CHBMB Posted January 16, 2017 Share Posted January 16, 2017 Change lines 3 and 9 in nextcloud in site-confs to read owncloud.mattekure.com and line 35 to reflect your IP address. Quote Link to comment
mattekure Posted January 16, 2017 Share Posted January 16, 2017 Thanks, those are exactly the problem. It seems to be working fine now. I thought I edited them, but it looks like I only edited a portion. Change lines 3 and 9 in nextcloud in site-confs to read owncloud.mattekure.com and line 35 to reflect your IP address. Quote Link to comment
aptalca Posted January 16, 2017 Share Posted January 16, 2017 any chance stream got added to this new version? Still looking to be able to proxy connect to my VNC, etc. Not yet. The version with stream support is available on alpine 3.5, which is an os upgrade over the current 3.4 and therefore needs to be thoroughly tested before we release it. Quote Link to comment
RAINMAN Posted January 22, 2017 Share Posted January 22, 2017 So, I sort of have this working but not really. Plex resolves but it doesnt detect the proper network and thus thinks the server is remote. Plex shows this as the local IP: Private 172.17.0.6 : 32400 but my network is actually 192.168.254.x If I access plex using http://192.168.254.3:32400/web/index.html# it does play locally however when I use https://plex.domain.com it transcodes and streams via the internet. if I ping plex.domain.com it resolves properly to 192.168.254.3 as is set in my DNS settings. I really wanted to access plex using one URL whether I am local or remote. Here is my full nginx config file: # redirect all traffic to https server { listen 80; server_name _; return 301 https://$host$request_uri; } # main server block server { listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-$ ssl_prefer_server_ciphers on; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; # With php5-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php5-fpm: #fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp" # notice this is within the same server block as the base # don't forget to generate the .htpasswd file as described on docker hub # location ^~ /cp { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050/cp; # } } # # PLEX # server { listen 443 ssl; root /config/www; index index.html index.htm index.php; server_name plex.*; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-$ ssl_prefer_server_ciphers on; client_max_body_size 0; location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.254.3:32400; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $remote_addr; # # PlexPy # location ^~ /plexpy/ { proxy_pass https://192.168.254.3:8181; include /config/nginx/proxy.conf; proxy_bind $server_addr; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Ssl on; # auth_basic "Restricted"; # auth_basic_user_file /config/.htpasswd; } } For now commented out the authentication and some other tests. Will add it back once its all sorted. Basically I just need plex to know its local so its not sending my data to the internet then back in. I also have a nextcloud issue but one at a time. Quote Link to comment
CHBMB Posted January 22, 2017 Share Posted January 22, 2017 So, I sort of have this working but not really. Plex resolves but it doesnt detect the proper network and thus thinks the server is remote. Plex shows this as the local IP: Private 172.17.0.6 : 32400 but my network is actually 192.168.254.x If I access plex using http://192.168.254.3:32400/web/index.html# it does play locally however when I use https://plex.domain.com it transcodes and streams via the internet. if I ping plex.domain.com it resolves properly to 192.168.254.3 as is set in my DNS settings. I really wanted to access plex using one URL whether I am local or remote. Here is my full nginx config file: # redirect all traffic to https server { listen 80; server_name _; return 301 https://$host$request_uri; } # main server block server { listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-$ ssl_prefer_server_ciphers on; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; # With php5-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php5-fpm: #fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp" # notice this is within the same server block as the base # don't forget to generate the .htpasswd file as described on docker hub # location ^~ /cp { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050/cp; # } } # # PLEX # server { listen 443 ssl; root /config/www; index index.html index.htm index.php; server_name plex.*; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-$ ssl_prefer_server_ciphers on; client_max_body_size 0; location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.254.3:32400; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $remote_addr; # # PlexPy # location ^~ /plexpy/ { proxy_pass https://192.168.254.3:8181; include /config/nginx/proxy.conf; proxy_bind $server_addr; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Ssl on; # auth_basic "Restricted"; # auth_basic_user_file /config/.htpasswd; } } For now commented out the authentication and some other tests. Will add it back once its all sorted. Basically I just need plex to know its local so its not sending my data to the internet then back in. I also have a nextcloud issue but one at a time. Is Plex our version and running as host? Quote Link to comment
RAINMAN Posted January 22, 2017 Share Posted January 22, 2017 So, I sort of have this working but not really. Plex resolves but it doesnt detect the proper network and thus thinks the server is remote. Plex shows this as the local IP: Private 172.17.0.6 : 32400 but my network is actually 192.168.254.x If I access plex using http://192.168.254.3:32400/web/index.html# it does play locally however when I use https://plex.domain.com it transcodes and streams via the internet. if I ping plex.domain.com it resolves properly to 192.168.254.3 as is set in my DNS settings. I really wanted to access plex using one URL whether I am local or remote. Here is my full nginx config file: # redirect all traffic to https server { listen 80; server_name _; return 301 https://$host$request_uri; } # main server block server { listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-$ ssl_prefer_server_ciphers on; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; # With php5-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php5-fpm: #fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp" # notice this is within the same server block as the base # don't forget to generate the .htpasswd file as described on docker hub # location ^~ /cp { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050/cp; # } } # # PLEX # server { listen 443 ssl; root /config/www; index index.html index.htm index.php; server_name plex.*; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-$ ssl_prefer_server_ciphers on; client_max_body_size 0; location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.254.3:32400; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $remote_addr; # # PlexPy # location ^~ /plexpy/ { proxy_pass https://192.168.254.3:8181; include /config/nginx/proxy.conf; proxy_bind $server_addr; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Ssl on; # auth_basic "Restricted"; # auth_basic_user_file /config/.htpasswd; } } For now commented out the authentication and some other tests. Will add it back once its all sorted. Basically I just need plex to know its local so its not sending my data to the internet then back in. I also have a nextcloud issue but one at a time. Is Plex our version and running as host? yes, and bingo, I had it running as bridge for some reason. Switched to host and it now says nearby which is good enough not to send via the internet. Now my second question: for nextcloud: this is my conf server { listen 80; server_name cloud.mydomainhere.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name cloud.mydomainhere.com; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA38$ ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://192.168.254.3:444/; } } nextcloud config file: <?php $CONFIG = array ( 'instanceid' => 'XxxxxxxxxxxxxxX', 'passwordsalt' => 'XxxxxxxxxxxxxxX', 'secret' => 'XxxxxxxxxxxxxxX', 'trusted_domains' => array ( 0 => '192.168.254.3:444', 1 => 'cloud.mydomain.com', ), 'datadirectory' => '/mnt/OwnCloud_Data/', 'overwrite.cli.url' => 'https://cloud.mydomain.com', 'overwritehost' => 'cloud.mydomain.com', 'overwriteprotocol' => 'https', 'dbtype' => 'mysql', 'version' => '9.1.0.16', 'dbname' => 'owncloud', 'dbhost' => '192.168.254.3:3306', 'dbtableprefix' => 'oc_', 'dbuser' => '', 'dbpassword' => '', 'logtimezone' => 'America/Toronto', 'installed' => true, 'theme' => '', 'maintenance' => false, 'memcache.local' => '\\OC\\Memcache\\APCu', 'loglevel' => 1, 'trashbin_retention_obligation' => 'auto', 'ldapIgnoreNamingRules' => false, 'updater.release.channel' => 'production', However, I am still getting this message when I try the nextcloud site: You are accessing the server from an untrusted domain. Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domains" setting in config/config.php. An example configuration is provided in config/config.sample.php. Depending on your configuration, as an administrator you might also be able to use the button below to trust this domain. Add "192.168.254.3:444" as trusted domain Quote Link to comment
RAINMAN Posted January 22, 2017 Share Posted January 22, 2017 FYI for next cloud add the following to your location block and it works. Cheers proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; Quote Link to comment
local.bin Posted January 25, 2017 Share Posted January 25, 2017 Firstly, thanks for the docker; it seems to be working great for my website, which is now using https and A+ rated I am just using nginx as my website hosting only, so should I disable the reverse proxy for added security, or it doesn't matter either way? Also, based on me just using the webserver piece, do I need to change any of the nginx configs for extra security? The existing config seems to work fine, but I wondered if I need to tweak anything? Thanks in advance Quote Link to comment
CHBMB Posted January 25, 2017 Share Posted January 25, 2017 Firstly, thanks for the docker; it seems to be working great for my website, which is now using https and A+ rated I am just using nginx as my website hosting only, so should I disable the reverse proxy for added security, or it doesn't matter either way? Also, based on me just using the webserver piece, do I need to change any of the nginx configs for extra security? The existing config seems to work fine, but I wondered if I need to tweak anything? Thanks in advance Nope, you're good as you are imho. It'll only reverse proxy things if you actually configure so. Quote Link to comment
local.bin Posted January 25, 2017 Share Posted January 25, 2017 Firstly, thanks for the docker; it seems to be working great for my website, which is now using https and A+ rated I am just using nginx as my website hosting only, so should I disable the reverse proxy for added security, or it doesn't matter either way? Also, based on me just using the webserver piece, do I need to change any of the nginx configs for extra security? The existing config seems to work fine, but I wondered if I need to tweak anything? Thanks in advance Nope, you're good as you are imho. It'll only reverse proxy things if you actually configure so. That's perfect, thanks again And 'stupid question alert' I presume opening up port 443 to this docker, doesn't open up potential issues for my other data on the server at all? This docker is isolated by definition of the way docker works? Quote Link to comment
CHBMB Posted January 25, 2017 Share Posted January 25, 2017 Firstly, thanks for the docker; it seems to be working great for my website, which is now using https and A+ rated I am just using nginx as my website hosting only, so should I disable the reverse proxy for added security, or it doesn't matter either way? Also, based on me just using the webserver piece, do I need to change any of the nginx configs for extra security? The existing config seems to work fine, but I wondered if I need to tweak anything? Thanks in advance Nope, you're good as you are imho. It'll only reverse proxy things if you actually configure so. That's perfect, thanks again And 'stupid question alert' I presume opening up port 443 to this docker, doesn't open up potential issues for my other data on the server at all? This docker is isolated by definition of the way docker works? Yes, undiscovered security bugs notwithstanding. The ls.io version has fail2ban included to try and reduce this risk further. Quote Link to comment
local.bin Posted January 25, 2017 Share Posted January 25, 2017 Thanks CHBMB, understood. I don't suppose anyone has tried getting sogo (https://sogo.nu/) working with Nginx, as they seem to be used with each other too..... Quote Link to comment
Shamalamadindong Posted January 26, 2017 Share Posted January 26, 2017 http://wiki.sogo.nu/nginxSettings Quote Link to comment
local.bin Posted January 26, 2017 Share Posted January 26, 2017 http://wiki.sogo.nu/nginxSettings Yes, thanks for that Edit: is this a reverse proxy setup for nginx, so I could point another docker to this instance of nginx and use an email sub domain to access it? have i undersood that correctly? I had seen that while googling for links between the two, but I am struggling to find any packages within alpine linux, which the docker image is built from, to be able to attempt an install. Edit: Ok found this https://github.com/JensErat/docker-sogo/issues/5 so it seems not possible. Will need to google a bit more to see if I can use this docker or need to duplicate. Cheers Quote Link to comment
local.bin Posted January 26, 2017 Share Posted January 26, 2017 Going back to basics, can I create a separate sub-domain, such as 'sojo' or 'cms', so cms.domain.co.uk and use that as my entrance to my sojo https page? by adding 'cms' to the subdomains config for the docker -> www,cms ? I presume I add that sub domain to my dns setup for my domain, so that it points to the the same ip address as the www address? Then I setup 'site-confs/default' for my reverse proxy Thanks in advance Quote Link to comment
CHBMB Posted January 26, 2017 Share Posted January 26, 2017 Yes. Leave default file for www.server.com Add another file called sojo for sojo.server.com Quote Link to comment
local.bin Posted January 26, 2017 Share Posted January 26, 2017 Yes. Leave default file for www.server.com Add another file called sojo for sojo.server.com Ok thanks. Am I ok copying the default file and editing as sojo just for the reverse proxy part? Quote Link to comment
CHBMB Posted January 26, 2017 Share Posted January 26, 2017 No to create a virtual server Quote Link to comment
local.bin Posted January 26, 2017 Share Posted January 26, 2017 No to create a virtual server Ok thanks. I obviously need some more reading to understand what I am doing here; but thanks for the pointers Quote Link to comment
wreave Posted January 28, 2017 Share Posted January 28, 2017 Switched to this container from the inital aptalca but I am running into a permission error. When attempting to open a URL that is using reverse proxy I get the following in error.log: /js/alllibs.js", host: "SUB.DOMAIN.com" 2017/01/28 08:20:38 [crit] 321#0: *1 open() "/var/lib/nginx/tmp/proxy/6/01/0000000016" failed (13: Permission denied) while reading upstream, client: 192.168.10.1, server: SUB.DOMAIN.com, request: "GET /static/css/bright.css.map HTTP/2.0", upstream: "http://192.168.10.10:5075/static/css/bright.css.map", host: "SUB.DOMAIN.com" This coincides with errors like the following in my chrome developer console: GET https://SUB.DOMAIN.com/static/js/nzbhydra.js net::ERR_SPDY_PROTOCOL_ERROR This seems to indicate some kind of issue with SPDY/HTTP2, but I am not really sure. Any insight into why this is happening? I am pretty stuck and this was all working before moving over to the linuxserver version (all I changed was the paths for /keys and /fastcgi_params in the site-confs to match up with the container changes). I should also note this doesn't happen for every proxy I do, just 3 or 4 of them. All the site-confs are the same besides the URL and the IP:port. Thanks! Quote Link to comment
aptalca Posted January 28, 2017 Share Posted January 28, 2017 Switched to this container from the inital aptalca but I am running into a permission error. When attempting to open a URL that is using reverse proxy I get the following in error.log: /js/alllibs.js", host: "SUB.DOMAIN.com" 2017/01/28 08:20:38 [crit] 321#0: *1 open() "/var/lib/nginx/tmp/proxy/6/01/0000000016" failed (13: Permission denied) while reading upstream, client: 192.168.10.1, server: SUB.DOMAIN.com, request: "GET /static/css/bright.css.map HTTP/2.0", upstream: "http://192.168.10.10:5075/static/css/bright.css.map", host: "SUB.DOMAIN.com" This coincides with errors like the following in my chrome developer console: GET https://SUB.DOMAIN.com/static/js/nzbhydra.js net::ERR_SPDY_PROTOCOL_ERROR This seems to indicate some kind of issue with SPDY/HTTP2, but I am not really sure. Any insight into why this is happening? I am pretty stuck and this was all working before moving over to the linuxserver version (all I changed was the paths for /keys and /fastcgi_params in the site-confs to match up with the container changes). I should also note this doesn't happen for every proxy I do, just 3 or 4 of them. All the site-confs are the same besides the URL and the IP:port. Thanks! This is a completely different container image. You can't just use the data folder from the other one here. As I posted on the other thread, install this one in a new config folder and then move your config and web files from the other piece by piece. The are too many changes under the hood. Quote Link to comment
wreave Posted January 28, 2017 Share Posted January 28, 2017 Switched to this container from the inital aptalca but I am running into a permission error. When attempting to open a URL that is using reverse proxy I get the following in error.log: /js/alllibs.js", host: "SUB.DOMAIN.com" 2017/01/28 08:20:38 [crit] 321#0: *1 open() "/var/lib/nginx/tmp/proxy/6/01/0000000016" failed (13: Permission denied) while reading upstream, client: 192.168.10.1, server: SUB.DOMAIN.com, request: "GET /static/css/bright.css.map HTTP/2.0", upstream: "http://192.168.10.10:5075/static/css/bright.css.map", host: "SUB.DOMAIN.com" This coincides with errors like the following in my chrome developer console: GET https://SUB.DOMAIN.com/static/js/nzbhydra.js net::ERR_SPDY_PROTOCOL_ERROR This seems to indicate some kind of issue with SPDY/HTTP2, but I am not really sure. Any insight into why this is happening? I am pretty stuck and this was all working before moving over to the linuxserver version (all I changed was the paths for /keys and /fastcgi_params in the site-confs to match up with the container changes). I should also note this doesn't happen for every proxy I do, just 3 or 4 of them. All the site-confs are the same besides the URL and the IP:port. Thanks! This is a completely different container image. You can't just use the data folder from the other one here. As I posted on the other thread, install this one in a new config folder and then move your config and web files from the other piece by piece. The are too many changes under the hood. I did do that. I moved over my site conf files after making the new container. Edit: site-conf file example that I am having this issue with http://pastebin.com/7ppWPWfe Quote Link to comment
aptalca Posted January 29, 2017 Share Posted January 29, 2017 Did you try removing the http2 parameter? Quote Link to comment
Shamalamadindong Posted January 29, 2017 Share Posted January 29, 2017 Shouldn't be an issue, i have it on and it isn't causing trouble for me. Quote Link to comment
wreave Posted January 29, 2017 Share Posted January 29, 2017 I am going to remake the docker from scratch and triple check everything. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.