JonathanM Posted March 16, 2020 Share Posted March 16, 2020 1 hour ago, luizmont said: Is there a way to do it without having to add the port and the https? Different ISP? Or pay for a dns server that does URL forwarding. Quote Link to comment
aptalca Posted March 16, 2020 Share Posted March 16, 2020 Or you can ask your isp to stop blocking port 443. It worked for some people Quote Link to comment
luizmont Posted March 17, 2020 Share Posted March 17, 2020 4 hours ago, jonathanm said: Different ISP? Or pay for a dns server that does URL forwarding. 4 hours ago, aptalca said: Or you can ask your isp to stop blocking port 443. It worked for some people I live in Brazil and here, as far as I know, all major ISP does this... Ports 80 and 443 can be open only on business plans... I guess it's going to be like this. @aptalca thank you very much for providing the solution to my problem! Quote Link to comment
oeci Posted March 18, 2020 Share Posted March 18, 2020 (edited) Guys, I'm at a complete loss here. On my Unraid server I've got a working nextcloud container plus a working letsencrypt container (for ports see screenshot). Nextcloud can be reached if I use the internal IP and over the subdomain bodenwiesli.duckdns.org I can reach the nginx server which tells me that the subdomain works and the port forwarding of the router is also active. But not matter what guide I follow (this one, this one or this one) it never works. I would really appreciate if someone could tell me how I need to configure the containers to get this working. By the way for testing purposes I forwarded incoming requests to port 80 to the nextcloud container and was able to login to my nextcloud account so I'm 100 % positive that both the subdomain and the nextcloud container actually work. But I'm not ok with unencrypted traffic. Edited March 18, 2020 by oeci Quote Link to comment
aptalca Posted March 18, 2020 Share Posted March 18, 2020 (edited) 17 hours ago, kbbeer said: Going down a rabbit hole this morning, curious if a solution exists to this problem. I've been using this container to allow access to one subdomain externally. I noticed today that if I go to my public ip (when remote) chrome prompts with a privacy error and gives the reason that this ip and the subdomain certs which I setup are different. Is it possible to configure so that my ip doesn't respond and you need to hit the subdomain for a response? Or is it best to create a cert for the main page to camouflage the subdomain? You can set the main server block (the one that's defined as default) to serve a 404 or not even respond. So only the match for the subdomain will be displayed, any other request will go to the default block and get denied Edited March 18, 2020 by aptalca Quote Link to comment
aptalca Posted March 18, 2020 Share Posted March 18, 2020 1 hour ago, oeci said: Guys, I'm at a complete loss here. On my Unraid server I've got a working nextcloud container plus a working letsencrypt container (for ports see screenshot). Nextcloud can be reached if I use the internal IP and over the subdomain bodenwiesli.duckdns.org I can reach the nginx server which tells me that the subdomain works and the port forwarding of the router is also active. But not matter what guide I follow (this one, this one or this one) it never works. I would really appreciate if someone could tell me how I need to configure the containers to get this working. By the way for testing purposes I forwarded incoming requests to port 80 to the nextcloud container and was able to login to my nextcloud account so I'm 100 % positive that both the subdomain and the nextcloud container actually work. But I'm not ok with unencrypted traffic. You're not using our nextcloud image Quote Link to comment
oeci Posted March 18, 2020 Share Posted March 18, 2020 Ooops, changed to yours and indeed the reverse proxy seems to work. But now I cannot setup nextcloud, when I try to do so I can start the process (enter an admin account, choose database, set credentials for database) but it will always terminate with a 504 Gateway Time-Out message after a few minutes. Quote Link to comment
IKWeb Posted March 18, 2020 Share Posted March 18, 2020 On 3/16/2020 at 1:08 PM, saarg said: Not correct. You need to let the container run and it will renew it before it expires. It attempt to renew every night at about 2. When is your cert expiring? Thank you - its not due to expire for a while - I just wasn't sure of the renewal process. Thank you!! Quote Link to comment
oeci Posted March 18, 2020 Share Posted March 18, 2020 Correction: I was able to setup nextcloud but I keep getting those 504 Gateway Time-Out messages. Is there any way to increase waiting time before the timeout occurs? Quote Link to comment
Joker169 Posted March 21, 2020 Share Posted March 21, 2020 (edited) getting spam of this: nginx: [emerg] open() "/config/nginx/error.conf" failed (2: No such file or directory) in /config/nginx/site-confs/default:117 followed https://www.youtube.com/watch?v=AS0HydTEuA4 , as close as possible. Ideas? LEDocker.txt Edited March 21, 2020 by Joker169 Added LE log Quote Link to comment
mika91 Posted March 21, 2020 Share Posted March 21, 2020 Hello, I try to configure a reverse proxy in my VPS. For now, I have my docker services (portainer, whoami, grafana, prometheus, ....) available through XXX.mydomain.duckdns.org (and basic auth for each services). Pretty happy with it... but have twho minor problems: Fail to use Deluge with reverse proxy: get a '502 bad gateway' I enable the proxy-conf as for other services, witout success. Try with/without basic auth Is there a way to 'share' the auth, so I don't need to login for each service ? (looking for a simple solution) Thanks for your help Mickaël Quote Link to comment
aptalca Posted March 21, 2020 Share Posted March 21, 2020 16 hours ago, Joker169 said: getting spam of this: nginx: [emerg] open() "/config/nginx/error.conf" failed (2: No such file or directory) in /config/nginx/site-confs/default:117 followed https://www.youtube.com/watch?v=AS0HydTEuA4 , as close as possible. Ideas? LEDocker.txt 5.24 kB · 0 downloads It's saying you referenced a file in your default conf but the file doesn't exist Quote Link to comment
aptalca Posted March 21, 2020 Share Posted March 21, 2020 1 hour ago, mika91 said: Hello, I try to configure a reverse proxy in my VPS. For now, I have my docker services (portainer, whoami, grafana, prometheus, ....) available through XXX.mydomain.duckdns.org (and basic auth for each services). Pretty happy with it... but have twho minor problems: Fail to use Deluge with reverse proxy: get a '502 bad gateway' I enable the proxy-conf as for other services, witout success. Try with/without basic auth Is there a way to 'share' the auth, so I don't need to login for each service ? (looking for a simple solution) Thanks for your help Mickaël 502 means letsencrypt cannot reach deluge You likely have deluge in host networking, so change the address to point to unraid ip and port to the mapped port in your proxy conf Quote Link to comment
Joker169 Posted March 21, 2020 Share Posted March 21, 2020 (edited) 1 hour ago, aptalca said: It's saying you referenced a file in your default conf but the file doesn't exist I setup almost mirror to SpaceInvader vid. So.... just add error.conf and profit?!? Edited March 21, 2020 by Joker169 Quote Link to comment
aptalca Posted March 21, 2020 Share Posted March 21, 2020 3 hours ago, Joker169 said: I setup almost mirror to SpaceInvader vid. So.... just add error.conf and profit?!? "almost mirror" != "the same" If you post exactly what you did, we can try and help. But if you say "I followed x video or guide for the most part", then we don't have a crystal ball. Quote Link to comment
saarg Posted March 21, 2020 Share Posted March 21, 2020 1 hour ago, aptalca said: "almost mirror" != "the same" If you post exactly what you did, we can try and help. But if you say "I followed x video or guide for the most part", then we don't have a crystal ball. I have to correct you there. We do have a crystal ball, but it's still in the repair shop waiting for the not in stock part. 1 1 Quote Link to comment
Joker169 Posted March 22, 2020 Share Posted March 22, 2020 12 hours ago, aptalca said: "almost mirror" != "the same" If you post exactly what you did, we can try and help. But if you say "I followed x video or guide for the most part", then we don't have a crystal ball. Well the "almost" is the fact, that I USED MY OWN DNS and config, I'm sorry if this annoyed you. Other than that exactly what was in the video. Thanks for reading....I got it working. Guess I'll use a more "newb" solution in the future. 1 Quote Link to comment
trurl Posted March 25, 2020 Share Posted March 25, 2020 1 hour ago, kbbeer said: Any links to help set this up? I've tried googling, but have been failing. Thanks Quote Link to comment
njdowdy Posted March 27, 2020 Share Posted March 27, 2020 I'm looking for advice on how to setup a subdomain.conf for a custom docker. I'm trying to emulate what's described here: https://pgsnake.blogspot.com/2019/07/reverse-proxying-to-pgadmin.html I've also tried to use some other of the provided templates to build from. Here's what I have: # filename: pgsql.subdomain.conf server { listen 443 ssl; listen [::]:443 ssl; server_name pgsql.*; include /config/nginx/ssl.conf; proxy_redirect off; proxy_buffering off; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; # custom docker's name: pgadmin4 set $upstream_pgadmin4 pgadmin4; proxy_pass http://$upstream_pgadmin4:5050; } } In the custom docker the network type is set to custom and pointed at my proxy network. Letsencrypt docker has pgsql as a subdomain to look out for. When I restart letsencrypt docker and visit the subdomain (pgsql.mydomain.com) I get an nginx 502 bad gateway. Have I forgotten something in my configuration? The only thing I can see from other templates is not including any "proxy_set_header"'s, but I'm not really sure what those are and if they are needed. Thanks in advance! Quote Link to comment
aptalca Posted March 27, 2020 Share Posted March 27, 2020 3 hours ago, njdowdy said: I'm looking for advice on how to setup a subdomain.conf for a custom docker. I'm trying to emulate what's described here: https://pgsnake.blogspot.com/2019/07/reverse-proxying-to-pgadmin.html I've also tried to use some other of the provided templates to build from. Here's what I have: # filename: pgsql.subdomain.conf server { listen 443 ssl; listen [::]:443 ssl; server_name pgsql.*; include /config/nginx/ssl.conf; proxy_redirect off; proxy_buffering off; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; # custom docker's name: pgadmin4 set $upstream_pgadmin4 pgadmin4; proxy_pass http://$upstream_pgadmin4:5050; } } In the custom docker the network type is set to custom and pointed at my proxy network. Letsencrypt docker has pgsql as a subdomain to look out for. When I restart letsencrypt docker and visit the subdomain (pgsql.mydomain.com) I get an nginx 502 bad gateway. Have I forgotten something in my configuration? The only thing I can see from other templates is not including any "proxy_set_header"'s, but I'm not really sure what those are and if they are needed. Thanks in advance! Doesn't pgadmin listen on port 80? 1 Quote Link to comment
njdowdy Posted March 27, 2020 Share Posted March 27, 2020 7 minutes ago, aptalca said: Doesn't pgadmin listen on port 80? Yup! That solved it. Thanks! I was still thinking about passing the forwarded port (5050) from when I was hosting it on my local network. Thanks so much! Quote Link to comment
oskarax Posted April 1, 2020 Share Posted April 1, 2020 Hi! I trying for days now to get this going and I followed every guide a could find. I want to be able to access my Nextcloud from outside my network. First I tried the "regular" way with http and duckdns but no luck. After that I followed Spaceinvader Ones new guide using wildcard and SSL with my own domain name. Im not very good at this but I've followed a lot of guides from Spaceinvader One and this is the first one that I just can't get working. Ill post the log file from lets encrypt. Im really stuck and I think I've tried everything. [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... generating self-signed keys in /config/keys, you can replace these with your own keys if required Generating a RSA private key ........+++++ ....................+++++ writing new private key to '/config/keys/cert.key' ----- [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=reverseproxy.nu SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=dns DNSPLUGIN=cloudflare [email protected] STAGING= Created donoteditthisfile.conf Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] waiting for services. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. ...............................................+..............................................................................................................................+.....................................................+...................................+.................................................+............................+.............+..........................................+.........................................................................................................................................................................................................................+...........................................................+...........................+..................................................+......+....................................................................+........................................................+......................................................................................................................................................................+........................................................................................................................................................................+............................................................................+............................................+................................................N[s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=reverseproxy.nu SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=dns DNSPLUGIN=cloudflare [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing Wildcard cert for only the subdomains of reverseproxy.nu will be requested E-mail address entered: [email protected] dns validation via cloudflare plugin is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-cloudflare, Installer None Obtaining a new certificate Performing the following challenges: dns-01 challenge for reverseproxy.nu Unsafe permissions on credentials configuration file: /config/dns-conf/cloudflare.ini Waiting 10 seconds for DNS changes to propagate Waiting for verification... Waiting for verification... Challenge failed for domain reverseproxy.nu dns-01 challenge for reverseproxy.nu Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: reverseproxy.nu Type: dns Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.reverseproxy.nu - the domain's nameservers may be malfunctioning - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file. AND the above error is a mystery as I have edited it with the API Key and email adress as the guide states. Please I need help. Quote Link to comment
aptalca Posted April 1, 2020 Share Posted April 1, 2020 1 hour ago, oskarax said: Hi! I trying for days now to get this going and I followed every guide a could find. I want to be able to access my Nextcloud from outside my network. First I tried the "regular" way with http and duckdns but no luck. After that I followed Spaceinvader Ones new guide using wildcard and SSL with my own domain name. Im not very good at this but I've followed a lot of guides from Spaceinvader One and this is the first one that I just can't get working. Ill post the log file from lets encrypt. Im really stuck and I think I've tried everything. [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... generating self-signed keys in /config/keys, you can replace these with your own keys if required Generating a RSA private key ........+++++ ....................+++++ writing new private key to '/config/keys/cert.key' ----- [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=reverseproxy.nu SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=dns DNSPLUGIN=cloudflare [email protected] STAGING= Created donoteditthisfile.conf Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] waiting for services. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. ...............................................+..............................................................................................................................+.....................................................+...................................+.................................................+............................+.............+..........................................+.........................................................................................................................................................................................................................+...........................................................+...........................+..................................................+......+....................................................................+........................................................+......................................................................................................................................................................+........................................................................................................................................................................+............................................................................+............................................+................................................N[s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=reverseproxy.nu SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=dns DNSPLUGIN=cloudflare [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing Wildcard cert for only the subdomains of reverseproxy.nu will be requested E-mail address entered: [email protected] dns validation via cloudflare plugin is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-cloudflare, Installer None Obtaining a new certificate Performing the following challenges: dns-01 challenge for reverseproxy.nu Unsafe permissions on credentials configuration file: /config/dns-conf/cloudflare.ini Waiting 10 seconds for DNS changes to propagate Waiting for verification... Waiting for verification... Challenge failed for domain reverseproxy.nu dns-01 challenge for reverseproxy.nu Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: reverseproxy.nu Type: dns Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.reverseproxy.nu - the domain's nameservers may be malfunctioning - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file. AND the above error is a mystery as I have edited it with the API Key and email adress as the guide states. Please I need help. A couple of others on discord mentioned a cloudflare outage that resulted in the same outcome as above. No errors setting txt records, but they can't be verified. Quote Link to comment
anongum Posted April 1, 2020 Share Posted April 1, 2020 (edited) Today something weird happened to letsencrypt. I had a clean installation of unraid, on docker just Plex, Nextcloud, Mariadb, duckdns and letsencrypt. Everything perfectly worked until this afternoon, when things just stopped working. Nextcloud and plex would kept working when trying to access them locally, but would timeout whenever trying to use the reverse proxy. So, since I'm far from being an expert user, and one time I already broke my docker containers by messing too much, I deleted my docker image, all my folders in appdata relative to docker containers, and just installed plex and letsencrypt, to see if the problem went away. But it still doesn't work - tried to change domain, issue new certificates - no luck. Then I started thinking. For the sake of explaining I'll my plex domain plex.duckdns.org. I issued one certificate for this subdomain, but never actually used. Yet, for the sake of testing, I tried to access remotely my machine by typing plex.duckdns.org:32400, which is the port used by plex for its webgui, and it worked. I could access plex remotely just fine. Then I went, created a conf file in letsencrypt, which I'm posting: # make sure that your dns has a cname set for plex # if plex is running in bridge mode and the container is named "plex", the below config should work as is # if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;" # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of plex # in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443") server { listen 443 ssl; listen [::]:443 ssl; server_name plex.*; include /config/nginx/ssl.conf; client_max_body_size 0; proxy_redirect off; proxy_buffering off; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app PlexMediaServer; set $upstream_port 32400; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; proxy_set_header X-Plex-Device $http_x_plex_device; proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; proxy_set_header X-Plex-Platform $http_x_plex_platform; proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; proxy_set_header X-Plex-Product $http_x_plex_product; proxy_set_header X-Plex-Token $http_x_plex_token; proxy_set_header X-Plex-Version $http_x_plex_version; proxy_set_header X-Plex-Nocache $http_x_plex_nocache; proxy_set_header X-Plex-Provides $http_x_plex_provides; proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; proxy_set_header X-Plex-Model $http_x_plex_model; } } Changed the name from plex to the docker container name, so PlexMediaServer, obviously changed plex.* to the actual subdomain. And it worked! I shared the link with my friend, so that he could access my plex webgui remotely. Everything was fine, but tonight everything is "time out" and I can't wrap my head around this. The port forwarding is working fine. The certs are issued without issues, and the letsencrypt log looks normal, the server is up (Server ready, as end message of the log). Before tonight, when trying to access one of the domains for which I issued a certificate I would get a white and simple html page saying "Welcome to our server. The website is currently being setup under this address. For help and support, please contact: [email protected]", but now, no matter the certs I issued, everything would just time out. Letsencrypt is in a custom "proxynet" network (yes, I too followed, or better bought unraid thanks to the spaceinvaderone tutorials) and the command is the same of when the reverse proxy worked. Since the port forwarding is fine, the plex container itself is fine, the problem is either duckdns or letsencrypt, tertium non datur. What can I do to see what is the problem? I tried a minimal troubleshooting, but I'm not an expert user, and already disheartened at how could this even happen without touching the nas or any settings. Please, help me. Edited April 1, 2020 by anongum Quote Link to comment
aptalca Posted April 1, 2020 Share Posted April 1, 2020 5 minutes ago, anongum said: Today something weird happened to letsencrypt. I had a clean installation of unraid, on docker just Plex, Nextcloud, Mariadb, duckdns and letsencrypt. Everything perfectly worked until this afternoon, when things just stopped working. Nextcloud and plex would kept working when trying to access them locally, but would timeout whenever trying to use the reverse proxy. So, since I'm far from being an expert user, and one time I already broke my docker containers by messing too much, I deleted my docker image, all my folders in appdata relative to docker containers, and just installed plex and letsencrypt, to see if the problem went away. But it still doesn't work - tried to change domain, issue new certificates - no luck. Then I started thinking. For the sake of explaining I'll my plex domain plex.duckdns.org. I issued one certificate for this subdomain, but never actually used. Yet, for the sake of testing, I tried to access remotely my machine by typing plex.duckdns.org:32400, which is the port used by plex for its webgui, and it worked. I could access plex remotely just fine. Then I went, created a conf file in letsencrypt, which I'm posting: # make sure that your dns has a cname set for plex # if plex is running in bridge mode and the container is named "plex", the below config should work as is # if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;" # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of plex # in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443") server { listen 443 ssl; listen [::]:443 ssl; server_name plex.*; include /config/nginx/ssl.conf; client_max_body_size 0; proxy_redirect off; proxy_buffering off; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app PlexMediaServer; set $upstream_port 32400; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; proxy_set_header X-Plex-Device $http_x_plex_device; proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; proxy_set_header X-Plex-Platform $http_x_plex_platform; proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; proxy_set_header X-Plex-Product $http_x_plex_product; proxy_set_header X-Plex-Token $http_x_plex_token; proxy_set_header X-Plex-Version $http_x_plex_version; proxy_set_header X-Plex-Nocache $http_x_plex_nocache; proxy_set_header X-Plex-Provides $http_x_plex_provides; proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; proxy_set_header X-Plex-Model $http_x_plex_model; } } Changed the name from plex to the docker container name, so PlexMediaServer, obviously changed plex.* to the actual subdomain. And it worked! I shared the link with my friend, so that he could access my plex webgui remotely. Everything was fine, but tonight everything is "time out" and I can't wrap my head around this. The port forwarding is working fine. The certs are issued without issues, and the letsencrypt log looks normal, the server is up (Server ready, as end message of the log). Before tonight, when trying to access one of the domains for which I issued a certificate I would get a white and simple html page saying "the site or server is under construction, for more info contact the server admin", but now, no matter the certs I issued, everything would just time out. Letsencrypt is in a custom "proxynet" network (yes, I too followed, or better bought unraid thanks to the spaceinvaderone tutorials) and the command is the same of when the reverse proxy worked. Since the port forwarding is fine, the plex container itself is fine, the problem is either duckdns or letsencrypt, tertium non datur. What can I do to see what is the problem? I tried a minimal troubleshooting, but I'm not an expert user, and already disheartened at how could this even happen without touching the nas or any settings. Please, help me. A few things wrong here. Using uppercase letters in container name will prevent nginx from properly resolving it. You'll get a 502 If you're trying to access https://url:32400, you're not going through reverse proxy as letsencrypt is accessed at port 443, not 32400. You are giving direct access to Plex via that port. Start over and follow our guides: https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/ And for troubleshooting: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.