gulo Posted July 10, 2021 Share Posted July 10, 2021 OK, I *think* it works now. Can anyone take a look and see if I am missing anything? Anything I should add to make it safer? Thanks server { listen 443 ssl; listen [::]:443 ssl; server_name bi.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app 192.168.1.31; set $upstream_port 7968; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; } } Quote Link to comment
joshallen2k Posted July 10, 2021 Share Posted July 10, 2021 On 7/7/2021 at 10:10 PM, joshallen2k said: Hi all - I'm having difficulty troubleshooting what looks like a port forwarding issue. My SWAG reverse proxy was working fine until a week ago. I was getting BTRFS errors in my docker.img, so deleted it and created from new. After reloading my apps, I noticed my reverse proxy was not working anymore. In my SWAG logs, I saw this error: int: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container My port forwarding seemed to be correct for port 80 (to 180) and port 443 (to 1443) as per my SWAG docker template. I went to a number of port testing sites, and they all showed blocked for 80 and 443. So at this point I contacted my ISP (Bell Canada) and they said they have not changed anything. Where should I go now to figure this out? Thanks all. Any ideas here anyone? Or have I messed up some way in how I posted Quote Link to comment
alturismo Posted July 10, 2021 Share Posted July 10, 2021 2 hours ago, joshallen2k said: Any ideas here anyone? Or have I messed up some way in how I posted ping SUB.MYDOMAIN.COM and check if dns fits andpoint to your external ip post a screen from your docker rules post a screen from your routers forwarding rules for swag ... Quote Link to comment
joshallen2k Posted July 10, 2021 Share Posted July 10, 2021 1 hour ago, alturismo said: ping SUB.MYDOMAIN.COM and check if dns fits andpoint to your external ip post a screen from your docker rules post a screen from your routers forwarding rules for swag ... Quote Link to comment
alturismo Posted July 10, 2021 Share Posted July 10, 2021 when i see your template, custom br:0 but no ip ... when your docker crashes it will also remove your custom ip setup ... Quote Link to comment
alturismo Posted July 10, 2021 Share Posted July 10, 2021 (edited) so, add your custom ip's again (dont forget the other reversed dockers ...) that should solve your issue and i meant "when your docker image crashes" ... custom bridge settings are gone and may your "old" forwarding to "ATLANTIS" doesnt fit anymore as the ip may changed may ping ATLANTIS and see if the internal ip still fits for your forwarding Edited July 10, 2021 by alturismo Quote Link to comment
turnipisum Posted July 10, 2021 Share Posted July 10, 2021 What gives with the last update adding youtube-dl.subfolder.conf and swag doesn't start saying duplicate .conf. Quote Link to comment
joshallen2k Posted July 10, 2021 Share Posted July 10, 2021 11 hours ago, alturismo said: so, add your custom ip's again (dont forget the other reversed dockers ...) that should solve your issue and i meant "when your docker image crashes" ... custom bridge settings are gone and may your "old" forwarding to "ATLANTIS" doesnt fit anymore as the ip may changed may ping ATLANTIS and see if the internal ip still fits for your forwarding Thanks for the reply. I double checked my WAN IP and its fine. For some reason my router when I specify an IP it resolves to the host name. WHat I'm unsure of is where you say to add my custom IP's again in the SWAG template. I don't think I specified anything there before. What should it be? Quote Link to comment
saarg Posted July 10, 2021 Share Posted July 10, 2021 3 hours ago, turnipisum said: What gives with the last update adding youtube-dl.subfolder.conf and swag doesn't start saying duplicate .conf. Check the recent posts for the solution. The last update did not add the youtube-dl.subfolder.conf. That happened last year. 1 Quote Link to comment
turnipisum Posted July 10, 2021 Share Posted July 10, 2021 17 minutes ago, saarg said: Check the recent posts for the solution. The last update did not add the youtube-dl.subfolder.conf. That happened last year. Yeah i have sorted it. But update must of done it because i had youtube-dl.subfolder.conf and youtube-dl.subfolder.conf.sample in the folder! i've not touched it since installing it! 1 Quote Link to comment
alturismo Posted July 10, 2021 Share Posted July 10, 2021 3 hours ago, joshallen2k said: Thanks for the reply. I double checked my WAN IP and its fine. For some reason my router when I specify an IP it resolves to the host name. WHat I'm unsure of is where you say to add my custom IP's again in the SWAG template. I don't think I specified anything there before. What should it be? when using custom br0 most likely to assign static ip's for the docker(s) in your home net like 192.168.1.0/24 in terms you stay on dhcp, your port forwarding goes to ATLANTIS, now, when u ping ATLANTIS locally, does it resolve to your swag ip ? your swag docker will have its own ip in the subnet like 192.168.2.25 as sample, so your port forwarding have to match it. as when your docker image crashes or you rebuild it, all network setups will also "reset", so may your swag docker will use a different local lan ip now, you can check in your docker tab on which ip swag is listening to ... and make sure your routers port forwarding for rules 80 and 443 are leading to 180 1443 to that local ip. Quote Link to comment
April29 Posted July 10, 2021 Share Posted July 10, 2021 Hello I installed Swag under docker to use Calibre-web with reverse proxy. The reverse proxy works very well with https://calibre.xxxx.com. I also want to use fail2ban but when I look in the calibre-web logs at the IP of the computer that connects I see the address of Swag docker (172.17.0.4) and not the IP of the remote computer. Thanks for your help Quote Link to comment
joshallen2k Posted July 11, 2021 Share Posted July 11, 2021 (edited) 3 hours ago, alturismo said: when using custom br0 most likely to assign static ip's for the docker(s) in your home net like 192.168.1.0/24 in terms you stay on dhcp, your port forwarding goes to ATLANTIS, now, when u ping ATLANTIS locally, does it resolve to your swag ip ? your swag docker will have its own ip in the subnet like 192.168.2.25 as sample, so your port forwarding have to match it. as when your docker image crashes or you rebuild it, all network setups will also "reset", so may your swag docker will use a different local lan ip now, you can check in your docker tab on which ip swag is listening to ... and make sure your routers port forwarding for rules 80 and 443 are leading to 180 1443 to that local ip. Thanks for the clarification, but I'm still having difficulty. With the setup in the screens below, the SWAG docker container fails to start with Execution Error 403. Note the fixed IP I specified in the template is the IP of my Unraid server (192.168.2.229). The IP of "ATLANTIS" is 192.168.2.229 Edited July 11, 2021 by joshallen2k added detail Quote Link to comment
alturismo Posted July 11, 2021 Share Posted July 11, 2021 (edited) 4 hours ago, joshallen2k said: Thanks for the clarification, but I'm still having difficulty. With the setup in the screens below, the SWAG docker container fails to start with Execution Error 403. Note the fixed IP I specified in the template is the IP of my Unraid server (192.168.2.229). The IP of "ATLANTIS" is 192.168.2.229 you cant assign it to the same ip as unraid has it already, change to bridge instead custom br0, then you dont have to worry about ip's and your docker port mappings are valid, also your other docker(s) then rather to bridge instead custom:br0, when i see what you try todo, i guess you didnt used custom:br0 before, you prolly either used bridge or may even did the proxynet bridge from the common tutorial video fro @SpaceInvaderOne which is also gone when your image broke and you have to start over ... you can pretty easy check how your configs look like, in bridge mode you cant use dockernames as targets ... Edited July 11, 2021 by alturismo Quote Link to comment
OdinEidolon Posted July 11, 2021 Share Posted July 11, 2021 SWAG stopped working for me, using duckdns. It worked OK for the last several months. I did not do any config change. Here's the docker log. Any idea? [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=mydomain.duckdns.org SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=true VALIDATION=duckdns CERTPROVIDER= DNSPLUGIN= [email protected] STAGING=false grep: /config/nginx/resolver.conf: No such file or directory Setting resolver to 127.0.0.11 grep: /config/nginx/worker_processes.conf: No such file or directory Setting worker_processes to 4 Using Let's Encrypt as the cert provider SUBDOMAINS entered, processing Wildcard cert for only the subdomains of mydomain.duckdns.org will be requested E-mail address entered: [email protected] duckdns validation is selected the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created Saving debug log to /var/log/letsencrypt/letsencrypt.log No match found for cert-path /config/etc/letsencrypt/live/mydomain.duckdns.org/fullchain.pem! Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Account registered. Requesting a certificate for *.mydomain.duckdns.org Hook '--manual-auth-hook' for mydomain.duckdns.org ran with output: OKsleeping 60 Hook '--manual-auth-hook' for mydomain.duckdns.org ran with error output: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 2 0 2 0 0 3 0 --:--:-- --:--:-- --:--:-- 3 Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems: Domain: mydomain.duckdns.org Type: dns Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.mydomain.duckdns.org - the domain's nameservers may be malfunctioning Has anybody had any problem with duckdns recently? Of course I checked that all the settings, including the token, are correct. Quote Link to comment
joshallen2k Posted July 11, 2021 Share Posted July 11, 2021 11 hours ago, alturismo said: you cant assign it to the same ip as unraid has it already, change to bridge instead custom br0, then you dont have to worry about ip's and your docker port mappings are valid, also your other docker(s) then rather to bridge instead custom:br0, when i see what you try todo, i guess you didnt used custom:br0 before, you prolly either used bridge or may even did the proxynet bridge from the common tutorial video fro @SpaceInvaderOne which is also gone when your image broke and you have to start over ... you can pretty easy check how your configs look like, in bridge mode you cant use dockernames as targets ... Yes, it was the @SpaceInvaderOne tutorial that I originally used for the setup. I changed my network to bridge and had the same error. I just used the troubleshooting guide https://www.linuxserver.io/blog/2019-07-10-troubleshooting-letsencrypt-image-port-mapping-and-forwarding which suggests using the Nginx docker to test connectivity and forwarding. Using nginx seems to work - I can reach the standard web page, and when I use a port checker, port 80 and 443 are open/green. When I delete the nginx docker and launch swag (using the same port forward and network settings), then port 80/443 are showing up as closed. Quote Link to comment
luciaadr Posted July 11, 2021 Share Posted July 11, 2021 On 7/8/2021 at 1:10 PM, Yak said: I was also getting the error Which I thought odd as I've never setup youtube-dll. In the end I renamed youtube-dl.subfolder.conf to youtube-dl.subfolder.conf_BAK, restarted Swag and everything is back up and running normally Maybe in enabled this at some point, I don't recall, but I had the same error this weekend, only realising while away so I couldn't remote in to fix it.... I deleted the .conf (I've still got the .sample) and all good again. Thanks. Need to set up another method to connect! Quote Link to comment
Mihle Posted July 11, 2021 Share Posted July 11, 2021 (edited) On 7/8/2021 at 11:21 PM, saarg said: If it doesn't have .sample at the end you have enabled it at one point. I am getting the same error with youtube.dl but I know 100% sure I have never removed the sample on it, I dont even know what it is. I only use Swag with Nextcloud. Tho I see that that config was last updated summer 2020... Edited July 11, 2021 by Mihle Quote Link to comment
danioj Posted July 12, 2021 Share Posted July 12, 2021 I woke this morning to SWAG not working. In the log I get this: nginx: [emerg] "proxy_redirect" directive is duplicate in /config/nginx/proxy-confs/youtube-dl.subfolder.conf:22 youtube-dl.subfolder.conf in the proxy-confs is there without a .sample at the end. I did not change this. Quote Link to comment
BraveRu Posted July 12, 2021 Share Posted July 12, 2021 On 7/6/2018 at 6:47 PM, Tuumke said: Found the culprit. All the proxy-conf subfolder conf files have a /servicename and organizr just has the / what is that mean ? how can I fix this ? thank you firstly , I found once i unable "proxy_redirect" in the .conf file , "nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28" will happen . Quote Link to comment
OdinEidolon Posted July 12, 2021 Share Posted July 12, 2021 On 7/11/2021 at 1:18 PM, OdinEidolon said: SWAG stopped working for me, using duckdns. It worked OK for the last several months. I did not do any config change. Here's the docker log. Any idea? [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=mydomain.duckdns.org SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=true VALIDATION=duckdns CERTPROVIDER= DNSPLUGIN= [email protected] STAGING=false grep: /config/nginx/resolver.conf: No such file or directory Setting resolver to 127.0.0.11 grep: /config/nginx/worker_processes.conf: No such file or directory Setting worker_processes to 4 Using Let's Encrypt as the cert provider SUBDOMAINS entered, processing Wildcard cert for only the subdomains of mydomain.duckdns.org will be requested E-mail address entered: [email protected] duckdns validation is selected the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created Saving debug log to /var/log/letsencrypt/letsencrypt.log No match found for cert-path /config/etc/letsencrypt/live/mydomain.duckdns.org/fullchain.pem! Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Account registered. Requesting a certificate for *.mydomain.duckdns.org Hook '--manual-auth-hook' for mydomain.duckdns.org ran with output: OKsleeping 60 Hook '--manual-auth-hook' for mydomain.duckdns.org ran with error output: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 2 0 2 0 0 3 0 --:--:-- --:--:-- --:--:-- 3 Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems: Domain: mydomain.duckdns.org Type: dns Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.mydomain.duckdns.org - the domain's nameservers may be malfunctioning Has anybody had any problem with duckdns recently? Of course I checked that all the settings, including the token, are correct. Does anybody have any hint about what's going on here? I do not understand ifthis is an issue on duckDNS's side or some configuration mishap. Quote Link to comment
007craft Posted July 13, 2021 Share Posted July 13, 2021 (edited) My swag broke on update. None of my sites work. I had 2 domains and several subdomains on my 1st domain running. This is only error I get: nginx: [emerg] "proxy_redirect" directive is duplicate in /config/nginx/site-confs/mydomain2.conf:28 What does this mean? I created the mydomain2.conf file in the past and I need it as it redirects to my wordpress docker. Heres the contents of mydomain2.conf server { listen 80; listen [::]:80; server_name mydomain2.com; return 301 https://$host$request_uri; } # main server block server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name mydomain2.com; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app 192.168.1.102; set $upstream_port 8086; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_redirect off; } } In the meantime I rolled back to an older version using linuxserver/swag:version-1.16.0 as the repository (Which works fine). What is changed in Swag 1.17 that is causing this error? Swag is just so overly complicated. I would switch to nginx proxy manager in a heartbeat but I need fail2ban. Edited July 13, 2021 by 007craft 1 Quote Link to comment
Unrayed Posted July 13, 2021 Share Posted July 13, 2021 (edited) On 6/30/2021 at 11:20 PM, saarg said: Why did you change the third to 1? Only change the first two. Using cronguru, it seemed to me that "30 20 1 * *" appears to translate to the 1st of every month, whereas "30 20 * * *" translates to a trigger of half past eight pm every single day - or have I misunderstood? Edited July 13, 2021 by Unrayed Quote Link to comment
Wong Posted July 14, 2021 Share Posted July 14, 2021 I found out today my swag broke. It was working properly in the past until today. Does anyone encounter the same issue? If so, do you guy know any fix? My swag broke with this log error. This is my CONF. file setup for only office subdomain Quote Link to comment
blaine07 Posted July 14, 2021 Share Posted July 14, 2021 I found out today my swag broke. It was working properly in the past until today. Does anyone encounter the same issue? If so, do you guy know any fix? My swag broke with this log error. This is my CONF. file setup for only office subdomain Comment out the “proxy_redirect” line in the OnlyOffice CONF. Restart Swag. Profit. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.