Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

3 hours ago, casperse said:

Maybee a stupid Q

 

But is it okay to add multiple subdomains like this?


server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name photo.doamin.dk;
    server_name photos.domain.dk;
    server_name piwigo.domain.dk;

And could I just add a piwigo.domain2.dk also?

It might work but I dont want to go against the approved structure

You can put multiple names in a single server name directive, don't use multiple directives

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

4 hours ago, BurntOC said:

Fair observation.  I thought about including it originally but if the connectivity is there, it seems like this would be some well-known trick that I don't know about.  To that point, your question is a great one to which I believed the answer was "Yes, I've tested it.".  But if so I'd have been wrong, as checking right now it is not getting a response.  I'm up to 15 other devices that are working just fine across the other 2 situations I included in my initial post on this.  Since it is working for other servers in that same domain it would seem like the traffic should have no problems getting from my Unraid server to the firewall headed to the Pi, but clearly I do.  Here's my proxy, in any event (I use hassio.mydomain.me and the device is on 192.168.60.4 in this example):

 


server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name hassio.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
#        set $upstream_app homeassistant;
        set $upstream_app 192.168.60.4;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

 

If you can't ping 192.168.60.4 it's not the proxy conf that is the issue. Since you have other services working, I would assume your firewall blocks access from the unraid network to your hassio RPI.

17 minutes ago, saarg said:

If you can't ping 192.168.60.4 it's not the proxy conf that is the issue. Since you have other services working, I would assume your firewall blocks access from the unraid network to your hassio RPI.

So I verified that I had port isolation enabled on both the Unifi switch port connected to that Unraid network and the port the Pi is connected to.  Disabling it on the Pi port allowed swag to ping the Pi, but I am still getting the Nginx gateway error.  The isolation observation and the lack of entries in the logs confirms this is transiting port to port without the firewall seeing it, but it's even more puzzling as to why it still isn't working... 

1 hour ago, BurntOC said:

So I verified that I had port isolation enabled on both the Unifi switch port connected to that Unraid network and the port the Pi is connected to.  Disabling it on the Pi port allowed swag to ping the Pi, but I am still getting the Nginx gateway error.  The isolation observation and the lack of entries in the logs confirms this is transiting port to port without the firewall seeing it, but it's even more puzzling as to why it still isn't working... 

I can't really help with network issues.

You are sure you use the correct port and that it is http and not https?

Are you accessing the domain from your network or using your phone?

Edited by saarg

2 hours ago, saarg said:

I can't really help with network issues.

You are sure you use the correct port and that it is http and not https?

Are you accessing the domain from your network or using your phone?

Port was correct, but though I'd tested http vs https earlier with no effect (of course because port isolation was probably blocking it in any case), I just tried switching it to https and it works.  I have had Hass pulling a cert with the LetsEncrypt addon and I had it set to access via HTTPS.  I'm tempted to leave it for now.  As I understand it, I'm doing SSL to Swag, but it's doing HTTP to the proxied hosts in most cases per the template default, right?  And there would be some risk of something else on the same subnet trying to sniff the unencrypted traffic, but in this case I'm doing SSL to swag and then also to the proxied server so the full path is encrypted, right?  If not, I will leave these other connections be, as I was going to look into usings HTTPS with them as well.

4 hours ago, BurntOC said:

Port was correct, but though I'd tested http vs https earlier with no effect (of course because port isolation was probably blocking it in any case), I just tried switching it to https and it works.  I have had Hass pulling a cert with the LetsEncrypt addon and I had it set to access via HTTPS.  I'm tempted to leave it for now.  As I understand it, I'm doing SSL to Swag, but it's doing HTTP to the proxied hosts in most cases per the template default, right?  And there would be some risk of something else on the same subnet trying to sniff the unencrypted traffic, but in this case I'm doing SSL to swag and then also to the proxied server so the full path is encrypted, right?  If not, I will leave these other connections be, as I was going to look into usings HTTPS with them as well.

If it's within your own network, I would drop SSL and just do http.

Edited by saarg

11 hours ago, aptalca said:

You can put multiple names in a single server name directive, don't use multiple directives

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name photo.doamin.dk,photos.domain.dk,piwigo.domain.dk,piwigo.domain2.dk;

I tried combining them but got a strange error afterwards?

nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 64
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised

Hi,

im trying to get swag to reverse proxy to my vm in unraid. i used spaceinvader video to set it up at start but now when im trying to send to the vm, the log give me this... any one has any idea? i mean it work great when im using it on docker but i cant get it to send it to my vm

Thanks for any help

P.S. I actually want to send it to a vm for nextcloud instead of using a docker for it.

 

2020/11/10 00:45:08 [error] 431#431: *63 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 66.70.148.95, server: myServer.*, request: "GET /favicon.ico HTTP/2.0", upstream: "https://192.168.8.13:443/favicon.ico", host: "myHost", referrer: "https://myHost/"

On 11/9/2020 at 10:05 AM, casperse said:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name photo.doamin.dk,photos.domain.dk,piwigo.domain.dk,piwigo.domain2.dk;

I tried combining them but got a strange error afterwards?

nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 64
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised

Strange only when I list them in sepereate lines it works and I dont get the below error

 

 

nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 64
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

 

server_name photo.domain1.dk;

server_name photos.domain1.dk;

server_name piwigo.domain1.dk;

 

It works no errors (Even if the syntax is not right)

I have multiple services running behind a reverse nginx proxy. But I am having issues with home assistant. The UI loads but the calls don't get forwarded and error out 


 

Failed to call service homeassistant/turn_off. Unable to find service light/turn_off

I am running https://hub.docker.com/r/homeassistant/home-assistant on Unraid. This is the nginx config. The site loads but gives errors when I try to turn on lights.
 

# make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name ha.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app homeassistant;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location /api/websocket {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app homeassistant;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

 

This is the command used to run the container:


 

usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name='HomeAssistant' --net='proxynet' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -p '8123:8123/tcp' --device='/dev/ttyUSB0' 'homeassistant/home-assistant' 

 

 I am not sure if its more suited for home assistant? 

Edited by BoKKeR

3 hours ago, BoKKeR said:

I have multiple services running behind a reverse nginx proxy. But I am having issues with home assistant. The UI loads but the calls don't get forwarded and error out 


 


Failed to call service homeassistant/turn_off. Unable to find service light/turn_off

I am running https://hub.docker.com/r/homeassistant/home-assistant on Unraid. This is the nginx config. The site loads but gives errors when I try to turn on lights.
 


# make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name ha.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app homeassistant;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location /api/websocket {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app homeassistant;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

 

This is the command used to run the container:


 


usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name='HomeAssistant' --net='proxynet' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -p '8123:8123/tcp' --device='/dev/ttyUSB0' 'homeassistant/home-assistant' 

 

 I am not sure if its more suited for home assistant? 

You have the name wrong for the container. You have to name it homeassistant with small letters.

thanks I tried that also. Same result I can resolve home assistant over nginx, but all the service calls fail. 

25 minutes ago, BoKKeR said:

thanks I tried that also. Same result I can resolve home assistant over nginx, but all the service calls fail. 

We don't have the /api location in our proxy-conf and I'm not sure why you need it?

Removing the block rebooting SWAG, I get even less access. I get to the login page. After login I am greeted with 

 

image.thumb.png.15cb45e6f4aecf562ce86f4b1b0df87f.png

9 hours ago, BoKKeR said:

Removing the block rebooting SWAG, I get even less access. I get to the login page. After login I am greeted with 

 

image.thumb.png.15cb45e6f4aecf562ce86f4b1b0df87f.png

Did you set homeassistant to use https om that port? If so, change it back to http. There is a similar problem like this fixed on this page.

I am wondering if anyone has any idea how to use SWAG with a SQL docker to reverse proxy a MSSQL server for remote access through SSMS?

 

I have spent most of a couple of days looking into it, and I know that I need to use a stream process, however I can't get it to work with the nginx within SWAG docker. Anyone have this working and could give me some guidance on how to setup the subdomain conf file?

10 hours ago, saarg said:

Did you set homeassistant to use https om that port? If so, change it back to http. There is a similar problem like this fixed on this page.

 

I cant find this option, but to make sure I made a new container with a new config location and adjusted the config in swag, restarted swagger. I get the https login page on the subdomain, upon login I end up with the same error page. 

7 hours ago, deanpelton said:

I am wondering if anyone has any idea how to use SWAG with a SQL docker to reverse proxy a MSSQL server for remote access through SSMS?

 

I have spent most of a couple of days looking into it, and I know that I need to use a stream process, however I can't get it to work with the nginx within SWAG docker. Anyone have this working and could give me some guidance on how to setup the subdomain conf file?

You can't as it's not web traffic.

On 11/12/2020 at 2:29 PM, deanpelton said:

I am wondering if anyone has any idea how to use SWAG with a SQL docker to reverse proxy a MSSQL server for remote access through SSMS?

 

I have spent most of a couple of days looking into it, and I know that I need to use a stream process, however I can't get it to work with the nginx within SWAG docker. Anyone have this working and could give me some guidance on how to setup the subdomain conf file?

 

On 11/12/2020 at 10:24 PM, saarg said:

You can't as it's not web traffic.

standard tcp or udp traffic is like mentioned not supported with http server blocks, it works single as stream "passthrough".

 

if there would be this module included we may could play and bind domains to the stream(s), but its not included so ... sadly no.

 

https://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html

 

3 hours ago, alturismo said:

 

standard tcp or udp traffic is like mentioned not supported with http server blocks, it works single as stream "passthrough".

 

if there would be this module included we may could play and bind domains to the stream(s), but its not included so ... sadly no.

 

https://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html

 

Thanks alturismo,

I saw your previous comments on this topic but I couldn't load the stream module into my swag container.

Any other methods of doing this with a IP address whitelisting for safety?

3 hours ago, deanpelton said:

Thanks alturismo,

I saw your previous comments on this topic but I couldn't load the stream module into my swag container.

Any other methods of doing this with a IP address whitelisting for safety?

not that im aware off

I keep getting the error below. I've attached my port forwards. 

 

I've updated the DNS of the server to 8.8.8.8 and 1.1.1.1, still nothing. I've recently moved house and using new modem. But it should just work with the same forwards?

 

image.png.6ca77e1213a92a70255c4f1c036f3244.pngimage.png.15c4b20c8080c933879f1a069ca15cf5.png

5 hours ago, xxbigfootxx said:

But it should just work with the same forwards?

The image shows the internal and external ports reversed.

On 11/17/2020 at 8:16 PM, jonathanm said:

The image shows the internal and external ports reversed.

Thanks mate, i figured they were but had tried in the correct setup but was still failing. Turns out i had static DNS that was incorrect on the modem. All working now.

 

EDIT: Literally a few hours later and it all stopped again. Seems to be a DNS issue with the Netcomm modem i'm using. I wasn't having any issues with the Netgear. But i wanted to NAT loopback features of the Netcomm

Edited by xxbigfootxx

Hello All,

 

I have hosted my personal site and couple of dockers via Swag following SpaceInvaderOne video. Everything was working great. Recently, i configured VLAN in unraid. My plan is to host all reverse proxy stuffs in this VLAN.  How to setup Swag in VLAN?

 

Thanks

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.