[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

Hey thanks for this docker. I just moved everything over from the Apache docker to get https. Everything moved over find apart from my media wiki install. Running the existing install or a new install throws this error page. It states that php is missing XML and iconv. I know that you stated that you left some surplus packages out of this php install to reduce on size but was a little surprised by the XML package being missing.

 

Not sure how pressed you are for size but in theory if you made the php5 folder available people could include the missing packages as *.so files in the php.ini file to keep them out of the docker image.

Link to comment

Hey thanks for this docker. I just moved everything over from the Apache docker to get https. Everything moved over find apart from my media wiki install. Running the existing install or a new install throws this error page. It states that php is missing XML and iconv. I know that you stated that you left some surplus packages out of this php install to reduce on size but was a little surprised by the XML package being missing.

 

Not sure how pressed you are for size but in theory if you made the php5 folder available people could include the missing packages as *.so files in the php.ini file to keep them out of the docker image.

We'll add them

Link to comment

I have enabled http2 on my server as well as removing tls1.0 as I have read it is not seen as secure while also trying to create a strong dh pem named dhparams-4096.pem

 

I changed my default file to point to the new file, but noted in the log that a new dhparams was created using the lesser 2048 on restart.

 

Is there a place to edit the dh file that gets created that I can edit to get 4096?

 

Thanks in advance

Link to comment

I have enabled http2 on my server as well as removing tls1.0 as I have read it is not seen as secure while also trying to create a strong dh pem named dhparams-4096.pem

 

I changed my default file to point to the new file, but noted in the log that a new dhparams was created using the lesser 2048 on restart.

 

Is there a place to edit the dh file that gets created that I can edit to get 4096?

 

Thanks in advance

 

https://github.com/linuxserver/docker-letsencrypt#parameters

Link to comment

Has anyone configured their default file for the COPS calibre docker?  If so I would like suggestions on what to try.  I got several other dockers working based on suggestions in this thread.

 

Here is what I tried:

location ^~ /cops {
	auth_basic "Restricted";
	auth_basic_user_file /config/nginx/.htpasswd;
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.0.50:85;
}

 

This is all new to me and the confusing part is the URLBase changes.  I see how some dockers like sonarr and htpc manager have settings within the docker....but others don't so I am not sure what to do.

 

Also how are most people using this..for example do you create an index.html page with links to each of your web interfaces to the dockers you are trying to reach?  If so do you keep the "landing" page open to the public and then when you click the link to the docker...then it goes to https???  The reason I am asking is that I would like to have www.mydomain.com be open to the public with a link to a public photo gallery (using an unraid docker...haven't picked one yet) and then have some other page with hyperlinks to my hidden docker management tools.

 

Thanks in advance for any help you can provide.

 

Dan

 

 

Link to comment

On a fresh install of this docker im getting the followig error:

 

Nginx: [emerg] BIO_new_file("/config/keys/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/keys/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

 

Any ideas?

 

Edit: my conf mistake. Nvm

Link to comment

A wee bit of a warning when you make a big change (PHP5 to PHP7) would be cool  ;D

 

Fair point... our bad.  :-[

 

However, we can't post the same information in multiple places as it's a logistical nightmare with every container, if you want to see if an update brings any big changes then the links on the first post will take you to the Github page and the readme there will have any changes listed.

Link to comment

A wee bit of a warning when you make a big change (PHP5 to PHP7) would be cool  ;D

 

Fair point... our bad.  :-[

 

However, we can't post the same information in multiple places as it's a logistical nightmare with every container, if you want to see if an update brings any big changes then the links on the first post will take you to the Github page and the readme there will have any changes listed.

 

Ya, I get it. I mostly blame myself for blindly updating. I need to stop doing that.

Link to comment

A wee bit of a warning when you make a big change (PHP5 to PHP7) would be cool  ;D

 

Fair point... our bad.  :-[

 

However, we can't post the same information in multiple places as it's a logistical nightmare with every container, if you want to see if an update brings any big changes then the links on the first post will take you to the Github page and the readme there will have any changes listed.

 

Ya, I get it. I mostly blame myself for blindly updating. I need to stop doing that.

 

Don't blame yourself, even I blindly update our containers...  ;D

Link to comment

Don't blame yourself, even I blindly update our containers...  ;D

 

Here's a question. Can I restore my docker container from before my update? or will that cause problems? It would buy me time to have to deal with this change when I actually have some time to spare  :D

 

Yeah try tagging 32, 33 or something earlier.

 

So change the repository to linuxserver/letsencrypt:32

Link to comment

Don't blame yourself, even I blindly update our containers...  ;D

 

Here's a question. Can I restore my docker container from before my update? or will that cause problems? It would buy me time to have to deal with this change when I actually have some time to spare  :D

 

Yeah try tagging 32, 33 or something earlier.

 

So change the repository to linuxserver/letsencrypt:32

 

Oohhh nice. That worked. Thank you sir!

Link to comment

Just out of curiosity, what did php7 break?

(I'm not a php guy)

 

PHPBB Forums prior to 3.2 (just released a month ago) only supported PHP5. I'm still on 3.1.10 and haven't upgraded yet. Reason being is that I'm waiting for the themes/extensions to be updated before I do so. When I updated this docker without realizing and then seeing the errors, I tried just updating to 3.2 but it wasn't working, likely missing some modules. the 3.2 installation instructions mentions some additional PHP modules needed to run the new version.

 

So, when I do get around to updating my forum, don't be surprised if I come begging for a couple of PHP7 modules to be added  ;D

 

Thanks guys. I do appreciate the work you put in.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.