aptalca Posted January 27, 2020 Share Posted January 27, 2020 4 hours ago, sse450 said: @aptalca , thank you for indicating the readme file. I successfully mounted LE config folder to onlyoffice docker. Howver, I still need to present the certs in the filenames onlyoffice required onlyoffice.crt, onlyoffice.key. Should I use "ln -s" or create a cron job to copy LE certs in the filenames required? I would appreciate any advice. Thank you. Sure, you can create symlinks with those names. But you really should be reverse proxying instead. Quote Link to comment
aptalca Posted January 27, 2020 Share Posted January 27, 2020 8 hours ago, phyzical said: so what i mean is i want to have a seperate pool per nginx server directive. so one pool for be website-a and another for website-b. im just trying to acheive separation of envs through php-fpm. so i add a new pool for [website-a] how does it line up with website-a server directive sorry if my not being clear enough thanks! Edit /config/php/www2.conf Quote Link to comment
sse450 Posted January 27, 2020 Share Posted January 27, 2020 1 hour ago, aptalca said: Sure, you can create symlinks with those names. But you really should be reverse proxying instead. @aptalca Thank you for the hint. But, second sentence in your reply is important. It is not very clear tome. I do reverse proxy using LE docker. But, I think that onlyoffice still needs the certs in its /Data/certs directory. Am I wrong? How do just reverse proxying solve that issue without certs in OO docker? Quote Link to comment
TechMed Posted January 27, 2020 Share Posted January 27, 2020 Hi All, This may be a “duh” question, but I am trying to learn and not hose this box’s dialed in setup in the process. So, my question is, should I just change the ip addy/subnet for the LetsEncrypt (LE) container? Background: br0: 192.168.69.0/24 eth2: 192.168.169.0/24 I originally installed LE using the bonded (br0) interface which is working perfectly. I have since added a small 10Gb second subnet (eth2) which includes my servers and one desktop. When I have the desktop on the original br0 subnet, I can access anything behind the LE proxy as expected. When I switch the desktop over to the new eth2 subnet I can do everything BUT access anything behind the LE proxy. Therefore, it seems to me that by simply changing the LE proxy’s subnet to that of the eth2 interface, I should be able to utilize my 10Gb interface on the desktop for everything, including those services behind the LE proxy. However, if I am overlooking a better way of doing this, I am open to suggestions and the ‘why’ so I understand for future needs and having the ability pay it forward. As a sample, here is info from the Nextcloud config.php file and the Docker network: Config.php snippet: 'trusted_domains' => array ( 0 => '192.168.69.xxx:aaa', 1 => 'daxxxxx.aaaaaa.bbbbbbbfe', ), 'dbtype' => 'mysql', 'version' => '17.0.2.1', 'overwrite.cli.url' => 'https://da daxxxxx.aaaaaa.bbbbbbbfe', 'overwritehost' => 'da daxxxxx.aaaaaa.bbbbbbbfe', 'overwriteprotocol' => 'https', 'dbname' => 'dbname', 'dbhost' => '192.168.69.xxx:aaaa', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, Docker: Thanks!!! Quote Link to comment
alturismo Posted January 27, 2020 Share Posted January 27, 2020 2 hours ago, sse450 said: @aptalca Thank you for the hint. But, second sentence in your reply is important. It is not very clear tome. I do reverse proxy using LE docker. But, I think that onlyoffice still needs the certs in its /Data/certs directory. Am I wrong? How do just reverse proxying solve that issue without certs in OO docker? when your cert is working in LE docker u dont need another cert in onlyoffice "underneath", ssl is handled then by nginx from letsencrypt. Quote Link to comment
aptalca Posted January 27, 2020 Share Posted January 27, 2020 3 hours ago, sse450 said: @aptalca Thank you for the hint. But, second sentence in your reply is important. It is not very clear tome. I do reverse proxy using LE docker. But, I think that onlyoffice still needs the certs in its /Data/certs directory. Am I wrong? How do just reverse proxying solve that issue without certs in OO docker? I haven't used onlyoffice. We use collabora with nextcloud, reverse proxied through letsencrypt container. Here's a post about it: https://helpcenter.onlyoffice.com/server/document/document-server-proxy.aspx Quote Link to comment
DZMM Posted January 27, 2020 Share Posted January 27, 2020 On 11/28/2019 at 1:43 AM, bluesky509 said: Anybody know how to setup custom error pages? Specifically interested in 401 and 50x error pages. @bluesky509 did you work out how to do this? I'm in the same boat Quote Link to comment
sse450 Posted January 28, 2020 Share Posted January 28, 2020 @aptalca Thank you very much. Quote Link to comment
SavellM Posted January 28, 2020 Share Posted January 28, 2020 Hi all, So I have this working but really want to get CloudFlare to work with Proxies. I have it working without the Proxies, just as DNS and its working fine. I have it set like so: So A record to my WAN IP, then CNAME subdomains for each thing I want. I also have LetsEncrypt set as DNS verification challenge and its working using wildcard. I have ports forwarded from my router for 1443 and 180 and all good there too. BUT my question is! 1) Can I remove said ports as its doing DNS verification or just the 180 (80) one? 2) Is there a way I can get the Proxy status to work, as every time I set it as Proxy I cannot access anything remotely? Thanks Quote Link to comment
aptalca Posted January 28, 2020 Share Posted January 28, 2020 6 hours ago, SavellM said: Hi all, So I have this working but really want to get CloudFlare to work with Proxies. I have it working without the Proxies, just as DNS and its working fine. I have it set like so: So A record to my WAN IP, then CNAME subdomains for each thing I want. I also have LetsEncrypt set as DNS verification challenge and its working using wildcard. I have ports forwarded from my router for 1443 and 180 and all good there too. BUT my question is! 1) Can I remove said ports as its doing DNS verification or just the 180 (80) one? 2) Is there a way I can get the Proxy status to work, as every time I set it as Proxy I cannot access anything remotely? Thanks If you're doing dns validation, you don't need port 80 mapping. Can't help you with cloudflare proxy. I don't use it Quote Link to comment
Bleak Posted January 29, 2020 Share Posted January 29, 2020 Hi question, Tried to find this online but could not find it. I have two instances of a few dockers running ("radarr and radarr4k" "bazarr and bazarr4k"). Now I have succesfully set up the not 4k intended dockers with let's encrypt and all is working now I want to do the same for the 4k intended dockers. I have done the following changes in the conf already: # make sure that your dns has a cname set for bazarr and that your bazarr container is not using a base url server { listen 443 ssl; listen [::]:443 ssl; server_name bazarr4k.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_bazarr bazarr4k; proxy_pass http://$upstream_bazarr:6868; } } - I changed the server_name to the correct subdomain for which i obtained a certificate. - Changed the proxy_pass to http://$upstream_bazarr:6868; (as how i have the port setup in unraid) Now I just changed the name of the config to bazarr4k.subdomain.conf since bazarr was already in use did not expect this to work and got a 502 bad gateway. Does anybody run the same or does anybody have an idea on how to do this correctly? Much appreciated, Bleak Quote Link to comment
aptalca Posted January 29, 2020 Share Posted January 29, 2020 40 minutes ago, Bleak said: Hi question, Tried to find this online but could not find it. I have two instances of a few dockers running ("radarr and radarr4k" "bazarr and bazarr4k"). Now I have succesfully set up the not 4k intended dockers with let's encrypt and all is working now I want to do the same for the 4k intended dockers. I have done the following changes in the conf already: # make sure that your dns has a cname set for bazarr and that your bazarr container is not using a base url server { listen 443 ssl; listen [::]:443 ssl; server_name bazarr4k.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_bazarr bazarr4k; proxy_pass http://$upstream_bazarr:6868; } } - I changed the server_name to the correct subdomain for which i obtained a certificate. - Changed the proxy_pass to http://$upstream_bazarr:6868; (as how i have the port setup in unraid) Now I just changed the name of the config to bazarr4k.subdomain.conf since bazarr was already in use did not expect this to work and got a 502 bad gateway. Does anybody run the same or does anybody have an idea on how to do this correctly? Much appreciated, Bleak Don't change the port 1 Quote Link to comment
Seige Posted January 29, 2020 Share Posted January 29, 2020 Would it be possible to run multiple instances of the letsencrypt container? All instances would have to have the same port mapping (i presume). Would this be possible by defining custom docker networks for each instance of letsencrypt and would http validation still work? Thank you for the help! Quote Link to comment
tknx Posted January 30, 2020 Share Posted January 30, 2020 OK, so I can access my calibre docker through the reverse proxy. What I would like to be able to do is to also access the OPDS server that is builtin so I can download books on the road. Typically the address would be IPaddress:8080/opds; but right now I only have 80 and 443 port forwarded (and the webgui works fine there) Quote Link to comment
Bleak Posted January 30, 2020 Share Posted January 30, 2020 (edited) 22 hours ago, Seige said: Would it be possible to run multiple instances of the letsencrypt container? All instances would have to have the same port mapping (i presume). Would this be possible by defining custom docker networks for each instance of letsencrypt and would http validation still work? Thank you for the help! Hi not sure why you would want multiple instances for let's encrypt. If you need to add extra domains just add an extra variable with the name Extra domains. As the value use EXTRA_DOMAINS and then in the key you can add extra domains note this has to be the full version you want so example.domain.com and not domain.com if you need even more add them with a comma like this example.domain.com,example2.domain.com,example3.domain.com etc... So in my case I want to be able to reach my plex from 3 different domains I add one the normal way as top domain and with the sub domains. and the other two in the extra domains. Hope this helps! Edited January 30, 2020 by Bleak 1 Quote Link to comment
L0rdRaiden Posted January 30, 2020 Share Posted January 30, 2020 How can I fix this lua error? nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem" nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem" nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem" nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') Quote Link to comment
blaine07 Posted January 30, 2020 Share Posted January 30, 2020 How can I fix this lua error? nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:no field package.preload['resty.core']no file './resty/core.lua'no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'no file '/usr/local/share/lua/5.1/resty/core.lua'no file '/usr/local/share/lua/5.1/resty/core/init.lua'no file '/usr/share/lua/5.1/resty/core.lua'no file '/usr/share/lua/5.1/resty/core/init.lua'no file '/usr/share/lua/common/resty/core.lua'no file '/usr/share/lua/common/resty/core/init.lua'no file './resty/core.so'no file '/usr/local/lib/lua/5.1/resty/core.so'no file '/usr/lib/lua/5.1/resty/core.so'no file '/usr/local/lib/lua/5.1/loadall.so'no file './resty.so'no file '/usr/local/lib/lua/5.1/resty.so'no file '/usr/lib/lua/5.1/resty.so'no file '/usr/local/lib/lua/5.1/loadall.so') What it means has been talked about in length previously in this thread.TLDR; ignore it 1 Quote Link to comment
L0rdRaiden Posted January 30, 2020 Share Posted January 30, 2020 (edited) 7 minutes ago, blaine07 said: What it means has been talked about in length previously in this thread. TLDR; ignore it Thanks, and this part? nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem" Edited January 30, 2020 by L0rdRaiden Quote Link to comment
dhstsw Posted January 31, 2020 Share Posted January 31, 2020 (edited) So, i guess it's the usual problem: root@cc3c920d7a5b:/# certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/nextcloud.somedomain.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for nextcloud.somedomain.com http-01 challenge for oo.somedomain.com Cleaning up challenges Attempting to renew cert (nextcloud.somedomain.com) from /etc/letsencrypt/renewal/nextcloud.somedomain.com.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/nextcloud.somedomain.com/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/nextcloud.somedomain.com/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) Of course ports 80 and 443 are forwarded correcly to the container. Deleting certificates and key and try to get new ones leads it to generate them, download them and then saying there the same error (and of course, the new ones don't work): Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/nextcloud.somedomain.com-0002/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/nextcloud.somedomain.com-0002/privkey.pem Your cert will expire on 2020-04-30. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Any hint? Thanks. Edited January 31, 2020 by dhstsw Quote Link to comment
aptalca Posted January 31, 2020 Share Posted January 31, 2020 2 hours ago, dhstsw said: So, i guess it's the usual problem: root@cc3c920d7a5b:/# certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/nextcloud.somedomain.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for nextcloud.somedomain.com http-01 challenge for oo.somedomain.com Cleaning up challenges Attempting to renew cert (nextcloud.somedomain.com) from /etc/letsencrypt/renewal/nextcloud.somedomain.com.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/nextcloud.somedomain.com/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/nextcloud.somedomain.com/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) Of course ports 80 and 443 are forwarded correcly to the container. Deleting certificates and key and try to get new ones leads it to generate them, download them and then saying there the same error (and of course, the new ones don't work): Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/nextcloud.somedomain.com-0002/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/nextcloud.somedomain.com-0002/privkey.pem Your cert will expire on 2020-04-30. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Any hint? Thanks. Don't manually run commands inside the container and don't manually delete key files unless we ask you to. We don't provide support for that. Quote Link to comment
dhstsw Posted January 31, 2020 Share Posted January 31, 2020 3 hours ago, aptalca said: Don't manually run commands inside the container and don't manually delete key files unless we ask you to. We don't provide support for that. I did that after having the container not updating the keys (received email from letsencrypt stating certs are expiring in 20 days). Anyway, i keep a backup of all the appdata folder, keys and certs are the way they used to be. Never the less, it's not updating. [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Athens URL=somedomain.com SUBDOMAINS=nextcloud,oo EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d nextcloud.somedomain.com -d oo.somedomain.com E-mail address entered: [email protected] http validation is selected Certificate exists; parameters unchanged; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) Server ready Quote Link to comment
saarg Posted January 31, 2020 Share Posted January 31, 2020 1 hour ago, dhstsw said: I did that after having the container not updating the keys (received email from letsencrypt stating certs are expiring in 20 days). Anyway, i keep a backup of all the appdata folder, keys and certs are the way they used to be. Never the less, it's not updating. [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Athens URL=somedomain.com SUBDOMAINS=nextcloud,oo EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d nextcloud.somedomain.com -d oo.somedomain.com E-mail address entered: [email protected] http validation is selected Certificate exists; parameters unchanged; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) Server ready If you turn off your server at night the certs will not renew. Tha cron job is run at 2 in the night. Have you checked in the browser that the current cert is expiring? Quote Link to comment
Coolsaber57 Posted February 1, 2020 Share Posted February 1, 2020 I am trying to expose my Octoprint page, but am having trouble finding a configuration that will work. Here's the examples that Octoprint provides: https://community.octoprint.org/t/reverse-proxy-configuration-examples/1107 Here's my current config: server { listen 443 ssl; listen [::]:443 ssl; server_name print.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; proxy_pass http://192.168.2.13:80; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; } } I took out a few lines that were causing the docker container to throw errors. I'm currently getting a 500 error. If I copy a config from another container and change the IP/port/subdomain, I do actually get to see the login page, but it says it's offline and asks me to reconnect. Has anyone successfully configured Octoprint in this container? If so, would you be able to share the config? 1 Quote Link to comment
robobub Posted February 1, 2020 Share Posted February 1, 2020 Having an issue uploading large files to nextcloud only using letsencrypt reverse proxy, works fine without letsencrypt. Even just a 2.3 GB file: the file completes uploading on the client, and I see that it's processing and copying the file into the final location on nextcloud/<user>/files/<path>. However, this only lasts for around 1 minute then stops writing the file, and tells the client that it timed out. Watching the file get written, it's in the range of 800~1200 MB. If I turn reverse proxy off and revert those settings, it works fine and the "processing" of copying into the final location runs for longer than that minute. All the guides I've seen about configuring letsencrypt are removing client_max_body_size, but that was already removed back on 01/21/2019. I'm on the latest nextcloud docker and letsencrypt docker. There were some timeout settings in letsencrypt/nginx/proxy.conf: send_timeout, proxy_*_timeout, increasing those significantly and restarting yielded the same result. Same with modifying proxy_max_temp_file_size in letsencrypt/nginx/proxy-confs/nextcloud.*.conf I'm not really seeing anything in letsencrypt/nextcloud's log/[nginx,php]/*.log either. Is there a loglevel I should be changing? 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.