aptalca Posted January 2, 2017 Share Posted January 2, 2017 This Plugin works like a charm , but I have one question: When I connect from my external URL to my application (like emby), the application get only the IP «172.17.0.2 » at every online user, and not the real IP. Is this normal? Thanks and happy new year. I believe so. Basically, every user's connection is proxied through the letsencrypt container and so emby thinks that all the requests are coming from that container. And the container ip is that 172.x.x.x one. If it's an issue you'd like to fix, there may be a way to do it through the options in proxy.conf but I don't know which. You'd have to search online. Quote Link to comment
Gokux Posted January 2, 2017 Share Posted January 2, 2017 I believe so. Basically, every user's connection is proxied through the letsencrypt container and so emby thinks that all the requests are coming from that container. And the container ip is that 172.x.x.x one.I was a little bit surprised, because on Apache virtual hosts, it was never a "problem". If it's an issue you'd like to fix, there may be a way to do it through the options in proxy.conf but I don't know which. You'd have to search online. I have searched around and found this. So I took just the first part in my site-confs [...] location / { proxy_pass https://192.168.0.100:8920/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; } [...] and it seems to work. Quote Link to comment
aptalca Posted January 2, 2017 Share Posted January 2, 2017 I believe so. Basically, every user's connection is proxied through the letsencrypt container and so emby thinks that all the requests are coming from that container. And the container ip is that 172.x.x.x one.I was a little bit surprised, because on Apache virtual hosts, it was never a "problem". If it's an issue you'd like to fix, there may be a way to do it through the options in proxy.conf but I don't know which. You'd have to search online. I have searched around and found this. So I took just the first part in my site-confs [...] location / { proxy_pass https://192.168.0.100:8920/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; } [...] and it seems to work. Glad you figured it out. That's my experience with nginx. There is always an option to fix whatever, but it may not be obvious and may require some online research to figure out. Quote Link to comment
Kuroyukihimeeee Posted January 2, 2017 Share Posted January 2, 2017 aptalca and CHBMB thank you so much All working now! You guys rock. Now can get some ports closed and some services running securely with a nice SSL Labs A+ rating Quote Link to comment
Voras Posted January 4, 2017 Share Posted January 4, 2017 Hello, Yesterday I was trying to set up my Plex and ownCloud under subdomain based reverse proxy, but after many unsuccessful tries it stopped work at all. Tried to "reinstall" container, but receiving error: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/Kiev" -e HOST_OS="unRAID" -e "EMAIL"="[email protected]" -e "URL"="radiacija.lt" -e "SUBDOMAINS"="plex," -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -p :80/tcp -p 192.168.1.50:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt docker: Invalid hostPort: 192.168.1.50. See '/usr/bin/docker run --help'. The command failed. Tried to restart server, any other IP, still the same. Any suggestions please. Quote Link to comment
CHBMB Posted January 4, 2017 Share Posted January 4, 2017 Hello, Yesterday I was trying to set up my Plex and ownCloud under subdomain based reverse proxy, but after many unsuccessful tries it stopped work at all. Tried to "reinstall" container, but receiving error: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/Kiev" -e HOST_OS="unRAID" -e "EMAIL"="[email protected]" -e "URL"="radiacija.lt" -e "SUBDOMAINS"="plex," -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -p :80/tcp -p 192.168.1.50:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt docker: Invalid hostPort: 192.168.1.50. See '/usr/bin/docker run --help'. The command failed. Tried to restart server, any other IP, still the same. Any suggestions please. The error message tells you what's wrong: docker: Invalid hostPort: 192.168.1.50. -p 192.168.1.50:443/tcp Change that to 443 instead of 192.168.1.50 Quote Link to comment
Voras Posted January 4, 2017 Share Posted January 4, 2017 Hello, Yesterday I was trying to set up my Plex and ownCloud under subdomain based reverse proxy, but after many unsuccessful tries it stopped work at all. Tried to "reinstall" container, but receiving error: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/Kiev" -e HOST_OS="unRAID" -e "EMAIL"="[email protected]" -e "URL"="radiacija.lt" -e "SUBDOMAINS"="plex," -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -p :80/tcp -p 192.168.1.50:443/tcp -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt docker: Invalid hostPort: 192.168.1.50. See '/usr/bin/docker run --help'. The command failed. Tried to restart server, any other IP, still the same. Any suggestions please. The error message tells you what's wrong: docker: Invalid hostPort: 192.168.1.50. -p 192.168.1.50:443/tcp Change that to 443 instead of 192.168.1.50 Damn... I new to this, I thought that I need to set up an IP address. Now it is working. Thanks! Quote Link to comment
tuxbass Posted January 4, 2017 Share Posted January 4, 2017 Is it required to have some services running (and thus valid nginx site-configs) prior to querying LE, or can we simply spin vanilla docker-letsencrypt container up and it should acquire the certs for the (sub)domains we've defined? DNS settings are ok, but LE server is still unable to see my end. Domain: www.mydomain.eu Type: connection Detail: Failed to connect to 217.111.111.111:443 for TLS-SNI-01 Quote Link to comment
CHBMB Posted January 4, 2017 Share Posted January 4, 2017 Is it required to have some services running (and thus valid nginx site-configs) prior to querying LE, or can we simply spin vanilla docker-letsencrypt container up and it should acquire the certs for the (sub)domains we've defined? DNS settings are ok, but LE server is still unable to see my end. As long as you have a valid domain name and the DNS servers are accurate as to your WAN IP address the container will start provided your port forwards are setup. The configs included out the box are valid. I quite often add and remove subdomains for testing purposes. Post your docker run command and the log and we might be able to help a little more. Quote Link to comment
tuxbass Posted January 4, 2017 Share Posted January 4, 2017 Is it required to have some services running (and thus valid nginx site-configs) prior to querying LE, or can we simply spin vanilla docker-letsencrypt container up and it should acquire the certs for the (sub)domains we've defined? DNS settings are ok, but LE server is still unable to see my end. Post your docker run command and the log and we might be able to help a little more. Generating a 2048 bit RSA private key .............................+++ ..........+++ writing new private key to '/config/keys/cert.key' ----- Subject Attribute /C has no known NID, skipped [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time .......................... DH parameters successfully created - 2048 bits SUBDOMAINS entered, processing Sub-domains processed are: -d www.mydomain.eu -d emby.mydomain.eu -d seafile.mydomain.eu Generating new certificate Failed authorization procedure. www.mydomain.eu (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 217.111.111.111:443 for TLS-SNI-01 challenge, mydomain.eu (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 217.111.111.111:443 for TLS-SNI-01 challenge IMPORTANT NOTES: - If you lose your account credentials, you can recover through e-mails sent to [email protected]. - The following errors were reported by the server: Domain: www.mydomain.eu Type: connection Detail: Failed to connect to 217.111.111.111:443 for TLS-SNI-01 challenge Domain: mydomain.eu Type: connection Detail: Failed to connect to 217.111.111.111:443 for TLS-SNI-01 challenge To fix these errors, please make sure that your domain name was... Router NAT settings: Docker run: /plugins/dynamix.docker.manager/scripts/docker create --name="nginx-letsencrypt" --net="bridge" --privileged="true" -e TZ="Europe/Paris" -e HOST_OS="unRAID" -e "EMAIL"="[email protected]" -e "URL"="mydomain.eu" -e "SUBDOMAINS"="www,emby,seafile" -e "ONLY_SUBDOMAINS"="false" -e "DHLEVEL"="2048" -e "PUID"="1000" -e "PGID"="100" -p 89:80/tcp -p 449:443/tcp -v "/mnt/user/appdata/nginx-letsencrypt":"/config":rw -v "/mnt/user":"/unraid":rw linuxserver/letsencrypt Btw, is there a more convenient way of checking the run command than clicking 'Save' in template page? Quote Link to comment
CHBMB Posted January 5, 2017 Share Posted January 5, 2017 First thing why are you running with PUID 1000 and PGID 1000, our template has them 99 and 100 specifically for Unraid. Go to whatismyip.com and confirm that 217.111.111.111 is indeed your IP. (I assume you've redacted that, as it just doesn't look right) And just to check you own the mydomain.eu name? Might be worth just setting up www until you get it sorted. Quote Link to comment
tuxbass Posted January 5, 2017 Share Posted January 5, 2017 First thing why are you running with PUID 1000 and PGID 1000, our template has them 99 and 100 specifically for Unraid. Go to whatismyip.com and confirm that 217.111.111.111 is indeed your IP. (I assume you've redacted that, as it just doesn't look right) And just to check you own the mydomain.eu name? Might be worth just setting up www until you get it sorted. PUID 100* It's my regular user on unraid (instead of default nobody). IP is correct, DNS settings are confirmed. mydomain.eu is owned by me, bought via gandi.net. Quote Link to comment
CHBMB Posted January 5, 2017 Share Posted January 5, 2017 First thing why are you running with PUID 1000 and PGID 1000, our template has them 99 and 100 specifically for Unraid. Go to whatismyip.com and confirm that 217.111.111.111 is indeed your IP. (I assume you've redacted that, as it just doesn't look right) And just to check you own the mydomain.eu name? Might be worth just setting up www until you get it sorted. PUID 100* It's my regular user on unraid (instead of default nobody). IP is correct, DNS settings are confirmed. mydomain.eu is owned by me, bought via gandi.net. Only other thing I can think of is that there's an issue with your ports then. Although they look fine on that pic, Try http://www.yougetsignal.com/tools/open-ports/ Nothing unusual about your network at all? VPN or anything? EDIT: Other thing I just thought of, if you're using Cloudflare then turn off the proxying. Quote Link to comment
tuxbass Posted January 5, 2017 Share Posted January 5, 2017 First thing why are you running with PUID 1000 and PGID 1000, our template has them 99 and 100 specifically for Unraid. Go to whatismyip.com and confirm that 217.111.111.111 is indeed your IP. (I assume you've redacted that, as it just doesn't look right) And just to check you own the mydomain.eu name? Might be worth just setting up www until you get it sorted. PUID 100* It's my regular user on unraid (instead of default nobody). IP is correct, DNS settings are confirmed. mydomain.eu is owned by me, bought via gandi.net. Only other thing I can think of is that there's an issue with your ports then. Although they look fine on that pic, Try http://www.yougetsignal.com/tools/open-ports/ Nothing unusual about your network at all? VPN or anything? EDIT: Other thing I just thought of, if you're using Cloudflare then turn off the proxying. Good ideas. 1) not using cloudflare 2) 443 is closed, but I assume that's because there's no service sitting on this side; any quick ways to put up some service to validate ports? 3) my router config might be wrong after all. discovered there's more than one interface (for WAN/LAN). router UI is in spanish, having a bit trouble with that Quote Link to comment
CHBMB Posted January 5, 2017 Share Posted January 5, 2017 Good ideas. 1) not using cloudflare Well that's ruled out that one! 2) 443 is closed, but I assume that's because there's no service sitting on this side; any quick ways to put up some service to validate ports? Spin up our nginx container (without LE) don't forget you're port forwarding 443 ==> 449 3) my router config might be wrong after all. discovered there's more than one interface (for WAN/LAN). router UI is in spanish, having a bit trouble with that My wife had a Spanish lesson this evening, doesn't understand tech at all, and has gone to sleep, so can't help you with that one. Quote Link to comment
tuxbass Posted January 5, 2017 Share Posted January 5, 2017 That was it - NAT rules were assigned for the wrong router interface. Really sorry for the noise guys. Cheers CHBMB! Quote Link to comment
aptalca Posted January 5, 2017 Share Posted January 5, 2017 Ignore this post, tapatalk issues :-p Quote Link to comment
CHBMB Posted January 5, 2017 Share Posted January 5, 2017 Is your wan ip 217.111.111.111? Are you using vpn? Nothing to see here, move along... Quote Link to comment
Kewjoe Posted January 5, 2017 Share Posted January 5, 2017 @aptalca thanks for adding mysql support. i will give it a spin tonight. Quote Link to comment
aptalca Posted January 5, 2017 Share Posted January 5, 2017 @aptalca thanks for adding mysql support. i will give it a spin tonight. Np. Let us know how it works out for you Quote Link to comment
Kewjoe Posted January 5, 2017 Share Posted January 5, 2017 :'( Didn't work. Looking at your old docker versus the new docker for any packages with SQL in the name: Old: php5-mysqlnd \ php5-pgsql \ php5-sqlite \ New: php5-mysqli php5-pdo_mysql From my reading online, I believe the correct package to install is "php5-mysqlnd". Sorry to be a bother Let me know if it's possible to add that package. Thanks for helping!! Quote Link to comment
aptalca Posted January 5, 2017 Share Posted January 5, 2017 :'( Didn't work. Looking at your old docker versus the new docker for any packages with SQL in the name: Old: php5-mysqlnd \ php5-pgsql \ php5-sqlite \ New: php5-mysqli php5-pdo_mysql From my reading online, I believe the correct package to install is "php5-mysqlnd". Sorry to be a bother Let me know if it's possible to add that package. Thanks for helping!! There is no separate php5-mysqlnd (library, native driver) package on alpine but it is included in the php package (info.php shows it as active). You need to use either the mysqli or the pdo extensions: https://dev.mysql.com/downloads/connector/php-mysqlnd/ Quote Link to comment
Kewjoe Posted January 6, 2017 Share Posted January 6, 2017 Ok I figured it out. I spent a few hours adding php5 modules to this docker (that were installed on the old docker) until I got my forum to work. I finally narrowed it down to "php5-ctype". I'm not clear why that one is needed, but without it, my forum will not budge. Any chance you can add that one? I promise not to bother you again (for a little while ) Quote Link to comment
aptalca Posted January 6, 2017 Share Posted January 6, 2017 Ok I figured it out. I spent a few hours adding php5 modules to this docker (that were installed on the old docker) until I got my forum to work. I finally narrowed it down to "php5-ctype". I'm not clear why that one is needed, but without it, my forum will not budge. Any chance you can add that one? I promise not to bother you again (for a little while ) I'll look into it. Ooc, which forum software are you using? Quote Link to comment
Kewjoe Posted January 6, 2017 Share Posted January 6, 2017 Ok I figured it out. I spent a few hours adding php5 modules to this docker (that were installed on the old docker) until I got my forum to work. I finally narrowed it down to "php5-ctype". I'm not clear why that one is needed, but without it, my forum will not budge. Any chance you can add that one? I promise not to bother you again (for a little while ) I'll look into it. Ooc, which forum software are you using? http://www.phpbb.com I also had a copy of SMF (same forum limetech uses) as a alternate while trying to isolate. They behaved exactly the same (didn't work until i put the ctype module in) Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.