November 12, 20196 yr 6 minutes ago, H2O_King89 said: he sure right here. I've followed this step by step, didn't work so i used to later added video using DNS Verification with lets encrypt
November 12, 20196 yr I've followed this step by step, didn't work so i used to later added video using DNS Verification with lets encryptOkay thats fine but change the ports though Sent from my Pixel 4 XL using Tapatalk
November 13, 20196 yr 16 hours ago, Spectral Force said: Good morning/afternoon. I am a bit out of my element with the reverse proxy stuff and custom conf files and need some help. I am trying to run the CSMM-7DTD server manager (docker by ich77) via reverse proxy and https. It works portionately via http, but uses steam to login to the software itself and that's where I get hung up. I click my steam login and because its https it craps out. I am unsure if this is supposed to be handled by the .conf file or elsewhere. Anything to point me in the proper direction would be appreciated. What I do have for a conf file comes from the creator of CSMM. I am using DuckDNS docker and links, as well as a CNAME from my website. Thanks in advance for any and all help. server { server_name csmm.example.com; index index.html; location / { proxy_pass http://localhost:1337; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 300; proxy_connect_timeout 300; } listen 80; } Don't copy paste a conf from another source. Use an existing preset proxy conf and modify accordingly. The conf you posted above is missing all the ssl bits, and it tries to reverse proxy localhost, which won't work in a container. Also see the examples in the default site config for very basic confs
November 13, 20196 yr anyone able to get reverse proxy on a searx docker working? I have 5 other dockers that work flawlessly but for whatever reason i get a bad gateway with searx. It works with the internal br0 (http://192.168.1.19:8888) but when going to my external domain it doesn't work at all. Cname is correctly setup and letsencrypt as well. server { listen 80; listen 443 ssl; server_name searx.myprivatedomain.org; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DS> ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass http://192.168.1.19:8888; include /config/nginx/proxy.conf; } } Edited November 13, 20196 yr by ffhelllskjdje
November 13, 20196 yr 4 minutes ago, ffhelllskjdje said: anyone able to get reverse proxy on a searx docker working? I have 5 other dockers that work flawlessly but for whatever reason i get a bad gateway with searx. It works with the internal br0 (http://192.168.1.19:8888) but when going to my external domain it doesn't work at all. Cname is correctly setup and letsencrypt as well. server { listen 80; listen 443 ssl; server_name searx.myprivatedomain.org; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DS> ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass http://192.168.1.19:8888; include /config/nginx/proxy.conf; } } If it's macvlan, it blocks connections between macvlan and host. Try to ping it from inside the letsencrypt container
November 13, 20196 yr 1 hour ago, aptalca said: If it's macvlan, it blocks connections between macvlan and host. Try to ping it from inside the letsencrypt container That was it, switched to bridge and remapped the port and all is working now, thanks
November 15, 20196 yr Is it possible to use the reverse proxy to redirect traffic to an internal IP, either a VM or another machine? I am new to unraid, and I have a synology NAS that I am migrating away from. I have also set up a xpenology VM. I have set up a number of synology units with friends and family and I like the way it handles backup, so I want to use my xpenology VM or current synology as a remote target. I have set up Letsencrypt docker and it works grate after following the spaceinvaderone video. However this only looks to work with dockers on the Unraid machine, via proxynet. I found some example code to root the proxy pass to an internal IP for example 192.168.X.XX at https://www.reddit.com/r/unRAID/comments/apapqw/reverse_proxy_with_letsencrypt_docker_and_vm/ However I cant get it to work. I have my own domain and plan to use something like xpenology.mydomain.com and synology.mydomain.com. If it forward port 5001 to my xpenology vm I can connect directly using xpenology.mydomain.com:5001 but if I don’t specify the port I get the “Welcome to our server” nginx splash page. It would be nice to be redirected to each of these DSM web interfaces by using xpenology. and synology. as i can only forward 5001 once. My congfig file is currently. server { listen 443 ssl http2; server_name xpenology.*; server_tokens off; access_log /var/log/nginx/xpenology.SITE.access.log; error_log /var/log/nginx/xpenology.SITE.error.log error; ssl on; ssl_certificate /etc/letsencrypt/live/SITE/fullchain.pem; ssl_certificate_key /etc/letsencrypt/SITE/privkey.pem; location /{ proxy_pass https://192.168.X.XXX:50001; proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Url-Scheme $scheme; } }
November 18, 20196 yr I keep getting 403 Forbidden ive changed folder permission then restart the container and still get 403
November 18, 20196 yr 22 minutes ago, Ladrek said: I keep getting 403 Forbidden ive changed folder permission then restart the container and still get 403 With the little info you have supplied, I can say that something isn't configured properly.
November 18, 20196 yr 57 minutes ago, saarg said: With the little info you have supplied, I can say that something isn't configured properly. Found this in the error log Edited November 18, 20196 yr by Ladrek
November 18, 20196 yr 2 hours ago, Ladrek said: Found this in the error log Permission issues is my guess. So check the permissions on the recentlyadded folder. Should be nobody:users
November 18, 20196 yr 1 hour ago, saarg said: Permission issues is my guess. So check the permissions on the recentlyadded folder. Should be nobody:users Everything has full access - i even changed the permission via unraid terminal and terminal on the container as well Edited November 18, 20196 yr by Ladrek
November 19, 20196 yr 12 hours ago, Ladrek said: Everything has full access - i even changed the permission via unraid terminal and terminal on the container as well If you are going to post a screenshot of permissions, please post the ones from unraid command line, not something from windows.
November 19, 20196 yr 6 hours ago, saarg said: If you are going to post a screenshot of permissions, please post the ones from unraid command line, not something from windows. Screenshot of linux
November 19, 20196 yr 29 minutes ago, Ladrek said: Screenshot of linux Looks good. I have no idea what is wrong then. I got limited knowledge about nginx, so you will have to wait until one of the nginx wizards pops up.
November 19, 20196 yr I'm trying to use this container, which I had working for a single subdomain, but now I'm getting the following after trying to add additional domains: Plugins selected: Authenticator standalone, Installer None An unexpected error occurred: Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 157, in _new_conn (self._dns_host, self.port), self.timeout, **extra_kw File "/usr/lib/python3.7/site-packages/urllib3/util/connection.py", line 61, in create_connection for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): File "/usr/lib/python3.7/socket.py", line 748, in getaddrinfo for res in _socket.getaddrinfo(host, port, family, type, proto, flags): socket.gaierror: [Errno -3] Try again I've treid rebuilding the container etc, but I'm not unable to get past this error. Any one able to help or point me in the right direction as this appears to be an issue with custom internal code so I'm at a loss at being able to debug the issue myself. Thanks for the help.
November 19, 20196 yr Hi, getting this when starting the container, no idea how to fix it.. Please help. Generating new certificate An unexpected error occurred: pkg_resources.ContextualVersionConflict: (cryptography 2.6.1 (/usr/lib/python3.7/site-packages), Requirement.parse('cryptography>=2.8'), {'PyOpenSSL'}) Please see the logfile '/tmp/tmph9dkw77d/log' for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
November 19, 20196 yr 1 hour ago, g0nz0 said: I'm trying to use this container, which I had working for a single subdomain, but now I'm getting the following after trying to add additional domains: Plugins selected: Authenticator standalone, Installer None An unexpected error occurred: Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 157, in _new_conn (self._dns_host, self.port), self.timeout, **extra_kw File "/usr/lib/python3.7/site-packages/urllib3/util/connection.py", line 61, in create_connection for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): File "/usr/lib/python3.7/socket.py", line 748, in getaddrinfo for res in _socket.getaddrinfo(host, port, family, type, proto, flags): socket.gaierror: [Errno -3] Try again I've treid rebuilding the container etc, but I'm not unable to get past this error. Any one able to help or point me in the right direction as this appears to be an issue with custom internal code so I'm at a loss at being able to debug the issue myself. Thanks for the help. Post your container settings
November 19, 20196 yr 4 hours ago, aptalca said: Post your container settings Sorry to be dense, but are they in an xml file somewhere like with rancher and it's API?
November 19, 20196 yr 13 minutes ago, g0nz0 said: Sorry to be dense, but are they in an xml file somewhere like with rancher and it's API? If not, this is a copy paste from the docker container edit page: Name: letsencrypt Repository: linuxserver/letsencrypt Network Type: Custom: br2.2502 Fixed IP address (optional): 10.250.2.101 Subnet: 10.250.2.0/24 Console shell command: Shell Privileged: ON http: Container Port: 80 https: Container Port: 443 Email: [email protected] Domain Name: g0nz0.me.uk Subdomain(s): unifi,plex,firewall, Only Subdomains: true Diffie Hellman: 2048 Validation: http AppData Config Path: /mnt/user/appdata/letsencrypt Edited November 19, 20196 yr by g0nz0
November 19, 20196 yr 2 minutes ago, g0nz0 said: If not, this is a copy paste from the docker container edit page: Name: letsencrypt Repository: linuxserver/letsencrypt Network Type: Custom: br2.2502 Fixed IP address (optional): 10.250.2.101 Subnet: 10.250.2.0/24 Console shell command: Shell Privileged: ON http: Container Port: 80 https: Container Port: 443 Email: [email protected] Domain Name: g0nz0.me.uk Subdomain(s): unifi,plex,firewall, Only Subdomains: true Diffie Hellman: 2048 Validation: http AppData Config Path: /mnt/user/appdata/letsencrypt Seriously, it's working again now. The issue must have been an error coming back from the letsencrypt API or certbot and just not being handled well in the code. If you're a / the dev on this project, let me know if you want some log extracts (specifically what you want from the logs etc) and I'll get them to you to investigate.
November 19, 20196 yr 18 minutes ago, g0nz0 said: Seriously, it's working again now. The issue must have been an error coming back from the letsencrypt API or certbot and just not being handled well in the code. If you're a / the dev on this project, let me know if you want some log extracts (specifically what you want from the logs etc) and I'll get them to you to investigate. I don't think we need them, if it were a widespread issue, we'd have heard by now. As it stands a solitary report I don't think justifies a conclusion of the container logic not handling things well. If the API/certbot had an issue, no amount of rewriting of the container is going to fix that.
November 20, 20196 yr Having issues with python cryptography -- looks like py3-openssl was updated just a few hours after the current latest version was updated, and is causing issues because py3-cryptography is outdated now? I'm no expert, just a bit of digging. Error is: pkg_resources.ContextualVersionConflict: (cryptography 2.6.1 (/usr/lib/python3.7/site-packages), Requirement.parse('cryptography>=2.8'), {'PyOpenSSL'}) EDIT: In the meantime, running this in console and restarting works fine, though it has to be done each time the container is recreated (edited, etc) apk add gcc musl-dev libffi-dev openssl-dev python3-dev; pip install cryptography --upgrade apk add gcc musl-dev libffi-dev openssl-dev python3-dev; pip install cryptography --upgrade Edited November 20, 20196 yr by drumstyx
November 20, 20196 yr 6 hours ago, drumstyx said: Having issues with python cryptography -- looks like py3-openssl was updated just a few hours after the current latest version was updated, and is causing issues because py3-cryptography is outdated now? I'm no expert, just a bit of digging. Error is: pkg_resources.ContextualVersionConflict: (cryptography 2.6.1 (/usr/lib/python3.7/site-packages), Requirement.parse('cryptography>=2.8'), {'PyOpenSSL'}) EDIT: In the meantime, running this in console and restarting works fine, though it has to be done each time the container is recreated (edited, etc) apk add gcc musl-dev libffi-dev openssl-dev python3-dev; pip install cryptography --upgrade apk add gcc musl-dev libffi-dev openssl-dev python3-dev; pip install cryptography --upgrade https://github.com/linuxserver/docker-letsencrypt/issues/379#issuecomment-555991614
November 20, 20196 yr 2 hours ago, aptalca said: https://github.com/linuxserver/docker-letsencrypt/issues/379#issuecomment-555991614 Ah yeah, makes sense -- I couldn't figure out how to specify an older version of the docker via GUI, but I suppose I could do it in console...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.