so need to be accessing on one of these open ports. Help would greatly be appreciated. Thanks! Google nginx tcp stream proxy. It's very easy and straightforward. Quote Link to comment
crabsticks Posted May 7, 2019 Share Posted May 7, 2019 I have let's encrypt working well with the pre configured dockers like sonarr, deluge etc but I would like to add rdp-calibre and/or cops ebook servers to the reverse proxy and in all honesty I haven't got a clue how... I've tried renaming and editing some of the existing examples but they don't seem to work.. I'm using my own domain name. Quote Link to comment
aaronhong13 Posted May 8, 2019 Share Posted May 8, 2019 (edited) Alright so I woke up to this error. nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /config/nginx/site-confs/default:9 Strange, since I haven't changed anything. So I remove the "default_server" part in line 9 and then I get the following issue below. Tried new install and get the same issues. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') Edited May 8, 2019 by aaronhong13 Added more information 1 Quote Link to comment
ulTimaS Posted May 8, 2019 Share Posted May 8, 2019 (edited) 8 hours ago, aaronhong13 said: Alright so I woke up to this error. nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /config/nginx/site-confs/default:9 Strange, since I haven't changed anything. So I remove the "default_server" part in line 9 and then I get the following issue below. Tried new install and get the same issues. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') Same here, could it be a faulty update? I've reverted back to linuxserver/letsencrypt:0.34.1-ls25 and it works like normal again. Edited May 8, 2019 by ulTimaS Quote Link to comment
capino Posted May 8, 2019 Share Posted May 8, 2019 4 hours ago, aaronhong13 said: Alright so I woke up to this error. nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /config/nginx/site-confs/default:9 Strange, since I haven't changed anything. So I remove the "default_server" part in line 9 and then I get the following issue below. Tried new install and get the same issues. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') Same problem here Quote Link to comment
Draic Posted May 8, 2019 Share Posted May 8, 2019 (edited) 4 hours ago, capino said: Same problem here and here. I rolled back a version. Just change the repository entry to "linuxserver/letsencrypt:0.34.1-ls25" until an update with a fix is here. Edited May 8, 2019 by Draic Quote Link to comment
aptalca Posted May 8, 2019 Share Posted May 8, 2019 I can't reproduce the error. Please list the reverse proxy configs you enabled or any specific changes you made to your nginx or site configs Quote Link to comment
chalk Posted May 8, 2019 Share Posted May 8, 2019 2 hours ago, Draic said: and here. I rolled back a version. Just change the repository entry to "linuxserver/letsencrypt:0.34.1-ls25" until an update with a fix is here. I also woke up to this issue. Rolled back and everything is working fine. Quote Link to comment
ijuarez Posted May 8, 2019 Share Posted May 8, 2019 (edited) 47 minutes ago, aptalca said: I can't reproduce the error. Please list the reverse proxy configs you enabled or any specific changes you made to your nginx or site configs sonarr, radarr, nextcloud, tautulli, unifi (not docker pointing to vm), taisun, guacamole, jackett. I can access my dockers via the proxy Edited May 8, 2019 by ijuarez added info Quote Link to comment
nadbmal Posted May 8, 2019 Share Posted May 8, 2019 (edited) I can't rollback to an older working version, I put linuxserver/letsencrypt:0.34.1-ls25 into the Repository field but I just get: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='bridge' --privileged=true -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'EMAIL'='(redacted)' -e 'URL'='(redacted).duckdns.org' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'SUBDOMAINS'='www,' -e 'PUID'='99' -e 'PGID'='100' -p '43666:80/tcp' -p '43667:443/tcp' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' 'linuxserver/letsencrypt:0.34.1-ls25' /usr/bin/docker: invalid reference format. See '/usr/bin/docker run --help'. The command failed. Anyone else or is it something on my end? EDIT: I fixed it by reverting to an even older version: linuxserver/letsencrypt:0.34.0-ls24 I got the version number from here: https://github.com/linuxserver/docker-letsencrypt/releases Edited May 8, 2019 by nadbmal Quote Link to comment
aptalca Posted May 8, 2019 Share Posted May 8, 2019 Reproduced them. There are two separate issues. The issue of nginx not starting is fixed in the next update. Still looking into the luajit error, but it seems to only affect lua, nothing else. 1 Quote Link to comment
aaronhong13 Posted May 8, 2019 Share Posted May 8, 2019 4 hours ago, aptalca said: I can't reproduce the error. Please list the reverse proxy configs you enabled or any specific changes you made to your nginx or site configs Unraid Version: 6.7.0-rc8 Latest docker build. All my configurations live in the default file found below. ```https://pastebin.com/CzAZ0ELM``` Quote Link to comment
ceyoung75 Posted May 8, 2019 Share Posted May 8, 2019 ok, i need some help. I have letsencrypt working fine. It works with plex and is in dns mode due to my ISP. I want to be able to get it to work with binhex-jacket but any configuration i try within letsencrypt just gives me an error 500. Now i understand that i won't be able to access the gui from my domain but my real goal is to replace the 192.168 address for the torznab feeds with my domain. aka domain.com:8446/torznap.... can anyone help me try to figure this out? Quote Link to comment
darrenyorston Posted May 9, 2019 Share Posted May 9, 2019 Hello. I am trying to setup letsencrypt following spaceinvaderone's video. However, I cannot get letsencrypt to verify. I am utilise an Ubiquiti USG as my router. I have set port forwarding in the the controller (running in a docker container) for port 80 to 180 and 443 to 1443 following spaceinvaderone's recommendation. According to the controller the port forwarding is working. I have set the same ports in the container template and added my own domain name and the subdomain. I have edited the DNS settings in my domain provider adding a new CNAME "nextcloud" with the value set to my dynamic IP address with no-ip. I am getting the message "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container" I have gone over my settings quite a few times but cannot see what I have done wrong. Could someone offer advice? I have noted in no-ip's control panel that the dynamic DNS is not configured/detected for the subdomain. I dont know if this is the problem. It is showing the correct IP target though. I have dynamic DNS set in the unifi controller to my host name, but not to the second hostname listed in the dashboard. The unifi controller wont allow me to set two dynamic DNS etries to the same service. Quote Link to comment
gurulee Posted May 9, 2019 Share Posted May 9, 2019 On 5/8/2019 at 1:04 PM, aptalca said: Reproduced them. There are two separate issues. The issue of nginx not starting is fixed in the next update. Still looking into the luajit error, but it seems to only affect lua, nothing else. I am also seeing this error and I am on unraid 6.6.7 and just use Ombi site-conf file. All appears to be working though, but I am concerned about performance and security. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: Quote Link to comment
ijuarez Posted May 9, 2019 Share Posted May 9, 2019 Reproduced them. There are two separate issues. The issue of nginx not starting is fixed in the next update. Still looking into the luajit error, but it seems to only affect lua, nothing else.Just curious what's Lua?Sent from my SM-N960U using Tapatalk Quote Link to comment
aptalca Posted May 10, 2019 Share Posted May 10, 2019 1 hour ago, ijuarez said: Just curious what's Lua? Sent from my SM-N960U using Tapatalk A programming language Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.