[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

Are there any instructions to ensure a successful migration from the old docker container? Any specific things we should look out for when transferring the files?

 

Thanks!

Install the new container in a new config folder, let it get the certs, and then you can transfer the contents of the www folder and the necessary elements from the site config. That's really all.

Link to comment

I'm trying to troubleshoot this.  I've installed the docker and used ports 8086 and 444.  When I go to https://unraidIP:444 or http://unraidIP:8086, I get "Unable to Connect".  After a couple of minutes, the docker shuts down.  I went to my "appdata" and locked in the "Log" folder, but nothing is in any of the three folders. 

 

I've deleted the docker and the folder in "appdata" and tried reinstalling.  I've tried different ports, same thing.

 

I'm using duckDNS and I've verified the domain I'm using works.  I've also verified that port 443 on my firewall points to my Unraid server.

 

What am i missing?  Any thoughts?

unraidConfig.png.b0f237fdac38d9433515cdb0f20c40c3.png

Link to comment

 

 

I'm trying to troubleshoot this.  I've installed the docker and used ports 8086 and 444.  When I go to https://unraidIP:444 or http://unraidIP:8086, I get "Unable to Connect".  After a couple of minutes, the docker shuts down.  I went to my "appdata" and locked in the "Log" folder, but nothing is in any of the three folders. 

 

I've deleted the docker and the folder in "appdata" and tried reinstalling.  I've tried different ports, same thing.

 

I'm using duckDNS and I've verified the domain I'm using works.  I've also verified that port 443 on my firewall points to my Unraid server.

 

What am i missing?  Any thoughts?

 

What does the docker log show?

 

Did you forward port 443 on the router to port 444 on unraid?

Link to comment

To simplify I put the port back to 443.

 

Log reports:

Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/index.php/donations/
-------------------------------------
GID/UID
-------------------------------------
User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
2048 bit DH parameters present
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.UNRAIDSERVER.com
Generating new certificate
Failed authorization procedure. UNRAIDSERVER.com (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for UNRAIDSERVER.com
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: UNRAIDSERVER.com
Type: unknownHost
Detail: No valid IP addresses found for UNRAIDSERVER.com

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
/var/run/s6/etc/cont-init.d/50-config: line 105: cd: /config/keys/letsencrypt: No such file or directory
[cont-init.d] 50-config: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
Failed authorization procedure. chaoconnor.com (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for chaoconnor.com
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: UNRAIDSERVER.com
Type: unknownHost
Detail: No valid IP addresses found for UNRAIDSERVER.com

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
/var/run/s6/etc/cont-init.d/50-config: line 105: cd: /config/keys/letsencrypt: No such file or directory
[cont-init.d] 50-config: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

Link to comment

I think the issue is you can't use a CNAME to point to a root domain, it has to be a subdomain, in this case "www".  That's why it fails w/o the www. 

 

Instead I'm going to use a permanent re-direct (301) type from the root domain to the duckdns domain.

 

I'll have to let it propagate and see if it works.

 

Thanks for everyone's help!

Link to comment

Thanks again for everyone's help.  So I setup password protection for the main site using .htpasswd and verified it's working.  I also dumped the minimux files in the WWW folder and can get to that.

 

Beyond that though, I need to figure out how to point Nginx to all the docker's i'm running (all Linuxserver.io dockers).  I saw under the original Nginx docker support thread there used to be a link to sample config files, but that's gone now.  Does anyone have a sample of how to configure Nginx for linuxserver.io dockers?  (Plex, Sonarr, etc.)  Just need one example and I can knuckle through the rest.  Thanks!

Link to comment

Thanks again for everyone's help.  So I setup password protection for the main site using .htpasswd and verified it's working.  I also dumped the minimux files in the WWW folder and can get to that.

 

Beyond that though, I need to figure out how to point Nginx to all the docker's i'm running (all Linuxserver.io dockers).  I saw under the original Nginx docker support thread there used to be a link to sample config files, but that's gone now.  Does anyone have a sample of how to configure Nginx for linuxserver.io dockers?  (Plex, Sonarr, etc.)  Just need one example and I can knuckle through the rest.  Thanks!

The default site config has examples for both the base url and the subdomains method

Link to comment

@aptalca

 

Is curl already installed or would I have to install it manually?

can't remember off the top of my head but if it's not we will push an update

 

Until then you can install with

apk add --update curl

if it's missing

 

Thanks! Looks like today's update added curl. Can you also add GD? cURL and GD are the most used features and i'm surprised they were not included. In the meantime, I'll add gd manually. Thanks again!

Link to comment

OpenVPN does not require any webserver related configuration. It will connect to whatever IP the domain name resolves to.

 

Just making sure I understand.

 

For my OpenVPN I don't need to worry about this container?

Just make sure vpn.example.com is pointed to my IP, make sure the correct ports are open, and I'm done?

 

If that is the case, GREAT!

Link to comment

@aptalca

 

Is curl already installed or would I have to install it manually?

can't remember off the top of my head but if it's not we will push an update

 

Until then you can install with

apk add --update curl

if it's missing

 

Thanks! Looks like today's update added curl. Can you also add GD? cURL and GD are the most used features and i'm surprised they were not included. In the meantime, I'll add gd manually. Thanks again!

 

Yeah, there are a whole lot of php modules out there. I personally host an html5 site and a bunch of reverse proxies so don't really use php at all.

 

If there are other modules that are commonly used and needed, let us know and we'll add them to this container.

 

I'll go ahead and add php5-gd

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.