schuu Posted February 13, 2021 Share Posted February 13, 2021 Hello, when I startup the swag container in the log I am concerned about these 2 lines sed: /etc/conf.d/libmaxminddb: No such file or directory and /etc/periodic/weekly/libmaxminddb: .: line 3: can't open '/etc/conf.d/libmaxminddb': No such file or directory are these anything to be worried about? or should I be fixing this? if so how? thanks Quote Link to comment
Seige Posted February 13, 2021 Share Posted February 13, 2021 2 hours ago, schuu said: sed: /etc/conf.d/libmaxminddb: No such file or directory and /etc/periodic/weekly/libmaxminddb: .: line 3: can't open '/etc/conf.d/libmaxminddb': No such file or directory I do see those lines in the log as well. Not sure if it has anything to do with geoip2 or not Quote Link to comment
saarg Posted February 13, 2021 Share Posted February 13, 2021 8 hours ago, mattgob86 said: So why if this is at the top, after a docker update does it add automatically another I have seen this before and it hasn't been a problem with the exception of the last 2-3 weeks of updates not letting the docker start after update until that new http: variable is removed. Then you have removed the original one and added a new yourself. Next time this happens, remove the one you have added and change the port in the one CA adds. Quote Link to comment
FreeMan Posted February 14, 2021 Share Posted February 14, 2021 (edited) I had this working in the LE days, and seem to have successfully updated to SWAG (my certificates are updating), however, my reverse proxy setup doesn't seem to be working in one specific instance. Since originally installing LE, I've added a VPN. I have a connection for my primary desktop machine, and I have a connection that I use with my binhex-delugevpn client and I have several dockers accessing the outside world using that docker as a proxy. When I try to connect to https://emby.myddns.com, I get the default "Welcome to our server page". However, when I disconnect the VPN [i]on my desktop machine[/i] and try to access it from there, I get the login page as I would expect. If I reconnect the VPN, again, I simply get the default page again. Why would the VPN connection running on my desktop machine impact SWAG's forwarding of the connection to the server? I have confirmed that port 80 is forwarded to port 81 on my server (not 100% certain why I'd changed that originally, but all I've done is transfer my LE config files to the SWAG config directory, and it does work when the VPN connection is down). As soon as I posted the question, it decided to start working properly. I don't know if it took some time after adding the emby config file in (I'd missed doing that originally) and restarting the SWAG docker, or what, but now I'm getting my login prompt again. Now, to reset all my passwords because I'm sure nobody remembers theirs, it's been down a while. Edited February 14, 2021 by FreeMan Quote Link to comment
Mattti1912 Posted February 15, 2021 Share Posted February 15, 2021 Hello I have a problem. i i followed this video: Im trying to get jellyfin working outside my local network so followed this video. the thing is that it´s not working : i got this error: ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container.. how do i create a cert without the wildcard and cloudflare?? i´ve also tried swag and i think something is wrong.. the link to my duckdns is not working either? thanks in advance Quote Link to comment
007craft Posted February 15, 2021 Share Posted February 15, 2021 Can anybody explain Fail2ban to me please. I have guacamole setup and access granted through a nxginx reverse proxy using swag. How exactly do I enable fail2ban? I read that fail2ban is already setup with the swag install for nxginx. Is this enough, or do I need to add another jail for guacamole or any other container I use? Also, when I run "fail2ban status" in the terminal for swag, it says fail2ban not found. How can I check if fail2ban is on and working? Quote Link to comment
Stubbs Posted February 15, 2021 Share Posted February 15, 2021 (edited) I am getting this warning in my Swag log: nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/config/keys/letsencrypt/fullchain.pem" nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/config/keys/letsencrypt/fullchain.pem" nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/config/keys/letsencrypt/fullchain.pem" nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/config/keys/letsencrypt/fullchain.pem" nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/config/keys/letsencrypt/fullchain.pem" nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "r3.o.lencr.org" in the certificate "/config/keys/letsencrypt/fullchain.pem" Is this anything to worry about? Edited February 15, 2021 by Stubbs Quote Link to comment
Mattti1912 Posted February 15, 2021 Share Posted February 15, 2021 is there a way to get a wan address?? i dont think i can connect without it?? thank you Quote Link to comment
saarg Posted February 15, 2021 Share Posted February 15, 2021 1 hour ago, Mattti1912 said: is there a way to get a wan address?? i dont think i can connect without it?? thank you If you got internet, you have a wan address, unless you are behind double NAT. Quote Link to comment
Mattti1912 Posted February 15, 2021 Share Posted February 15, 2021 oh im not behind double nat. But in the container when it is setup even without swag, i cant find my wan in the container.. Any idea why ?? Thanks Quote Link to comment
saarg Posted February 16, 2021 Share Posted February 16, 2021 9 hours ago, Mattti1912 said: oh im not behind double nat. But in the container when it is setup even without swag, i cant find my wan in the container.. Any idea why ?? Thanks It's hard to help when you don't supply any info. My wild guess, something is wrong. Quote Link to comment
strike Posted February 16, 2021 Share Posted February 16, 2021 Just updated the container and this warning is looping in the log nginx: [emerg] dlopen() "/var/lib/nginx/modules/ngx_http_lua_module.so" failed (Error loading shared library /var/lib/nginx/modules/ngx_http_lua_module.so: No such file or directory) in /config/nginx/nginx.conf:12 If I roll back to 1.12.0-ls36 the warning is gone. Any idea how to fix it? Quote Link to comment
Aceriz Posted February 17, 2021 Share Posted February 17, 2021 On 3/18/2017 at 2:04 PM, local.bin said: I moved the nextcloud.log to my nextcloud data directly, rather than mounting my data directly from letsencypt and note that the config.php edits are also needed to get nextcloud to output the log to the appropriate place So I have been trying to get this setup... but seem to be hitting a bit of a barrier. when you say edit of the config.php to have the nextcloud to output the log to appropriate place... what edit are you putting in... I am trying to read through the forum to find this but no luck... any help is great.. I followed dmacias's setup above..... to try and get things working... after much trial and error found out that with my binhex emby the log path was embyserver-*.txt not just server-*.txt...... but as I noted I am stuck now with the nextcloud.log... .. On 3/18/2017 at 12:12 PM, dmacias said: Here's my setup. So for the LE docker I added Quote Link to comment
SNReloaded Posted February 17, 2021 Share Posted February 17, 2021 (edited) Hello. I'm trying to get the reverse proxy for the Nextcloud docker container working through swag. I was following the steps located at https://docs.linuxserver.io/general/swag#nextcloud-subdomain-reverse-proxy-example for setup. However, after I'm done, I'm still getting a 502 bad gateway. Any help would be appreciated. I am including both the swag config & the nextcloud config below nextcloud.subdomain.conf ## Version 2020/12/09 # make sure that your dns has a cname set for nextcloud # assuming this container is called "swag", edit your nextcloud container's config # located at /config/www/nextcloud/config/config.php and add the following lines before the ");": # 'trusted_proxies' => ['swag'], # 'overwrite.cli.url' => 'https://nextcloud.your-domain.com/', # 'overwritehost' => 'nextcloud.your-domain.com', # 'overwriteprotocol' => 'https', # # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: # array ( # 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. # 1 => 'nextcloud.your-domain.com', # ), server { listen 443 ssl; listen [::]:443 ssl; server_name home.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app nextcloud; set $upstream_port 18443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_max_temp_file_size 2048m; } } nextcloud's config.php <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oczev557ynye', 'passwordsalt' => 'wmc1ZRU+NWpNcgcYuvHtj8inWjqPou', 'secret' => '61yA7Ruh4yWk39ykw7EUZ9L2PcApyvYSdhYVn75Tf1/0A0m1', 'trusted_domains' => array ( 0 => '192.168.1.115:444', 1 => 'home.snreloaded.stream:444', 2 => 'praemunio:444' ), 'dbtype' => 'mysql', 'version' => '20.0.1.1', 'overwrite.cli.url' => 'https://192.168.1.115:444', 'dbname' => 'nextcloud', 'dbhost' => '192.168.1.115:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => 'nextcloudROOT', 'installed' => true, 'filesystem_check_changes' => 1, 'trusted_proxies' => ['swag'], 'overwrite.cli.url' => 'https://home.snreloaded.stream/', 'overwritehost' => 'home.snreloaded.stream', 'overwriteprotocol' => 'https', ); Also, I have a DD-WRT enabled router, with port-from being 80/443, & port-to being 1880/18443. The cert validation did succeed with this. I've tried running nextcloud with both port 443 & 444 for the config in unraid. Any help would be greatly appreciated! Edit: As a followup to this, I now have no access to nextcloud whatsoever. I'm tempted to just drop the swag redirect, & just tell people "yes, it's really safe, trust me" Edited February 17, 2021 by SNReloaded 1 Quote Link to comment
saarg Posted February 17, 2021 Share Posted February 17, 2021 4 hours ago, SNReloaded said: Hello. I'm trying to get the reverse proxy for the Nextcloud docker container working through swag. I was following the steps located at https://docs.linuxserver.io/general/swag#nextcloud-subdomain-reverse-proxy-example for setup. However, after I'm done, I'm still getting a 502 bad gateway. Any help would be appreciated. I am including both the swag config & the nextcloud config below nextcloud.subdomain.conf ## Version 2020/12/09 # make sure that your dns has a cname set for nextcloud # assuming this container is called "swag", edit your nextcloud container's config # located at /config/www/nextcloud/config/config.php and add the following lines before the ");": # 'trusted_proxies' => ['swag'], # 'overwrite.cli.url' => 'https://nextcloud.your-domain.com/', # 'overwritehost' => 'nextcloud.your-domain.com', # 'overwriteprotocol' => 'https', # # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: # array ( # 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. # 1 => 'nextcloud.your-domain.com', # ), server { listen 443 ssl; listen [::]:443 ssl; server_name home.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app nextcloud; set $upstream_port 18443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_max_temp_file_size 2048m; } } nextcloud's config.php <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oczev557ynye', 'passwordsalt' => 'wmc1ZRU+NWpNcgcYuvHtj8inWjqPou', 'secret' => '61yA7Ruh4yWk39ykw7EUZ9L2PcApyvYSdhYVn75Tf1/0A0m1', 'trusted_domains' => array ( 0 => '192.168.1.115:444', 1 => 'home.snreloaded.stream:444', 2 => 'praemunio:444' ), 'dbtype' => 'mysql', 'version' => '20.0.1.1', 'overwrite.cli.url' => 'https://192.168.1.115:444', 'dbname' => 'nextcloud', 'dbhost' => '192.168.1.115:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => 'nextcloudROOT', 'installed' => true, 'filesystem_check_changes' => 1, 'trusted_proxies' => ['swag'], 'overwrite.cli.url' => 'https://home.snreloaded.stream/', 'overwritehost' => 'home.snreloaded.stream', 'overwriteprotocol' => 'https', ); Also, I have a DD-WRT enabled router, with port-from being 80/443, & port-to being 1880/18443. The cert validation did succeed with this. I've tried running nextcloud with both port 443 & 444 for the config in unraid. Any help would be greatly appreciated! Edit: As a followup to this, I now have no access to nextcloud whatsoever. I'm tempted to just drop the swag redirect, & just tell people "yes, it's really safe, trust me" Why have you changed the port? There is nothing mentioned about it in the instructions. Leave it as it originally was. Post the docker run commands for both nextcloud and and swag. Quote Link to comment
Aceriz Posted February 18, 2021 Share Posted February 18, 2021 HI all thanks in advance for help. thought this question might be better suited here under SWAG as the issue is with the FAiL2BAN setup of ... So explanation of my situation. I am working on setting up FAIL2BAN for Bitdefender as well as EMBY (had been doing nextcloud but realized it has built in one so don't have to now). I have everything working in terms of the reverse proxy using spaceinvaders wonderful videos for support doing this. With the SWAG FAIL2BAN I have edited the jail.local to have the following additional under the default 4 jails. [bitwarden] enabled = true port = http,https filter = bitwarden2 action = iptables-allports[name=bitwarden] logpath = /log/bitwarden.log ignoreip = 192.168.0.0/24 maxretry = 3 bantime = 14400 findtime = 14400 [bitwarden-admin] enabled = true port = http,https filter = bitwarden-admin action = iptables-allports[name=bitwarden] logpath = /log/bitwarden.log ignoreip = 192.168.0.0/24 maxretry = 2 bantime = 14400 findtime = 14400 [emby] enabled = true port = http,https filter = emby logpath = /logs/emby/embyserver.txt ignoreip = 192.168.0.0/24 maxretry = 3 bantime = 14400 findtime = 14400 Within the filter.d folder I have created the following three config files EMBY # Fail2Ban filter for emby # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] failregex = AUTH-ERROR: <HOST> - Invalid user HTTP Response 401 to <HOST>. Bitwarden2 # Fail2Ban filter for Bitwarden # Detecting failed login attempts # Logged in bwdata/logs/identity/Identity/log.txt [INCLUDES] before = common.conf [Definition] failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$ ignoreregex = Bitwarden-admin [INCLUDES] before = common.conf [Definition] failregex = ^.*Invalid admin token\. IP: <ADDR>\.*$ ignoreregex = When I go to test the fail2ban (by going onto my cell network) and attempting to connect to the reverse proxy emby or bitwarden with incorrect login past the "maxretry" It does not activate... HOWEVER... When I go to reset the SWAG container, then the blocking occurs.. (Confirmed by using the terminal tools "docker exec -it swag fail2ban-client status" and "docker exec -it swag fail2ban-client status <jail name>" While doing the testing the Jails are all shown as active... . any thoughts on why this is ? Quote Link to comment
SNReloaded Posted February 18, 2021 Share Posted February 18, 2021 17 hours ago, saarg said: Why have you changed the port? There is nothing mentioned about it in the instructions. Leave it as it originally was. Post the docker run commands for both nextcloud and and swag. I changed the ports because I was getting an error with certbot about the port already being in use (80/443), so I switched to 1880/18443 to be out of range of "commonly used ports". Also, I know what a docker run command is when using the terminal, but I've never seen the docker run command myself from unraid. How do I go about getting the docker run command? Quote Link to comment
xman111 Posted February 18, 2021 Share Posted February 18, 2021 Hey guys quick question. I have a few things setup with Swag. Radarr, Sonarr, BitwardenRS, and Nextcloud. I moved Bitwarden back to them hosting it instead of me but i still have the docker on Unraid. Sometimes when i try to use Nextcloud, it says server is not available. To fix this, i fire up the Bitwarden docker and then Nextcloud works again. Anything i can look at? want to delete Bitwarden but for some strange reason, it is tied to Nextcloud. Quote Link to comment
saarg Posted February 18, 2021 Share Posted February 18, 2021 2 hours ago, SNReloaded said: I changed the ports because I was getting an error with certbot about the port already being in use (80/443), so I switched to 1880/18443 to be out of range of "commonly used ports". Also, I know what a docker run command is when using the terminal, but I've never seen the docker run command myself from unraid. How do I go about getting the docker run command? Check the docker faq. 1 Quote Link to comment
SNReloaded Posted February 18, 2021 Share Posted February 18, 2021 40 minutes ago, saarg said: Check the docker faq. Here's the docker run (it would have been faster to just say "edit the config & it'll give the run command") SWAG: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='swag' --net='bridge' -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'EMAIL'='[email protected]' -e 'URL'='snreloaded.stream' -e 'SUBDOMAINS'='home,' -e 'ONLY_SUBDOMAINS'='true' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'EXTRA_DOMAINS'='' -e 'STAGING'='false' -e 'DUCKDNSTOKEN'='' -e 'PROPAGATION'='' -e 'PUID'='99' -e 'PGID'='100' -p '1880:80/tcp' -p '18443:443/tcp' -v '/mnt/user/appdata/swag':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/swag' 1eb3775caaf9f7ab02460256f1579bb3ce6e34d1174f318cfcee9dd775e67091 Nextcloud: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='nextcloud' --net='bridge' -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'PUID'='99' -e 'PGID'='100' -p '444:443/tcp' -v '/mnt/user/nextcloud/':'/data':'rw' -v '/mnt/user/appdata/nextcloud':'/config':'rw' 'linuxserver/nextcloud' 22e325a33923bd38a0e9e96159c43bbb20351efa7bcd948abdc4337ccce2d5fa Quote Link to comment
JonathanM Posted February 18, 2021 Share Posted February 18, 2021 1 hour ago, SNReloaded said: Here's the docker run (it would have been faster to just say "edit the config & it'll give the run command") The FAQ has answers to many more questions, it's good to browse through and see if your issue is already addressed. 1 Quote Link to comment
saarg Posted February 18, 2021 Share Posted February 18, 2021 2 hours ago, SNReloaded said: Here's the docker run (it would have been faster to just say "edit the config & it'll give the run command") SWAG: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='swag' --net='bridge' -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'EMAIL'='[email protected]' -e 'URL'='snreloaded.stream' -e 'SUBDOMAINS'='home,' -e 'ONLY_SUBDOMAINS'='true' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'EXTRA_DOMAINS'='' -e 'STAGING'='false' -e 'DUCKDNSTOKEN'='' -e 'PROPAGATION'='' -e 'PUID'='99' -e 'PGID'='100' -p '1880:80/tcp' -p '18443:443/tcp' -v '/mnt/user/appdata/swag':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/swag' 1eb3775caaf9f7ab02460256f1579bb3ce6e34d1174f318cfcee9dd775e67091 Nextcloud: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='nextcloud' --net='bridge' -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'PUID'='99' -e 'PGID'='100' -p '444:443/tcp' -v '/mnt/user/nextcloud/':'/data':'rw' -v '/mnt/user/appdata/nextcloud':'/config':'rw' 'linuxserver/nextcloud' 22e325a33923bd38a0e9e96159c43bbb20351efa7bcd948abdc4337ccce2d5fa For you, yes, but not for me. So you want me to use more of my time, so you can use less of yours, fixing your problem? Change the port in the proxy conf to 443 and create a custom docker network and set both swag and nextcloud to use that one. 1 Quote Link to comment
SNReloaded Posted February 18, 2021 Share Posted February 18, 2021 31 minutes ago, saarg said: Change the port in the proxy conf to 443 and create a custom docker network and set both swag and nextcloud to use that one. I'm really trying here, & I've spent the last half hour trying to figure out how to create a custom docker network. I looked through the entirety of the docker faq, & it was not described there. I did set nextcloud's docker image to use 443, & I changed proxy-confs upstream to use 443. I set custom: br0 to use 192.168.1.199, & I tried to do that as well for SWAG, but then I got this docker run error root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='swag' --net='br0' --ip='192.168.1.199' -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'TCP_PORT_80'='1880' -e 'TCP_PORT_443'='443' -e 'EMAIL'='[email protected]' -e 'URL'='snreloaded.stream' -e 'SUBDOMAINS'='home,' -e 'ONLY_SUBDOMAINS'='true' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'EXTRA_DOMAINS'='' -e 'STAGING'='false' -e 'DUCKDNSTOKEN'='' -e 'PROPAGATION'='' -e 'PUID'='99' -e 'PGID'='100' -v '/mnt/user/appdata/swag':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/swag' 4006ab65315419844b517497e8efa997b2e6ff31ded83a9197708da1d0afe837 /usr/bin/docker: Error response from daemon: Address already in use. This makes sense that the IP is already in use, but I'm not understanding how to get both swag & nextcloud to use the docker network Quote Link to comment
JonathanM Posted February 18, 2021 Share Posted February 18, 2021 @SNReloaded, I suggest watching some of Spaceinvader One's youtube videos on the subject. He's been doing videos for several years so some of the info in the older videos may be outdated, but the core principles should help you get a grasp on what's going on. 1 Quote Link to comment
Aceriz Posted February 19, 2021 Share Posted February 19, 2021 Hi all.. So I am wondering where would I go within UNRAID Docker Edit page for SWAG to add a Docker-Mod trying to enable https://github.com/linuxserver/docker-mods/tree/swag-f2bdiscord It appears to have 3 enviromental variables I need to enable but not sure where I would put them.. or how they should be formatted. any help much appreciated Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.