Anym001 Posted June 14, 2022 Share Posted June 14, 2022 Empty folders are regularly created in my SWAG container folder in the appdata directory. (custom-cont-init.d.% or custom-services.d.%) Does anyone have any idea why this is happening? Quote Link to comment
Einsteinjr Posted July 1, 2022 Share Posted July 1, 2022 On 3/2/2022 at 6:02 PM, Matmat07_2 said: Edit: I made a new container using swag instead of the old letsencrypt. Only changed the domain and email settings: Same result Edit2: using "nc -l localhost -p 80" and shutting down the Swag container, I made sure I could access port 80 from outside. I'm not sure what else I changed, but now it works. You can always help me, but now I'l be trying to add back my old settings slowly. Hi, I just had to change my domain and now I can't seem to make letsencrypt/swag work again. I changed the domain name in most files/area I could think of, but I guess I'm forgetting something important. Requesting a certificate for mydomain.fun and www.mydomain.fun Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems: Domain: mydomain.fun Type: connection Detail: Fetching http://mydomain.fun/.well-known/acme-challenge/AxgorMtHjklmjngO0kvrKsu3Pi-EuATqWmPA9x-tvUc: Timeout during connect (likely firewall problem) Domain: www.mydomain.fun Type: connection Detail: Fetching http://www.mydomain.fun/.well-known/acme-challenge/Lo35xswjM0aVaWMmlHuYYLNu3VgF5GEHvGHSGGPeiao: Timeout during connect (likely firewall problem) Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container "www" is the only subdomain I tried adding so far. Over at Namecheap, I've got: AAAA Record @ *IPV6 address* Cname Record ombi mydomain.fun Cname Record www mydomain.fun Any idea what I might have forgotten, or where I could find more info? The logs I'm getting aren't super usefull (from the little I understand) I also have this issue. It seems it started when I modified the subdomain list. I'm seeing similar reports on the LetsEncrypt community page. I had to change over to dns-plugin (Cloudflare) to get the validation working. Quote Link to comment
SicSemper Posted July 9, 2022 Share Posted July 9, 2022 Hey all, I set up a reverse proxy originally with Let's Encrypt following the Spaceinvaderone tutorial. At some point while I was able to continue to access all my subdomain stuff, I couldn't connect to my actual website. I was getting Cloudflare 525 SSL handshake errors I upgraded Let's Encrypt to Swag, and I tried some simple fixes on Cloudflare (changing SSL from full to flexible, adding some page rules) but nothing gives. Anyone have any ideas how I can sort out this SSL issue and get my site up and running? (It's my work portfolio and I'm on the job hunt so I'm kind of handcuffed until I can send it out again). Quote Link to comment
anongum Posted July 13, 2022 Share Posted July 13, 2022 (edited) I've been using let'se encrypt/swag for years now, so I know the bare steps to succesfully set up a reverse proxy to access the webgui of my docker images from remote (I have emby and nextcloud behind reverse proxy, they work as a charm). Recently I installed Komga, which is similar to plex but for books and comics. Set up the reverse proxy, worked perfectly. Ten days later, I get 502. Tried to update unraid OS, downgrade the container, uninstall it, clean the appdata folder and reinstall it, tried another url on duckdns - nothing works. But it worked a week ago, and I literally didn't touch the NAS in the meanwhile. Can anyone help me find out what's the issue? Docker command: Quote root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='Komga' --net='proxynet' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e HOST_HOSTNAME="Tower" -e HOST_CONTAINERNAME="Komga" -e 'KOMGA_LIBRARIES_SCAN_DIRECTORY_EXCLUSIONS'='#recycle,@eaDir' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.webui='http://[IP]:[PORT:8080]' -l net.unraid.docker.icon='https://raw.githubusercontent.com/selfhosters/unRAID-CA-templates/master/templates/img/komga.png' -p '8095:8080/tcp' -v '/mnt/user/Media/books':'/books':'rw' -v '/mnt/user/fullshare/Manga/':'/manga':'rw' -v '/mnt/user/fullshare/Libri/':'/libri':'rw' -v '/mnt/user/appdata/Komga':'/config':'rw' 'gotson/komga' komga.subdomain.conf file content, with redacted subdomain Quote ## Version 2021/05/18 # make sure that your dns has a cname set for komga and that your komga container is not using a base url server { listen 443 ssl; listen [::]:443 ssl; server_name [REDACTED].*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; # enable for Authelia #include /config/nginx/authelia-server.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /ldaplogin; # enable for Authelia #include /config/nginx/authelia-location.conf; include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app komga; set $upstream_port 8095; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location ~ (/komga)?/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app komga; set $upstream_port 8095; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } The error.log file of swag says this every time I try to access the webgui of the Komga container by remote Quote 2022/07/10 22:27:13 [error] 742#742: *7689 connect() failed (111: Connection refused) while connecting to upstream, client: 67.211.212.202, server: [REDACTED].*, request: "GET /wp-login.php HTTP/1.1", upstream: "http://172.18.0.4:8095/wp-login.php", host: "[REDACTED].duckdns.org", referrer: "http://[REDACTED].duckdns.org/wp-login.php" 2022/07/10 22:27:13 [error] 742#742: *7689 connect() failed (111: Connection refused) while connecting to upstream, client: 67.211.212.202, server: [REDACTED].*, request: "GET /wp-login.php HTTP/1.1", upstream: "http://172.18.0.4:8095/502.html", host: "[REDACTED].duckdns.org", referrer: "http://[REDACTED].duckdns.org/wp-login.php" These same exact steps made this container work not even 2 weeks ago, and now it doesn't. EDIT: It now works, I changed the port back to 8080. It's quite annoying that the container doesn't work unless it's on this port, but it's a problem from Komga side. Edited July 15, 2022 by anongum Quote Link to comment
SplitHoirzon Posted July 13, 2022 Share Posted July 13, 2022 Im hoping you all have an answer to this. I had to delete my Docker.img and re-install all my docker containers. Everything is great but SWAG. Every time it tried to get a cert it says Connection refused on all connections. I have had SWAG and its predecessor running for years with no problems. I have troubleshot it for 2 days and found that whatever ports I assign to the SWAG container refuse connection. I can try it on my LAN taking the firewall out of the equation and get the same results. I have assigned multiple ports to the container and it refuses them. I can put the same ports on other containers and they work fine. I have tried it on proxynet, Host, and Br0 networks and same results. Just for some reason SWAG refuses any connection. Im desperate for help. Quote Link to comment
SplitHoirzon Posted July 13, 2022 Share Posted July 13, 2022 (edited) 12 minutes ago, SplitHoirzon said: Im hoping you all have an answer to this. I had to delete my Docker.img and re-install all my docker containers. Everything is great but SWAG. Every time it tried to get a cert it says Connection refused on all connections. I have had SWAG and its predecessor running for years with no problems. I have troubleshot it for 2 days and found that whatever ports I assign to the SWAG container refuse connection. I can try it on my LAN taking the firewall out of the equation and get the same results. I have assigned multiple ports to the container and it refuses them. I can put the same ports on other containers and they work fine. I have tried it on proxynet, Host, and Br0 networks and same results. Just for some reason SWAG refuses any connection. Im desperate for help. OK i had an inspiration as soon as I posted this. I was correct as the container was refusing the connection itself. I didnt go far enough. When I reinstalled SWAG I used the "previous apps' section and reinstalled it with all my old settings. For some reason when the container, the premade port inside the container that is greyed out and cannot be changed was assigned http 185:180 and https 1445:1443. So basically I had to delete those setting and create then from scratch using the correct internal of 80:180 and 443:1443. I have no idea why the template did this but its fixed and working. Edited July 13, 2022 by SplitHoirzon Quote Link to comment
semicole Posted July 14, 2022 Share Posted July 14, 2022 Hi All, I am trying to get Organizr server auth setup for all of my reverse proxied docker containers so that I can use Organizr as the single entry point into my server and I have been struggling to get it working. I already have all of my containers setup correctly with Swag and can reverse proxy into all of them just fine, but now when I am trying to get the Organizr server auth working I think I am doing something wrong in my nginx proxy conf files. According to the Swag proxy-conf templates it should be as simple as renaming the organizr-auth.subfolder.conf.sample file as a conf file and including the following below into each conf file that I want to setup through Organizr server auth. auth_request /auth-0; location ~ /auth-(.*) { internal; proxy_pass http://server ip address that organizr is running on:organizr port/api/?v1/aut> proxy_set_header Content-Length ""; } However, when I do that, I get the following error below in Swag logs and when trying to access the container through Organizr server auth, I get a refused to connect error. nginx: [emerg] "location" directive is not allowed here in /config/nginx/proxy-confs/radarr.subdomain.conf:6 I get the same error above for the organizr-auth.subfolder.conf.sample file as well, pointed to the "location" line in the file. Any ideas what I am doing wrong? Quote Link to comment
RealNerdyViking Posted July 18, 2022 Share Posted July 18, 2022 Hi all. I'm having a problem getting my swag set up and can't figure out why I'm getting this error. I've already got the port forwarding set up and have tried several different ports (updated in the config files as well as the router). I'm using a domain name that I purchased on google domains and have confirmed that both ports 80 and 443 are in fact open and correctly routed. They are not being blocked by either my router nor my ISP. I've set up dynamic dns on google domains with the correct subdomains entered and have even tried the generic duckdns set up using a subdomain and encounter the same problem. I have tried this from a fresh install and unmodified config files as well as some edits after failed attempts. Any help provided would be greatly appreciated. Quote Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems: Domain: (domain name) Type: unauthorized Detail: xxx.xxx.xx.xx: Invalid response from (server name): 404 Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
Rex099 Posted August 3, 2022 Share Posted August 3, 2022 On 5/19/2022 at 11:10 AM, xenoblade said: hi,i have got the same problem did you solve that? Sorry I never actually figured out what the issue was. But after ~ 3 weeks everything just started working again on its own. I'm still thinking that it was something the ISP was doing but don't have any proof. Quote Link to comment
touz Posted August 5, 2022 Share Posted August 5, 2022 when trying to run a test on the Emby log file, I get back a Python error. Anyone has an idea what could be wrong here? root@f12caf6bf9ed:/# fail2ban-regex /log/EmbyServer/embyserver.txt /config/fail2ban/filter.d/EmbyServer Running tests ============= Use failregex filter file : EmbyServer, basedir: /config/fail2ban Use log file : /log/EmbyServer/embyserver.txt Use encoding : UTF-8 Traceback (most recent call last): File "/usr/bin/fail2ban-regex", line 34, in <module> exec_command_line() File "/usr/lib/python3.9/site-packages/fail2ban/client/fail2banregex.py", line 836, in exec_command_line if not fail2banRegex.start(args): File "/usr/lib/python3.9/site-packages/fail2ban/client/fail2banregex.py", line 776, in start self.process(test_lines) File "/usr/lib/python3.9/site-packages/fail2ban/client/fail2banregex.py", line 584, in process line_datetimestripped, ret, is_ignored = self.testRegex(line) File "/usr/lib/python3.9/site-packages/fail2ban/client/fail2banregex.py", line 456, in testRegex found = self._filter.processLine(line, date) File "/usr/lib/python3.9/site-packages/fail2ban/server/filter.py", line 613, in processLine timeMatch = self.dateDetector.matchTime(line) File "/usr/lib/python3.9/site-packages/fail2ban/server/datedetector.py", line 368, in matchTime (line[distance] == self.__lastPos[2] and not self.__lastPos[2].isalnum()) IndexError: string index out of range root@f12caf6bf9ed:/# Quote Link to comment
vw-kombi Posted August 11, 2022 Share Posted August 11, 2022 I want to add the geoip2 database stuff. It says to do this : In the container's docker arguments, set an environment variable DOCKER_MODS=linuxserver/mods:swag-maxmind However where does that go in the unraid cntainer setup ? Thanks. Quote Link to comment
alturismo Posted August 11, 2022 Share Posted August 11, 2022 1 hour ago, vw-kombi said: However where does that go in the unraid cntainer setup ? may simple as described, add a enviroment Variable with the mod)s= you want Quote Link to comment
diehardbattery Posted August 12, 2022 Share Posted August 12, 2022 (edited) Hello, I followed ibracorp's tutorial on setting up swag/nginx. I'm reasonably sure I have everything correct, however the first service I tried, plex doesn't seem to work. I have installed all mods except for authelia. My DNS is through cloudflare. I had A records for all my services before, but it seems that this wants an A record for the domain only and CNAME records for subdomains. I removed the A record I had for plex and replaced with CNAME/domain. I would prefer to run this proxied if possible. Setting the CNAME record to DNS only also does not work. I have forwarded ports 80 and 443 to unraid. I also tried the 44301 and 8001 ports as suggested in the tutorial. I'm not sure what I'm missing. Per the swag log, the auto-proxy does appear to recognize plex. In an attempt to see how it was configuring it, I tried to look at the /mnt/user/appdata/swag/nginx/proxy-confs/plex.subdomain.conf.sample but it is blank. I looked at a few of the other sample configs and they are blank as well. I'm not sure what's missing. Any help is appreciated. My swag container log is below: cont-init: info: /etc/cont-init.d/10-adduser exited 0 cont-init: info: running /etc/cont-init.d/20-config cont-init: info: /etc/cont-init.d/20-config exited 0 cont-init: info: running /etc/cont-init.d/30-keygen cont-init: info: /etc/cont-init.d/30-keygen exited 0 cont-init: info: running /etc/cont-init.d/50-config cont-init: info: /etc/cont-init.d/50-config exited 0 cont-init: info: running /etc/cont-init.d/60-renew cont-init: info: /etc/cont-init.d/60-renew exited 0 cont-init: info: running /etc/cont-init.d/70-templates cont-init: info: /etc/cont-init.d/70-templates exited 0 cont-init: info: running /etc/cont-init.d/90-custom-folders cont-init: info: /etc/cont-init.d/90-custom-folders exited 0 cont-init: info: running /etc/cont-init.d/95-docker cont-init: info: /etc/cont-init.d/95-docker exited 0 cont-init: info: running /etc/cont-init.d/98-auto-proxy cont-init: info: /etc/cont-init.d/98-auto-proxy exited 0 cont-init: info: running /etc/cont-init.d/98-cloudflare-real-ip cont-init: info: /etc/cont-init.d/98-cloudflare-real-ip exited 0 cont-init: info: running /etc/cont-init.d/98-inotify cont-init: info: /etc/cont-init.d/98-inotify exited 0 cont-init: info: running /etc/cont-init.d/99-custom-files cont-init: info: /etc/cont-init.d/99-custom-files exited 0 s6-rc: info: service legacy-cont-init successfully started s6-rc: info: service init-mods: starting s6-rc: info: service init-mods successfully started s6-rc: info: service init-mods-package-install: starting s6-rc: info: service init-mods-package-install successfully started s6-rc: info: service init-mods-end: starting s6-rc: info: service init-mods-end successfully started s6-rc: info: service init-services: starting s6-rc: info: service init-services successfully started s6-rc: info: service legacy-services: starting services-up: info: copying legacy longrun cron (no readiness notification) services-up: info: copying legacy longrun fail2ban (no readiness notification) services-up: info: copying legacy longrun inotify (no readiness notification) services-up: info: copying legacy longrun nginx (no readiness notification) services-up: info: copying legacy longrun php-fpm (no readiness notification) s6-rc: info: service legacy-services successfully started s6-rc: info: service 99-ci-service-check: starting s6-rc: info: service 99-ci-service-check successfully started User gid: 100 ------------------------------------- using keys found in /config/keys Variables set: PUID=99 PGID=100 TZ=America/Chicago URL=********.*** SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=false VALIDATION=dns CERTPROVIDER= DNSPLUGIN=cloudflare EMAIL=********@******.*** STAGING=false Using Let's Encrypt as the cert provider SUBDOMAINS entered, processing Wildcard cert for ********.*** will be requested E-mail address entered: ********@******.*** dns validation via cloudflare plugin is selected Certificate exists; parameters unchanged; starting nginx The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). **** installing docker and docker compose **** **** docker and docker-compose already installed, skipping **** **** Remote docker service dockersocket will be used **** **** Using preset proxy conf for plex **** **** No preset proxy conf found for swag, generating from scratch **** **** Setting upstream address swag for swag **** **** Setting port 443 for swag **** **** Setting proto http for swag **** **** Setting url swag.* for swag **** fetch http://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.14/community/x86_64/APKINDEX.tar.gz OK: 257 MiB in 229 packages [custom-init] no custom files found exiting... [ls.io-init] done. MOD Auto-reload: Watching the following files/folders for changes /config/nginx/authelia-location.conf /config/nginx/authelia-server.conf /config/nginx/ldap.conf /config/nginx/nginx.conf /config/nginx/proxy-confs /config/nginx/proxy.conf /config/nginx/site-confs /config/nginx/ssl.conf Server ready Edited August 12, 2022 by diehardbattery Quote Link to comment
dfox1787 Posted August 13, 2022 Share Posted August 13, 2022 Hi Can anyone help with my sonarr and radarr setup? Both sites have "not secure" . The proxy configs have been renamed and let as default as my docker names are "Sonarr" and Radarr" any help please? Quote Link to comment
vw-kombi Posted August 14, 2022 Share Posted August 14, 2022 All working fine for remote use, ie when I turn wifi off in my phone. But while in wifi, on and off my wifi devices, so on same network, it does not work. Makes testing and checking a bit hard. Anything I should setup to make it work? Quote Link to comment
diehardbattery Posted August 23, 2022 Share Posted August 23, 2022 I'm usually pretty good at following guides to set up things I'd like to have/use. But, when something goes wrong, especially for networking, I'm apparently not yet good enough to troubleshoot it properly (but hey, I can plug and unplug an ethernet cable?), so here we are... I am doing my best to document every step I have taken thus far, so apologies if it's incomplete. Currently I am stuck with what appears to be a port forwarding situation on my OPNsense router with regard to SWAG. I get a 502 when trying to access the subdomain from either LAN or another WAN (Verizon Wireless from phone). I can hit the SWAG Welcome Page when trying to access the root domain from another WAN (also Verizon Wireless from phone) but not from LAN. I am trying to figure out the correct sequence for OPNsense. What I've tried so far with OPNsense: Sequence: WAN interface ANY > WAN ADDRESS > TCP 80/443 > 18001/18443 > (Unraid IP)/32 (1 entry each). In other words, I have port forwarding rules for 80 and 443 from ANY, to WAN address, then forward as ports 18443 and 18001 respectively to the Unraid server with a /32 CIDR. Enabling or disabling NAT Reflection (hairpin NAT?). Filter rule association set to pass. For NAT Outbound, I have it set to hybrid due to having rules for my gaming consoles/upnp. What I've tried so far for Cloudflare: Turning proxy on/off for the domain/subdomains. Purging the site cache. Changing SSL/TLS encryption modes (Full and Full Strict). What I have done with SWAG: Consulted with linuxserver.io SWAG page under troubleshooting 502 errors: port unchanged except for upstream_port and upstream_app match the guacamole container (see conf below). Recreated relevant conf parameters for auto proxy in the ApacheGuacamole Docker template (added labels for swag=enable, swag_port and swag_url). My guacamole.subdomain.conf: ## Version 2021/05/18 # make sure that your dns has a cname set for guacamole and that your guacamole container is not using a base url server { listen 443 ssl; listen [::]:443 ssl; server_name guaca.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; # enable for Authelia #include /config/nginx/authelia-server.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /ldaplogin; # enable for Authelia #include /config/nginx/authelia-location.conf; include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app ApacheGuacamole; set $upstream_port 7575; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_buffering off; } } The nginx error log says this: [error] 8002#8002: *6 connect() failed (111: Connection refused) while connecting to upstream, client: xxx.xx.xx.xxx, server: guaca.*, request: "GET / HTTP/2.0", upstream: "http://172.18.0.2:7575/", host: "guaca.xxxxxx.io" Where client is my WAN IP, guaca.* is my subdomain (with CNAME pointed to @), 172. address is the custom docker network. If the problem lies within SWAG, I'm not sure what is not correct as there are no errors in the logs. If it is within OPNsense, I'm also not sure about that as it looks correct to me. Any other combination of port forwards (i.e. reversing the ports, doing 443/80 for everything, etc) gets a 522. I know something is not right, but I am not experienced enough to determine what. I wish I knew what to do next... hopefully someday I will lol... Quote Link to comment
prytzen Posted September 20, 2022 Share Posted September 20, 2022 I am having issues with my SWAG install and it not updating certificates. Seems as though the last time it updated was back in April some time and has failed ever since. It was working fine before then and i cannot find anything that has changed. The errors that it keeps throwing are about timeouts and port 80 not being available, but i have verified that i am forwarding Port 80 to the container like always. I have a Unifi Security Gateway Pro and have forwarded port 80 on the outside to the appropriate IP address and port 80 on the inside (the IP and Port of the SWAG container). This automatically sets up a firewall rule allowing that traffic, but for some reason either this is not working, or the container is not responding to those HTTP requests. Any Ideas? Certbot output (anonymized domain and IP address) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/plex.domain.tld.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Renewing an existing certificate for plex.domain.tld and 4 more domains Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems: Domain: homeassistant.domain.tld Type: connection Detail: aa.bb.cc.dd: Fetching http://homeassistant.domain.tld/.well-known/acme-challenge/yh5SakI-iluZRukPZrhi7DAzwPVnN09r6q-S4OwIO7c: Timeout during connect (likely firewall problem) Domain: nextcloud.domain.tld Type: connection Detail: aa.bb.cc.dd: Fetching http://nextcloud.domain.tld/.well-known/acme-challenge/kq8c_9WqjEfhmmixjCJnMLShXxp1I21T42Nv3Sou1gM: Timeout during connect (likely firewall problem) Domain: ombi.domain.tld Type: connection Detail: aa.bb.cc.dd: Fetching http://ombi.domain.tld/.well-known/acme-challenge/cOCO5wmZM8N-WcLYwUjUjvDJh2cGbMh66s2VePAJ0fs: Timeout during connect (likely firewall problem) Domain: plex.domain.tld Type: connection Detail: aa.bb.cc.dd: Fetching http://plex.domain.tld/.well-known/acme-challenge/a8xsYJhw1CRGMyUwPhDQ4opxJRXr4AfGvbm2vqmHhC8: Timeout during connect (likely firewall problem) Domain: unifi.domain.tld Type: connection Detail: aa.bb.cc.dd: Fetching http://unifi.domain.tld/.well-known/acme-challenge/jU2jB7sLax3NxOcVBHdygQ1f-PJLWH1UJjXvKSq7KbM: Timeout during connect (likely firewall problem) Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet. Failed to renew certificate plex.domain.tld with error: Some challenges have failed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewals failed. The following certificates could not be renewed: /etc/letsencrypt/live/plex.domain.tld/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. Quote Link to comment
JonathanM Posted September 20, 2022 Share Posted September 20, 2022 1 hour ago, prytzen said: i have verified that i am forwarding Port 80 to the container like always. Try temporarily shutting down SWAG and standing up a plain nginx container listening on the same IP and port, and see if it's reachable from the WAN side. Quote Link to comment
prytzen Posted September 21, 2022 Share Posted September 21, 2022 14 hours ago, JonathanM said: Try temporarily shutting down SWAG and standing up a plain nginx container listening on the same IP and port, and see if it's reachable from the WAN side. So it appears that my ISP is to blame. There were some changes around that April timeline and it appears they are now blocking Port 80 inbound on residential connections (oddly everything else they seem to be fine with). But that means that i cannot use HTTP as the method of certificate authentication. I use Dreamhost as my registrar and hosting platform. Is there a way to use DNS as the authentication? I know that they have an API, but am not sure how to make it work with the SWAG container. Quote Link to comment
hernandito Posted September 25, 2022 Share Posted September 25, 2022 (edited) Boy....With so much unRAID experience, I hate to ask this question. For ages, I used to have a folder inside my /appdata/swag/ folder called custom-cont-init.d. In here I had a bash script that installed a few things to my container. I see now that this is a legacy way; and that the new way is place/locate this folder outside the docker's /config folder. Thinking that a more updated docker template would have this volume mapping; I compared my template to the latest Swag template and they are different! Like SCARY different. Plus it did not have anything pre-set for the custom script. What should I do? In reading Cutomizing LSIO Dockers, do I need to go my original template and ... +Add Another Path...? Will this work? I am afraid of ruining my Swag setup. I am also scared of updating my template to the latest. Things were nicely working w/ LetsEncrypt... I'm not a master at DNS and certificates. Thank you, H. Edited September 25, 2022 by hernandito Quote Link to comment
blaine07 Posted September 25, 2022 Share Posted September 25, 2022 3 minutes ago, hernandito said: Boy....With so much unRAID experience, I hate to ask this question. For ages, I used to have a folder inside my /appdata/swag/ folder called custom-cont-init.d. In here I had a bash script that installed a few things to my container. I see now that this is a legacy way; and that the new way is place/locate this folder outside the docker's /config folder. Thinking that a more updated docker template would have this volume mapping; I compared my template to the latest Swag template and they are different! Like SCARY different. Plus it did not have anything pre-set for the custom script. What should I do? In reading Cutomizing LSIO Dockers, do I need to go my original template and ... +Add Another Path...? Will this work? I am afraid of ruining my Swag setup. I am also scared of updating my template to the latest. Things were nicely working w/ LetsEncrypt... I'm not a master at DNS and certificates. Thank you, H. You've already seen this; does this help? It talks about some of the things you are...? https://info.linuxserver.io/issues/2022-08-29-custom-files/ Quote Link to comment
hernandito Posted September 25, 2022 Share Posted September 25, 2022 2 minutes ago, blaine07 said: You've already seen this; does this help? It talks about some of the things you are...? https://info.linuxserver.io/issues/2022-08-29-custom-files/ Thank you Blaine... I had already seen this... what is not clear or explained is how to approach / resolve this with the unRAID docker templates... Quote Link to comment
blaine07 Posted September 25, 2022 Share Posted September 25, 2022 2 minutes ago, hernandito said: Thank you Blaine... I had already seen this... what is not clear or explained is how to approach / resolve this with the unRAID docker templates... Well, how your mapping to it outside of SWAG container..in my head that makes sense. Not sure what your custom scripts are doing but...It appears it would work from how I am interpreting our info. Make a back up of SWAG and give it a shot? Quote Link to comment
hernandito Posted September 25, 2022 Share Posted September 25, 2022 17 minutes ago, blaine07 said: Well, how your mapping to it outside of SWAG container..in my head that makes sense. Not sure what your custom scripts are doing but...It appears it would work from how I am interpreting our info. Make a back up of SWAG and give it a shot? SOLVED I did backups of my template and the appdata folder... I ended up adding the custom script folder inside the /appdata/sawg folder like this: Thank you Blaine for giving me strength to try this. I have never edited an LSIO template to add new parameters. 1 Quote Link to comment
MasterMark Posted September 27, 2022 Share Posted September 27, 2022 nginx: [emerg] open() "/etc/nginx/accesslist.conf" failed (2: No such file or directory) What the heck? Is something changed? The accesslist file was loaded before. include accesslist.conf; This is where the proxy config loading this. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.