Toobie Posted August 7, 2019 Share Posted August 7, 2019 (edited) 15 minutes ago, unMaxe said: Yes I took that into account, my configuration works fine with 443. I had also refer spaceinvaders trutorial :)) I only change port in nextcloud.conf from 443 ssl to 53444 ssl, and router config outside port 443 to 53444, all other config are the same. Router seems not the problem because I get on my web-request to the ngix proxy. Ok than but I also think you are in the wrong config file. My nextcloud installation is on port 444 - my config (the same you posted above) is still with port 443. You may change the port in the docker configuration / unraid webgui ? Edited August 7, 2019 by Toobie Quote Link to comment
aptalca Posted August 7, 2019 Share Posted August 7, 2019 4 hours ago, unMaxe said: Hello, works great but now i want to configure reserve proxy with a specific ssl port (standard ssl 443 works fine) for nextcloud. I tried to change the port in nextcloud.conf but then i get 403 Forbidden nginx/1.16.0 error, what I do wrong? Thank you very much in advance. Router is configured with this port. Standard ssl (443) works. server { listen 53444 ssl; listen [::]:53444 ssl; server_name cloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:443; } } Take a step back. What exactly are you trying to achieve? Are you trying to be able to access nextcloud at https://yourdomain.com:53444 ? Quote Link to comment
unMaxe Posted August 7, 2019 Share Posted August 7, 2019 6 hours ago, aptalca said: Take a step back. What exactly are you trying to achieve? Are you trying to be able to access nextcloud at https://yourdomain.com:53444 ? Correct, that what I try. Quote Link to comment
aptalca Posted August 7, 2019 Share Posted August 7, 2019 1 hour ago, unMaxe said: Correct, that what I try. Did you forward port 53444 on your router to port 53444 on unraid and also map port 53444 to port 53444 in container settings? Quote Link to comment
unMaxe Posted August 7, 2019 Share Posted August 7, 2019 (edited) For standard ssl 443 port (which works): port 443 (internet) => 443 to 1621 (router) => ngnix (letsencrypt) "listen 443 ssl" map to nextcloud docker My dream : port 51123 (internet) => 51123 to 1621 (router) => ngnix (letsencrypt) "listen 51123 ssl" map to nextcloud docker. I change opposite the other solution above only the nextcloud.subdomain.conf (letsencrypt docker) row "listen 51123 ssl" But I try some different settings. Now I could narrow the problem a litte bit. Problem is the nextcloud "ngnix" settings not letsencrypt docker. I tested to forward port 51123 directly (without reserve proxy (letsencrypt docker) ) to nextcloud => same error: "403 Forbidden nginx/1.16.0" ... so its an config issue in nextcloud docker but where I should config that, I am a litte bit confused now... Edit: OK my "noob" problem solve partially: setting in nextcloud config.php under "trusted domain": 'trusted_domains' => array ( 0 => 'xx.xx.xx.xx:51123', (internal ip) 1 => 'my.domain.com:51123', (domain) 2 => 'xx.xx.xx.xx:51123', (external ip) BUT works only for internal and external ip not for domain! Edited August 7, 2019 by unMaxe Quote Link to comment
pimogo Posted August 8, 2019 Share Posted August 8, 2019 On 8/6/2019 at 5:06 PM, aptalca said: The only thing I can think of is that geoip v1 was recently removed as it was deprecated a while back and now the databases are no longer available. If you were using geoip, that will result in a failure. Geoip v2 is included in the image with an up-to-date database. You can use that instead i'm having the same problem and wish to ensure i'm using Geoip v2. i checked the github page but couldn't make much sense of it. can someone point on the right track please. under my appdata, i see a foldedr called geoip2. presumably its simply a matter of locating the appropriate conf file and referencing the right file? correct? sorta... ? thansk!! Quote Link to comment
aptalca Posted August 8, 2019 Share Posted August 8, 2019 4 hours ago, pimogo said: i'm having the same problem and wish to ensure i'm using Geoip v2. i checked the github page but couldn't make much sense of it. can someone point on the right track please. under my appdata, i see a foldedr called geoip2. presumably its simply a matter of locating the appropriate conf file and referencing the right file? correct? sorta... ? thansk!! See this post: Quote Link to comment
commander-flatus Posted August 9, 2019 Share Posted August 9, 2019 Trying to display an image in a directory of images using this. I have a directory of jpg files. I've got this index.php in there: <?php $dirname = "/camera/"; $images = glob($dirname."*.jpg"); foreach($images as $image) { $list[] = $image; #echo '<img src="'.$image.'" /><br />'; } sort ($list); echo "<br><img src="."'".array_pop($list)."'"."><br><br>"; ?> I've tested the above and it works with php called from the shell. So this folder is in the docker at /camera/ here's my site config: upstream backend { server 192.168.69.94:19999; keepalive 64; } server { listen 443 ssl default_server; listen 80 default_server; root /config/www; index index.html index.htm index.php; server_name _; location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'xxx' ssl_prefer_server_ciphers on; client_max_body_size 0; location /camera { root /; index index.php; } location = / { return 301 /htpc; } location /sonarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.69.94:8989/sonarr; } location /tautulli { include /config/nginx/proxy.conf; proxy_pass http://192.168.69.94:8181/tautulli; } location /radarr { include /config/nginx/proxy.conf; proxy_pass http://192.168.69.94:7878/radarr; } location /htpc { include /config/nginx/proxy.conf; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://192.168.69.94:8085/htpc; } location /downloads { include /config/nginx/proxy.conf; proxy_pass http://192.168.69.94:8112/; proxy_set_header X-Deluge-Base "/downloads/"; } location /nextcloud { include /config/nginx/proxy.conf; proxy_pass https://192.168.69.94:1443/nextcloud; } } It continues to give me the following error message: 2019/08/08 20:34:36 [error] 368#368: *5 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 192.168.69.1, server: _, request: "GET /camera/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "xx.net" Quote Link to comment
cduckett Posted August 9, 2019 Share Posted August 9, 2019 On 8/7/2019 at 7:34 PM, pimogo said: i'm having the same problem and wish to ensure i'm using Geoip v2. i checked the github page but couldn't make much sense of it. can someone point on the right track please. under my appdata, i see a foldedr called geoip2. presumably its simply a matter of locating the appropriate conf file and referencing the right file? correct? sorta... ? thansk!! I used this link to help update my geoblocksites.conf https://technicalramblings.com/blog/blocking-countries-with-geolite2-using-the-letsencrypt-docker-container/ Quote Link to comment
pimogo Posted August 9, 2019 Share Posted August 9, 2019 22 hours ago, aptalca said: See this post: Yes i looked at that previously but couldn't make heads or tails. Do i bash into letscrypt docker and start the install from the section: "Download nginx source" in the github page? And if so, do i go the dynamic or static route? sorry for the questions, but i am genuinely trying. thanks Quote Link to comment
aptalca Posted August 9, 2019 Share Posted August 9, 2019 9 hours ago, pimogo said: Yes i looked at that previously but couldn't make heads or tails. Do i bash into letscrypt docker and start the install from the section: "Download nginx source" in the github page? And if so, do i go the dynamic or static route? sorry for the questions, but i am genuinely trying. thanks Everything's already installed. You just edit the nginx config to enable it however you like Quote Link to comment
smakdafrog Posted August 11, 2019 Share Posted August 11, 2019 On 8/9/2019 at 8:41 AM, aptalca said: Everything's already installed. You just edit the nginx config to enable it however you like Where is the country DB? I'm only seeing the Cities one under var/lib/libmaxminddb/GeoLite2-City.mmdb Quote Link to comment
aptalca Posted August 11, 2019 Share Posted August 11, 2019 1 hour ago, smakdafrog said: Where is the country DB? I'm only seeing the Cities one under var/lib/libmaxminddb/GeoLite2-City.mmdb Only the city one is provided by the alpine package, but it contains country info as well Quote Link to comment
Riotz Posted August 12, 2019 Share Posted August 12, 2019 On 8/2/2019 at 2:57 PM, aptalca said: We can add that, too if it doesn't add too much bloat Hello, there have been quite a few updates to the container since this post. Can you please tell me if this was enabled? If so how would one activate it. Also, is there somewhere that I can check for release notes on updated to the container? Quote Link to comment
aptalca Posted August 12, 2019 Share Posted August 12, 2019 1 hour ago, Riotz said: Hello, there have been quite a few updates to the container since this post. Can you please tell me if this was enabled? If so how would one activate it. Also, is there somewhere that I can check for release notes on updated to the container? GitHub readme and the docker hub pages both have changelogs Quote Link to comment
Riotz Posted August 12, 2019 Share Posted August 12, 2019 51 minutes ago, aptalca said: GitHub readme and the docker hub pages both have changelogs Thanks! Quote Link to comment
Lien1454 Posted August 13, 2019 Share Posted August 13, 2019 Hi, I'm trying to enable htpasswd on letsencrypt. So far I've created the htpasswd file and edited each conf file I'm using in... appdata\letsencrypt\nginx\proxy-confs These 2 lines... auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; removing the # in notepad++ I have not edited any other files. When restarting letsencrypt and browsing the URL to a docker. I am doing this either on my phones IP (not wifi) or testing on a VPN on my PC. For example both sonarr and radarr. I get the htaccess user/password prompt. When entering the correct details another prompt comes up but the password is not accepted. fail2ban is banning. Is there anything else I need to do or missed to get this working correctly? Thanks Quote Link to comment
aptalca Posted August 13, 2019 Share Posted August 13, 2019 (edited) 2 hours ago, Lien1454 said: Hi, I'm trying to enable htpasswd on letsencrypt. So far I've created the htpasswd file and edited each conf file I'm using in... appdata\letsencrypt\nginx\proxy-confs These 2 lines... auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; removing the # in notepad++ I have not edited any other files. When restarting letsencrypt and browsing the URL to a docker. I am doing this either on my phones IP (not wifi) or testing on a VPN on my PC. For example both sonarr and radarr. I get the htaccess user/password prompt. When entering the correct details another prompt comes up but the password is not accepted. fail2ban is banning. Is there anything else I need to do or missed to get this working correctly? Thanks You likely have double auth, once through htpasswd and once through sonarr/radarr Two solutions: 1) remove internal auth in sonarr/radarr and only rely on http auth, or 2) make sure the user pass are exactly the same for htpasswd and the app's internal auth Edited August 13, 2019 by aptalca Quote Link to comment
StanC Posted August 18, 2019 Share Posted August 18, 2019 On 5/7/2019 at 3:51 AM, Draco said: Hi There, I have done a bunch of searching here and elsewhere and can't seem to find an answer on this. 1. I have OpenVPN AS setup in a docker with ports 943 Web and 9443 TCP VPN port open 2. I am looking to use letsencrypt to redirect 443 for domain vpn.duckdns.org to local server 192.168.1.5:9443 for vpn connections Does anyone have any idea how i would set this up in the letsencrypt docker. Reason for this is work is blocking anything but HTTP/HTTPS so need to be accessing on one of these open ports. Help would greatly be appreciated. Thanks! On 5/7/2019 at 5:28 AM, aptalca said: Google nginx tcp stream proxy. It's very easy and straightforward. I also would like a way to redirect OpenVPN through letsencrypt. Is it done through its own special conf file or do we edit nginx default conf file to do it? @Draco - did you every find an answer and get this working? @aptalca - can you provide specific URLs with answers or configurations? I have done the generic google search for "nginx tcp stream proxy" and came up with nothing very useful. Quote Link to comment
aptalca Posted August 19, 2019 Share Posted August 19, 2019 (edited) 6 hours ago, StanC said: I also would like a way to redirect OpenVPN through letsencrypt. Is it done through its own special conf file or do we edit nginx default conf file to do it? @Draco - did you every find an answer and get this working? @aptalca - can you provide specific URLs with answers or configurations? I have done the generic google search for "nginx tcp stream proxy" and came up with nothing very useful. Add this to the bottom of your nginx.conf file, put in your ip and port for openvpn stream { log_format basic '$remote_addr [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time'; access_log /config/log/nginx/streamaccess.log basic; error_log /config/log/nginx/streamerror.log; server { listen 80; proxy_pass serverip:port; } } Edited August 19, 2019 by aptalca Quote Link to comment
StanC Posted August 19, 2019 Share Posted August 19, 2019 (edited) 1 hour ago, aptalca said: Add this to the bottom of your nginx.conf file, put in your ip and port for openvpn stream { log_format basic '$remote_addr [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time'; access_log /config/log/nginx/streamaccess.log basic; error_log /config/log/nginx/streamerror.log; server { listen 80; proxy_pass serverip:port; } } Okay added to the bottom of \appdata\letsencrypt\nginx\nginx.conf. Now I am seeing this in the log after restarting: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) There must be something missing because none of the reverse proxy sites are working now (nextcloud, etc). I have disabled the stream statement for now. Edited August 19, 2019 by StanC Update Quote Link to comment
SirCaveman Posted August 19, 2019 Share Posted August 19, 2019 Hi there! I hope i'm at the right address here, no pun intended I have configured the lets encrypt docker successfully and running 3 containers (heimdall, nextcloud and ombi) on the network i called "proxynet" and all of them are externally working. The only thing I can't fully work out yet, is how i can let Ombi communicate with Sonarr and Radarr, which both are on a different vlan due to vpn purposes inconjunction with a pfsense vm in that same vlan (this way nzbget only downloads anything through a vpn through pfsense). I do not want to expose Sonarr and Radarr through proxy, just through the separate vlan. I hope i'm clear, its a bit of a somewhat complex setup 😊 So i hope anyone can point me in the right direction, if at all its possible to have a proxy-ed container on a vlan talk with a container on different vlan within Unraid... Quote Link to comment
aptalca Posted August 19, 2019 Share Posted August 19, 2019 6 hours ago, StanC said: Okay added to the bottom of \appdata\letsencrypt\nginx\nginx.conf. Now I am seeing this in the log after restarting: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) There must be something missing because none of the reverse proxy sites are working now (nextcloud, etc). I have disabled the stream statement for now. You need to disable your http to https redirect in your default site config. You can't have both http and stream listening on port 80 Quote Link to comment
aptalca Posted August 19, 2019 Share Posted August 19, 2019 49 minutes ago, SirCaveman said: Hi there! I hope i'm at the right address here, no pun intended I have configured the lets encrypt docker successfully and running 3 containers (heimdall, nextcloud and ombi) on the network i called "proxynet" and all of them are externally working. The only thing I can't fully work out yet, is how i can let Ombi communicate with Sonarr and Radarr, which both are on a different vlan due to vpn purposes inconjunction with a pfsense vm in that same vlan (this way nzbget only downloads anything through a vpn through pfsense). I do not want to expose Sonarr and Radarr through proxy, just through the separate vlan. I hope i'm clear, its a bit of a somewhat complex setup 😊 So i hope anyone can point me in the right direction, if at all its possible to have a proxy-ed container on a vlan talk with a container on different vlan within Unraid... If sonarr and radarr are on macvlan, and others are on a custom bridge, they won't be able to connect to each other. That's a docker security feature to prevent connections between the host (and the host networks) and macvlan Quote Link to comment
cpsmith516 Posted August 19, 2019 Share Posted August 19, 2019 Are there any plans to add all of the DNS validation methods that are included with ACME v2 found in things like pfsense and opnsense? I'd really like to be able to utilize my GoDaddy API to do DNS validation and get wild card certs for my domain. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.