August 8, 20205 yr 1 hour ago, hotdog218 said: I configured it based on the support post, and based on my other conf files that were premade by linuxserver that work. Do you have any examples on how I would allow resource loading from subfolders? Unfortunately I don't. Not very familiar with htaccess.. only ever used it once for a basic website. Way, way long ago. You may be able figure something else by anyone else that had the same problem. I googled ".htaccess load resources" and came up with the resource problem. You may find some stuff here that's useful, all about the htaccess file... especially the SSI includes section.. that might be relevant. https://www.whoishostingthis.com/resources/htaccess/ And not sure if this is useful at all, https://www.htaccessredirect.net/
August 9, 20205 yr 8 hours ago, Energen said: Unfortunately I don't. Not very familiar with htaccess.. only ever used it once for a basic website. Way, way long ago. You may be able figure something else by anyone else that had the same problem. I googled ".htaccess load resources" and came up with the resource problem. You may find some stuff here that's useful, all about the htaccess file... especially the SSI includes section.. that might be relevant. https://www.whoishostingthis.com/resources/htaccess/ And not sure if this is useful at all, https://www.htaccessredirect.net/ .htaccess is an apache thing. What you need to look into is .htpasswd
August 10, 20205 yr If I wanted to start a new domain alongside my current one, would I have to make another Letsencrypt container? Or is there another way?
August 10, 20205 yr 3 hours ago, Virtual said: It works but i get this in the log, whats wrong ? That's harmless
August 10, 20205 yr 3 hours ago, Stubbs said: If I wanted to start a new domain alongside my current one, would I have to make another Letsencrypt container? Or is there another way? There is an extra domains variable. No need for another instance
August 10, 20205 yr 9 hours ago, aptalca said: There is an extra domains variable. No need for another instance [edit] I assume it's as simple as adding a new variable with the key EXTRA_PARAMETERS? How does it work with subdomains? Does it share the same subdomains parameter above? How does the docker container tell which subdomains belong to the first URL, and which ones belong to the extra parameter URL? Also are there any extra steps needed with cloudflare DNS? Edited August 10, 20205 yr by Stubbs
August 11, 20205 yr 9 hours ago, Stubbs said: [edit] I assume it's as simple as adding a new variable with the key EXTRA_PARAMETERS? How does it work with subdomains? Does it share the same subdomains parameter above? How does the docker container tell which subdomains belong to the first URL, and which ones belong to the extra parameter URL? Also are there any extra steps needed with cloudflare DNS? The readme explains it in detail. It has nothing to do with subdomains. You need to define full urls (fqdn) in that variable
August 11, 20205 yr Hiya! I'm having an issue with a subdomain.conf file for my docker 'speedtest'. Since there was no template I copied one of the more basic ones and modified it to try and get it to work. Unfortunately that endeavor has failed and here I am. speedtest.subdomain.conf - https://codeshare.io/aJXrME The speedtest docker is the new Openspeedtest docker. Setup with standard config: On custom docker network for letsencrypt. WebUI available at :3001. That's why I put 3001 in the subdomain.conf as I had seen other dockers set similarly in their subdomain.conf files. Thanks for any and all help! EDIT: I was able to resolve my issue with the following speedtest.subdomain.conf file: server { listen 443 ssl; listen [::]:443 ssl; server_name speedtest.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app speedtest; set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } Edited August 11, 20205 yr by DeathByDentures Issue Resolved
August 11, 20205 yr I am using the letsencrypt container to run an ssl reverse proxy that is only accessible from within the VPN. For example, everything is setup as {service-name}.mydomain.net which resolves to a local IP. Everything (HAAS, unifi controller, most of Unraid Web GUI) seems to be working except for the main syslog in the Unraid Web GUI (it just won't load). The docker container logs load fine. My sites file is below. Does anyone have experience with getting this last bit to work through a reverse proxy? Any help is appreciated. server { listen 443 ssl; listen [::]:443 ssl; server_name tower.mydomain.net; # all ssl related config moved to ssl.conf #include /config/nginx/ssl.conf; location / { #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header Host $host; #proxy_pass https://localip:port/; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_pass https://localIP:port; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Ssl on; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } }
August 11, 20205 yr 6 hours ago, Michael Hacker said: I am using the letsencrypt container to run an ssl reverse proxy that is only accessible from within the VPN. For example, everything is setup as {service-name}.mydomain.net which resolves to a local IP. Everything (HAAS, unifi controller, most of Unraid Web GUI) seems to be working except for the main syslog in the Unraid Web GUI (it just won't load). The docker container logs load fine. My sites file is below. Does anyone have experience with getting this last bit to work through a reverse proxy? Any help is appreciated. Issue resolved at this post. Add to nginx config for the unraid proxy server. proxy_buffering off;
August 12, 20205 yr i have setup the letsencrypt docker (soon to be a other name i was reading) with the fail2ban i got bitwarden running. i added some filters etc. but when open a terminal session on the letsencrypt docker and type iptables -L i get this error iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. and seeing there isnt a Sudo. in the fail2ban log 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- exec: iptables -w -N f2b-bitwarden iptables -w -A f2b-bitwarden -j RETURN iptables -w -I INPUT -p tcp -j f2b-bitwarden 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)" 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.' 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)" 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.' 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)" 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.' 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- returned 3 2020-08-12 21:14:50,009 fail2ban.actions [388]: ERROR Failed to execute ban jail 'bitwarden' action 'iptables-allports' info 'ActionInfo({'ip': 'ip.ip.ip.ip', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x147d392323a0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x147d39232a60>})': Error starting action Jail('bitwarden')/iptables-allports: 'Script error' Edited August 12, 20205 yr by KoNeko added fail2ban log
August 13, 20205 yr 7 hours ago, KoNeko said: i have setup the letsencrypt docker (soon to be a other name i was reading) with the fail2ban i got bitwarden running. i added some filters etc. but when open a terminal session on the letsencrypt docker and type iptables -L i get this error iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. and seeing there isnt a Sudo. in the fail2ban log 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- exec: iptables -w -N f2b-bitwarden iptables -w -A f2b-bitwarden -j RETURN iptables -w -I INPUT -p tcp -j f2b-bitwarden 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)" 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.' 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)" 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.' 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)" 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.' 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- returned 3 2020-08-12 21:14:50,009 fail2ban.actions [388]: ERROR Failed to execute ban jail 'bitwarden' action 'iptables-allports' info 'ActionInfo({'ip': 'ip.ip.ip.ip', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x147d392323a0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x147d39232a60>})': Error starting action Jail('bitwarden')/iptables-allports: 'Script error' Post your docker run
August 13, 20205 yr 15 hours ago, aptalca said: Post your docker run /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='br0' --ip='192.168.1.15' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'TCP_PORT_80'='' -e 'TCP_PORT_443'='443' -e 'EMAIL'='@gmail.com' -e 'URL'='.nl' -e 'SUBDOMAINS'='www,bitwarden' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='4096' -e 'VALIDATION'='dns' -e 'DNSPLUGIN'='transip' -e 'cap-add'='NET_ADMIN' -e 'PUID'='99' -e 'PGID'='100' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' -v '/mnt/user/appdata/bitwarden/log/':'/log':'rw' 'linuxserver/letsencrypt' 697237b82c1fa9c198a7507d22255f87c991adebc68c08ab615127cfa14e83a2 The command finished successfully! also when i run iptables -S iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. or Iptables -L the passwd files says abc:x:99:100::/config:/bin/false nginx:x:100:100:nginx:/var/lib/nginx:/sbin/nologin for those 2 ids Edited August 13, 20205 yr by KoNeko added
August 13, 20205 yr 2 hours ago, KoNeko said: /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='br0' --ip='192.168.1.15' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'TCP_PORT_80'='' -e 'TCP_PORT_443'='443' -e 'EMAIL'='@gmail.com' -e 'URL'='.nl' -e 'SUBDOMAINS'='www,bitwarden' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='4096' -e 'VALIDATION'='dns' -e 'DNSPLUGIN'='transip' -e 'cap-add'='NET_ADMIN' -e 'PUID'='99' -e 'PGID'='100' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' -v '/mnt/user/appdata/bitwarden/log/':'/log':'rw' 'linuxserver/letsencrypt' 697237b82c1fa9c198a7507d22255f87c991adebc68c08ab615127cfa14e83a2 The command finished successfully! also when i run iptables -S iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. or Iptables -L the passwd files says abc:x:99:100::/config:/bin/false nginx:x:100:100:nginx:/var/lib/nginx:/sbin/nologin for those 2 ids I turned on Privileged and it works for the website and bitwarden. bitwarden only on the login part it still shows the site. Edited August 13, 20205 yr by KoNeko corrected the text
August 14, 20205 yr 6 hours ago, KoNeko said: I turned on Privileged and it works for the website and bitwarden. bitwarden only on the login part it still shows the site. That's because cap-add is not an environment variable so you did not set that correctly. You need to pass it in extra parameters
August 14, 20205 yr I'm having an issue with my subdomains that i've configured. All are accessible outside my network with no issues at all, but i can't seem to connect internally. I know there must be some setting that i've done incorrectly, but i can't figure it out. Anyone know what might be causing it? let me know what logs to provide if needed.
August 14, 20205 yr 18 minutes ago, xxbigfootxx said: I'm having an issue with my subdomains that i've configured. All are accessible outside my network with no issues at all, but i can't seem to connect internally. I know there must be some setting that i've done incorrectly, but i can't figure it out. Anyone know what might be causing it? let me know what logs to provide if needed. It's not your configuration, it's your router. Google your router model, along with the search terms nat loopback hairpinning reflection
August 14, 20205 yr 8 minutes ago, jonathanm said: It's not your configuration, it's your router. Google your router model, along with the search terms nat loopback hairpinning reflection If it's not supported does that mean that i'll have to stick with the local adresses instead of using the subdomain?
August 14, 20205 yr 3 hours ago, aptalca said: That's because cap-add is not an environment variable so you did not set that correctly. You need to pass it in extra parameters How do i use it with unraid gui?. With compose i can follow the examples to add it.
August 14, 20205 yr 1 hour ago, KoNeko said: How do i use it with unraid gui?. With compose i can follow the examples to add it. You add it in the extra parameters field. Turn on advanced view in the top right corner to see it.
August 14, 20205 yr 11 hours ago, xxbigfootxx said: If it's not supported does that mean that i'll have to stick with the local adresses instead of using the subdomain? Then you can do split dns, where your local dns server will tell clients to connect to the local ip when they request the domain.
August 14, 20205 yr Are there any special settings I need to set to get nested subdomains working? I've got no issues with certificates for my root and first-level subdomains, but the second-level nested aren't getting added to the cert. I'm using cloudflare and dns verification Example A records: A example.com <ip> <-- OK A *.example.com <ip> <-- OK A *.subdomain.example.com <ip> <-- Cert invalid when navigating to site
August 14, 20205 yr 8 hours ago, StudiesTheBlade said: Are there any special settings I need to set to get nested subdomains working? I've got no issues with certificates for my root and first-level subdomains, but the second-level nested aren't getting added to the cert. I'm using cloudflare and dns verification Example A records: A example.com <ip> <-- OK A *.example.com <ip> <-- OK A *.subdomain.example.com <ip> <-- Cert invalid when navigating to site Set EXTRA_DOMAINS to *.subdomain.example.com
August 15, 20205 yr 1 hour ago, aptalca said: Set EXTRA_DOMAINS to *.subdomain.example.com That worked! It seems obvious now. I should have checked that. Thanks!
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.