Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

Hello,

 

when I startup the swag container in the log I am concerned about these 2 lines

 

sed: /etc/conf.d/libmaxminddb: No such file or directory

and

/etc/periodic/weekly/libmaxminddb: .: line 3: can't open '/etc/conf.d/libmaxminddb': No such file or directory

 

are these anything to be worried about? or should I be fixing this? if so how?

 

thanks

 

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

2 hours ago, schuu said:

sed: /etc/conf.d/libmaxminddb: No such file or directory

and

/etc/periodic/weekly/libmaxminddb: .: line 3: can't open '/etc/conf.d/libmaxminddb': No such file or directory

 

 

I do see those lines in the log as well. Not sure if it has anything to do with geoip2 or not

8 hours ago, mattgob86 said:

image.thumb.png.12f3757f0a389e17c76576295bb06e5f.png

 

So why if this is at the top, after a docker update does it add automatically another 

image.thumb.png.4612ad2ed9e7560e9bcf66ea918ba6fd.png

 

I have seen this before and it hasn't been a problem with the exception of the last 2-3 weeks of updates not letting the docker start after update until that new http: variable is removed.

Then you have removed the original one and added a new yourself. Next time this happens, remove the one you have added and change the port in the one CA adds.

I had this working in the LE days, and seem to have successfully updated to SWAG (my certificates are updating), however, my reverse proxy setup doesn't seem to be working in one specific instance.

 

Since originally installing LE, I've added a VPN. I have a connection for my primary desktop machine, and I have a connection that I use with my binhex-delugevpn client and I have several dockers accessing the outside world using that docker as a proxy.

 

When I try to connect to https://emby.myddns.com, I get the default "Welcome to our server page". However, when I disconnect the VPN [i]on my desktop machine[/i] and try to access it from there, I get the login page as I would expect. If I reconnect the VPN, again, I simply get the default page again.

 

Why would the VPN connection running on my desktop machine impact SWAG's forwarding of the connection to the server? I have confirmed that port 80 is forwarded to port 81 on my server (not 100% certain why I'd changed that originally, but all I've done is transfer my LE config files to the SWAG config directory, and it does work when the VPN connection is down).

 

As soon as I posted the question, it decided to start working properly. I don't know if it took some time after adding the emby config file in (I'd missed doing that originally) and restarting the SWAG docker, or what, but now I'm getting my login prompt again.

 

Now, to reset all my passwords because I'm sure nobody remembers theirs, it's been down a while.

 

Edited by FreeMan

Hello

 

I have a problem. i i followed this video:

Im trying to get jellyfin working outside my local network so followed this video. the thing is that it´s not working :

i got this error: ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container..

how do i create a cert without the wildcard and cloudflare??

i´ve also tried swag and i think something is wrong..

the link to my duckdns is not working either?

 

thanks in advance

Can anybody explain Fail2ban to me please.  I have guacamole setup and access granted through a nxginx reverse proxy using swag.  How exactly do I enable fail2ban?  I read that fail2ban is already setup with the swag install for nxginx.  Is this enough, or do I need to add another jail for guacamole or any other container I use? 

 

Also, when I run "fail2ban status" in the terminal for swag, it says fail2ban not found.  How can I check if fail2ban is on and working?

 

 

I am getting this warning in my Swag log:

 

nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"

 

Is this anything to worry about?

Edited by Stubbs

is there a way to get a wan address?? i dont think i can connect without it??

 

thank you

1 hour ago, Mattti1912 said:

is there a way to get a wan address?? i dont think i can connect without it??

 

thank you

If you got internet, you have a wan address, unless you are behind double NAT.

oh im not behind double nat. But in the container when it is setup even without swag, i cant find my wan in the container.. Any idea why ??

 

Thanks

9 hours ago, Mattti1912 said:

oh im not behind double nat. But in the container when it is setup even without swag, i cant find my wan in the container.. Any idea why ??

 

Thanks

It's hard to help when you don't supply any info. My wild guess, something is wrong.

Just updated the container and this warning is looping in the log

nginx: [emerg] dlopen() "/var/lib/nginx/modules/ngx_http_lua_module.so" failed (Error loading shared library /var/lib/nginx/modules/ngx_http_lua_module.so: No such file or directory) in /config/nginx/nginx.conf:12

 

If I roll back to 1.12.0-ls36 the warning is gone. Any idea how to fix it?

On 3/18/2017 at 2:04 PM, local.bin said:

I moved the nextcloud.log to my nextcloud data directly, rather than mounting my data directly from letsencypt and note that the config.php edits are also needed to get nextcloud to output the log to the appropriate place

 

 

So I have been trying to get this setup... but seem to be hitting a bit of a barrier.   when you say edit of the config.php  to have the nextcloud to output the log to appropriate place... what edit are you putting in...  

 

I am trying to read through the forum to find this but no luck... any help is great.. 

 

I followed  dmacias's  setup above..... to try and get things working... after much trial and error found out that with my binhex emby the log path was embyserver-*.txt not just server-*.txt...... 

but as I noted I am stuck now with the nextcloud.log... ..

On 3/18/2017 at 12:12 PM, dmacias said:

Here's my setup. So for the LE docker I added

 

Hello. I'm trying to get the reverse proxy for the Nextcloud docker container working through swag. I was following the steps located at https://docs.linuxserver.io/general/swag#nextcloud-subdomain-reverse-proxy-example for setup. However, after I'm done, I'm still getting a 502 bad gateway. Any help would be appreciated. I am including both the swag config & the nextcloud config below

nextcloud.subdomain.conf

## Version 2020/12/09
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['swag'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name home.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app nextcloud;
        set $upstream_port 18443;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_max_temp_file_size 2048m;
    }
}

 

nextcloud's config.php

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'oczev557ynye',
  'passwordsalt' => 'wmc1ZRU+NWpNcgcYuvHtj8inWjqPou',
  'secret' => '61yA7Ruh4yWk39ykw7EUZ9L2PcApyvYSdhYVn75Tf1/0A0m1',
  'trusted_domains' =>
  array (
    0 => '192.168.1.115:444',
    1 => 'home.snreloaded.stream:444',
    2 => 'praemunio:444'
  ),
  'dbtype' => 'mysql',
  'version' => '20.0.1.1',
  'overwrite.cli.url' => 'https://192.168.1.115:444',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.1.115:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'nextcloudROOT',
  'installed' => true,
  'filesystem_check_changes' => 1,
  'trusted_proxies' => ['swag'],
  'overwrite.cli.url' => 'https://home.snreloaded.stream/',
  'overwritehost' => 'home.snreloaded.stream',
  'overwriteprotocol' => 'https',
);

 

Also, I have a DD-WRT enabled router, with port-from being 80/443, & port-to being 1880/18443. The cert validation did succeed with this. I've tried running nextcloud with both port 443 & 444 for the config in unraid. Any help would be greatly appreciated!

Edit: As a followup to this, I now have no access to nextcloud whatsoever. I'm tempted to just drop the swag redirect, & just tell people "yes, it's really safe, trust me" :(

Edited by SNReloaded

4 hours ago, SNReloaded said:

Hello. I'm trying to get the reverse proxy for the Nextcloud docker container working through swag. I was following the steps located at https://docs.linuxserver.io/general/swag#nextcloud-subdomain-reverse-proxy-example for setup. However, after I'm done, I'm still getting a 502 bad gateway. Any help would be appreciated. I am including both the swag config & the nextcloud config below

nextcloud.subdomain.conf


## Version 2020/12/09
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['swag'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name home.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app nextcloud;
        set $upstream_port 18443;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_max_temp_file_size 2048m;
    }
}

 

nextcloud's config.php


<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'oczev557ynye',
  'passwordsalt' => 'wmc1ZRU+NWpNcgcYuvHtj8inWjqPou',
  'secret' => '61yA7Ruh4yWk39ykw7EUZ9L2PcApyvYSdhYVn75Tf1/0A0m1',
  'trusted_domains' =>
  array (
    0 => '192.168.1.115:444',
    1 => 'home.snreloaded.stream:444',
    2 => 'praemunio:444'
  ),
  'dbtype' => 'mysql',
  'version' => '20.0.1.1',
  'overwrite.cli.url' => 'https://192.168.1.115:444',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.1.115:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'nextcloudROOT',
  'installed' => true,
  'filesystem_check_changes' => 1,
  'trusted_proxies' => ['swag'],
  'overwrite.cli.url' => 'https://home.snreloaded.stream/',
  'overwritehost' => 'home.snreloaded.stream',
  'overwriteprotocol' => 'https',
);

 

Also, I have a DD-WRT enabled router, with port-from being 80/443, & port-to being 1880/18443. The cert validation did succeed with this. I've tried running nextcloud with both port 443 & 444 for the config in unraid. Any help would be greatly appreciated!

Edit: As a followup to this, I now have no access to nextcloud whatsoever. I'm tempted to just drop the swag redirect, & just tell people "yes, it's really safe, trust me" :(

Why have you changed the port? There is nothing mentioned about it in the instructions. Leave it as it originally was.

 

Post the docker run commands for both nextcloud and and swag.

HI all  thanks in advance for help.   thought this question might be better suited here under SWAG as the issue is with the FAiL2BAN setup of ...    So explanation of my situation.   I am working on setting up FAIL2BAN for Bitdefender as well as EMBY (had been doing nextcloud but realized it has built in one so don't have to now).    I have everything working in terms of the reverse proxy using spaceinvaders wonderful videos for support doing this.

 

With the SWAG FAIL2BAN  I have edited the jail.local to have the following additional under the default 4 jails.  

[bitwarden]
enabled = true
port = http,https
filter = bitwarden2
action = iptables-allports[name=bitwarden]
logpath = /log/bitwarden.log
ignoreip = 192.168.0.0/24
maxretry = 3
bantime = 14400
findtime = 14400


[bitwarden-admin]


enabled = true
port     = http,https
filter     = bitwarden-admin
action     = iptables-allports[name=bitwarden]
logpath = /log/bitwarden.log
ignoreip = 192.168.0.0/24
maxretry = 2
bantime = 14400
findtime = 14400


[emby]

enabled  = true
port     = http,https
filter   = emby
logpath  = /logs/emby/embyserver.txt
ignoreip = 192.168.0.0/24
maxretry = 3
bantime = 14400
findtime = 14400

 

Within the filter.d  folder I have  created the following three config files 

EMBY

# Fail2Ban filter for emby
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]
failregex = AUTH-ERROR: <HOST> - Invalid user
	HTTP Response 401 to <HOST>.

 

Bitwarden2

# Fail2Ban filter for Bitwarden
# Detecting failed login attempts
# Logged in bwdata/logs/identity/Identity/log.txt

[INCLUDES]
before = common.conf

[Definition]
failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
ignoreregex =

 

Bitwarden-admin

[INCLUDES]
before = common.conf

[Definition]
failregex = ^.*Invalid admin token\. IP: <ADDR>\.*$
ignoreregex =

 

 

When I go to test the fail2ban (by going onto my cell network) and attempting to connect to the reverse proxy emby or bitwarden with incorrect login past the "maxretry"    It does not activate...   HOWEVER... When I go to reset the SWAG container,  then the blocking occurs.. (Confirmed by using the terminal tools  "docker exec -it swag fail2ban-client status"   and   "docker exec -it swag fail2ban-client status <jail name>"      While doing the testing    the Jails are all shown as active...  .  any thoughts on why this is ?  

17 hours ago, saarg said:

Why have you changed the port? There is nothing mentioned about it in the instructions. Leave it as it originally was.

 

Post the docker run commands for both nextcloud and and swag.


I changed the ports because I was getting an error with certbot about the port already being in use (80/443), so I switched to 1880/18443 to be out of range of "commonly used ports".

Also, I know what a docker run command is when using the terminal, but I've never seen the docker run command myself from unraid. How do I go about getting the docker run command?

Hey guys quick question.  I have a few things setup with Swag.  Radarr, Sonarr, BitwardenRS, and Nextcloud.   I moved Bitwarden back to them hosting it instead of me but i still have the docker on Unraid.  Sometimes when i try to use Nextcloud, it says server is not available.   To fix this, i fire up the Bitwarden docker and then Nextcloud works again.  Anything i can look at?   want to delete Bitwarden but for some strange reason, it is tied to Nextcloud.

2 hours ago, SNReloaded said:


I changed the ports because I was getting an error with certbot about the port already being in use (80/443), so I switched to 1880/18443 to be out of range of "commonly used ports".

Also, I know what a docker run command is when using the terminal, but I've never seen the docker run command myself from unraid. How do I go about getting the docker run command?

Check the docker faq.

40 minutes ago, saarg said:

Check the docker faq.

Here's the docker run (it would have been faster to just say "edit the config & it'll give the run command")

SWAG:

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='swag' --net='bridge' -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'EMAIL'='[email protected]' -e 'URL'='snreloaded.stream' -e 'SUBDOMAINS'='home,' -e 'ONLY_SUBDOMAINS'='true' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'EXTRA_DOMAINS'='' -e 'STAGING'='false' -e 'DUCKDNSTOKEN'='' -e 'PROPAGATION'='' -e 'PUID'='99' -e 'PGID'='100' -p '1880:80/tcp' -p '18443:443/tcp' -v '/mnt/user/appdata/swag':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/swag'
1eb3775caaf9f7ab02460256f1579bb3ce6e34d1174f318cfcee9dd775e67091

 

Nextcloud:

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='nextcloud' --net='bridge' -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'PUID'='99' -e 'PGID'='100' -p '444:443/tcp' -v '/mnt/user/nextcloud/':'/data':'rw' -v '/mnt/user/appdata/nextcloud':'/config':'rw' 'linuxserver/nextcloud'
22e325a33923bd38a0e9e96159c43bbb20351efa7bcd948abdc4337ccce2d5fa

 

1 hour ago, SNReloaded said:

Here's the docker run (it would have been faster to just say "edit the config & it'll give the run command")

The FAQ has answers to many more questions, it's good to browse through and see if your issue is already addressed.

2 hours ago, SNReloaded said:

Here's the docker run (it would have been faster to just say "edit the config & it'll give the run command")

SWAG:


root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='swag' --net='bridge' -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'EMAIL'='[email protected]' -e 'URL'='snreloaded.stream' -e 'SUBDOMAINS'='home,' -e 'ONLY_SUBDOMAINS'='true' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'EXTRA_DOMAINS'='' -e 'STAGING'='false' -e 'DUCKDNSTOKEN'='' -e 'PROPAGATION'='' -e 'PUID'='99' -e 'PGID'='100' -p '1880:80/tcp' -p '18443:443/tcp' -v '/mnt/user/appdata/swag':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/swag'
1eb3775caaf9f7ab02460256f1579bb3ce6e34d1174f318cfcee9dd775e67091

 

Nextcloud:


root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='nextcloud' --net='bridge' -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'PUID'='99' -e 'PGID'='100' -p '444:443/tcp' -v '/mnt/user/nextcloud/':'/data':'rw' -v '/mnt/user/appdata/nextcloud':'/config':'rw' 'linuxserver/nextcloud'
22e325a33923bd38a0e9e96159c43bbb20351efa7bcd948abdc4337ccce2d5fa

 

For you, yes, but not for me. So you want me to use more of my time, so you can use less of yours, fixing your problem?

 

Change the port in the proxy conf to 443 and create a custom docker network and set both swag and nextcloud to use that one.

31 minutes ago, saarg said:

Change the port in the proxy conf to 443 and create a custom docker network and set both swag and nextcloud to use that one.

I'm really trying here, & I've spent the last half hour trying to figure out how to create a custom docker network. I looked through the entirety of the docker faq, & it was not described there. I did set nextcloud's docker image to use 443, & I changed proxy-confs upstream to use 443. I set custom: br0 to use 192.168.1.199, & I tried to do that as well for SWAG, but then I got this docker run error

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='swag' --net='br0' --ip='192.168.1.199' -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'TCP_PORT_80'='1880' -e 'TCP_PORT_443'='443' -e 'EMAIL'='[email protected]' -e 'URL'='snreloaded.stream' -e 'SUBDOMAINS'='home,' -e 'ONLY_SUBDOMAINS'='true' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'EXTRA_DOMAINS'='' -e 'STAGING'='false' -e 'DUCKDNSTOKEN'='' -e 'PROPAGATION'='' -e 'PUID'='99' -e 'PGID'='100' -v '/mnt/user/appdata/swag':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/swag'
4006ab65315419844b517497e8efa997b2e6ff31ded83a9197708da1d0afe837
/usr/bin/docker: Error response from daemon: Address already in use.

This makes sense that the IP is already in use, but I'm not understanding how to get both swag & nextcloud to use the docker network

@SNReloaded, I suggest watching some of Spaceinvader One's youtube videos on the subject. He's been doing videos for several years so some of the info in the older videos may be outdated, but the core principles should help you get a grasp on what's going on.

Hi all..   So I am wondering where would I go within UNRAID Docker Edit page for SWAG to add a Docker-Mod  trying to enable 

https://github.com/linuxserver/docker-mods/tree/swag-f2bdiscord

 

It appears to have 3 enviromental variables I need to enable but not sure where I would put them.. or how they should be formatted. 

any help much appreciated :)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.