vurt Posted February 12, 2017 Share Posted February 12, 2017 Hi, I'm trying to reverse proxy NextCloud. I followed the install instructions here. when I try https://advurt.net/nextcloud/, I get this 400 error: 400 Bad Request The plain HTTP request was sent to HTTPS port My NextCloud config: <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'xxxxxxxxxxxx', 'passwordsalt' => 'xxxxxxxxxxxx', 'secret' => 'xxxxxxxxxxxx', 'trusted_domains' => array ( 0 => '192.168.1.252:444', 1 => 'advurt.net', ), 'overwrite.cli.url' => 'https://advurt.net', 'overwritehost' => 'advurt.net', 'overwriteprotocol' => 'https', 'overwritewebroot' => '/nextcloud', 'dbtype' => 'mysql', 'version' => '11.0.1.2', 'dbname' => 'nextcloud', 'dbhost' => '192.168.1.252:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => 'xxxxxxxxxxxx', 'dbpassword' => 'xxxxxxxxxxxx', 'logtimezone' => 'UTC', 'installed' => true, ); My letsencrypt site-confs/default: # redirect all traffic to https server { listen 80; server_name _; return 301 https://$host$request_uri; } # main server block server { listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'xxxxxxxxxxxx'; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; # With php5-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php5-fpm: #fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } #Config for NextCloud location ^~ /nextcloud { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.252:444/; } Quote Link to comment
CHBMB Posted February 12, 2017 Share Posted February 12, 2017 Last line of your config like the error says needs to be https not http. proxy_pass http://192.168.1.252:444/; should be proxy_pass https://192.168.1.252:444/; Sent from my LG-H815 using Tapatalk Quote Link to comment
RAINMAN Posted February 12, 2017 Share Posted February 12, 2017 Also how are most people using this..for example do you create an index.html page with links to each of your web interfaces to the dockers you are trying to reach? If so do you keep the "landing" page open to the public and then when you click the link to the docker...then it goes to https??? The reason I am asking is that I would like to have www.mydomain.com be open to the public with a link to a public photo gallery (using an unraid docker...haven't picked one yet) and then have some other page with hyperlinks to my hidden docker management tools. Thanks in advance for any help you can provide. Dan I havent finished mine yet but I just grabbed one of the templates listed below and modified it. Still in progress but this is what I have so far. The icons go from a slight faded colour and to bigger on mouse over. (like the unraid icon is -- that one has the mouseover active) It also is a bit responsive but there is a lot of extra CSS in the template that I haven't deleted. Quote Link to comment
vurt Posted February 12, 2017 Share Posted February 12, 2017 Last line of your config like the error says needs to be https not http. Sent from my LG-H815 using Tapatalk Thank you, that fixed it but that leads to a new issue: server.com/nextcloud/ takes a very long time to open, and when I finally get to the login page and enter my credentials, the page turns into a 504 Gateway Time-out error. This doesn't happen when I use other reverse proxies like server.com/deluge/. Quote Link to comment
CHBMB Posted February 12, 2017 Share Posted February 12, 2017 Last line of your config like the error says needs to be https not http. Sent from my LG-H815 using Tapatalk Thank you, that fixed it but that leads to a new issue: server.com/nextcloud/ takes a very long time to open, and when I finally get to the login page and enter my credentials, the page turns into a 504 Gateway Time-out error. This doesn't happen when I use other reverse proxies like server.com/deluge/. Is there a disk that needs to spin up for nextcloud to work? Quote Link to comment
vurt Posted February 12, 2017 Share Posted February 12, 2017 Is there a disk that needs to spin up for nextcloud to work? Hmm possibly, how can I check that? I had set the NextCloud share to only use Disk 1. But I've been working on this the whole afternoon starting with fresh installs of MariaDB and NextCloud, I'd assume the disk is already spun up? If it is a disk spinning up issue, how do I fix it? Will setting up the NextCloud share to use All Disks be better? And I've accessed server.com/nextcloud/ a few times, getting to the login page, logging in, and eventually timing out with 504 error. Shouldn't this have resolved itself once the disk is spun up? Quote Link to comment
CHBMB Posted February 12, 2017 Share Posted February 12, 2017 And I've accessed server.com/nextcloud/ a few times, getting to the login page, logging in, and eventually timing out with 504 error. Shouldn't this have resolved itself once the disk is spun up? Yeah, I would have thought. Not sure then, leave it running and see if that helps after an hour or so? Quote Link to comment
vurt Posted February 12, 2017 Share Posted February 12, 2017 And I've accessed server.com/nextcloud/ a few times, getting to the login page, logging in, and eventually timing out with 504 error. Shouldn't this have resolved itself once the disk is spun up? Yeah, I would have thought. Not sure then, leave it running and see if that helps after an hour or so? I also realized the internal IP of https://192.168.1.252:444/ no longer works, I assume this is because of the reverse proxy that's been set up? EDIT: I reverted the configs for NextCloud and letsencrype back to before the reverse proxy attempt, and can confirm I can access NextCloud at the internal IP with no problem. The slow loading of the login page and the timeout after logging in makes me think it's NextCloud that's the problem and not Letsencrypt. I'll try posting in the NextCloud thread. Thanks CHBMB! Quote Link to comment
local.bin Posted February 13, 2017 Share Posted February 13, 2017 Been all morning trying to figure out why I cannot access my website after a memory stick crash and rebuild. I have a backup of the configs and reinstated them but could not connect. I just thought of trying to connect via my mobile 4g and it connected first time. Is there any way I could have banned myself with fail2ban or the like, as to the reason me not being able to access my site from my own broadband connection? Thanks in advance Edit: Just tried via a vpn and connected straight away too, so it seems I have banned myself? How do I go about unbanning myself Quote Link to comment
Shamalamadindong Posted February 13, 2017 Share Posted February 13, 2017 What sort of error message do you get in the browser? Quote Link to comment
local.bin Posted February 13, 2017 Share Posted February 13, 2017 What sort of error message do you get in the browser? for me? No error message just times out but doesn't give a 404 or anything. Quote Link to comment
aptalca Posted February 14, 2017 Share Posted February 14, 2017 Been all morning trying to figure out why I cannot access my website after a memory stick crash and rebuild. I have a backup of the configs and reinstated them but could not connect. I just thought of trying to connect via my mobile 4g and it connected first time. Is there any way I could have banned myself with fail2ban or the like, as to the reason me not being able to access my site from my own broadband connection? Thanks in advance Edit: Just tried via a vpn and connected straight away too, so it seems I have banned myself? How do I go about unbanning myself Exec into the container and use fail2ban-client to unban Quote Link to comment
local.bin Posted February 14, 2017 Share Posted February 14, 2017 Been all morning trying to figure out why I cannot access my website after a memory stick crash and rebuild. I have a backup of the configs and reinstated them but could not connect. I just thought of trying to connect via my mobile 4g and it connected first time. Is there any way I could have banned myself with fail2ban or the like, as to the reason me not being able to access my site from my own broadband connection? Thanks in advance Edit: Just tried via a vpn and connected straight away too, so it seems I have banned myself? How do I go about unbanning myself Exec into the container and use fail2ban-client to unban Great, thanks Quote Link to comment
ritalin Posted February 17, 2017 Share Posted February 17, 2017 Hello all, hoping for a little help. Ive been at this for two days now, and dont have much hair left. Im attempting to get LetsEncrypt setup for my Home-Assistant.io docker, but Im running into a few issues. The first is that I cant seem to get HA to see my certs. I constantly run into the following error. ERROR (MainThread) [homeassistant.bootstrap] Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']. Got '/certs/etc/letsencrypt/live/mydomain.com/fullchain.pem' not a file for dictionary value @ data['http']['ssl_key']. Got '/certs/etc/letsencrypt/live/mydomain.com/privkey.pem /certs/... is a path setup in the Home-Assistant docker pointing to /mnt/user/appdata/letsencrypt/ Im positive this is a permissions error as I can get around it by copying the pem files out of /archive/myserver.com/ and dropping them directly into the Home-Assistant directory "/mnt/user/appdata/home-assistant" Not quite sure how to change the permissions, still new to all this. The second issue I am having is getting the proxy to work correctly. Page is not resolving "Unable to connect" https://myservername.com resolves correctly and shows the "Welcome to our Server" page. The sub I have setup through NoIP is ha.myserver.com I followed the instrustions listed here by CHBMB for setting up NextCloud. So in /letsencrypt/nginx/site-confs I have a file names "ha" with the following in it. server { listen 80; server_name ha.mydomain.com; return 301 https://$server_name$requests_uri; } server { listen 443 ssl; server_name ha.mydomain.com; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://192.168.1.2:8123; } } The following is the pertinent information from the configuration.yaml file in my Home-Assistant install. http: api_password: MyPassword base_url: 192.168.1.2:8123 ssl_certificate: /config/fullchain1.pem ssl_key: /config/privkey1.pem Here is some additional info from the HA site regarding the HTTP section of the configuration.yaml. https://home-assistant.io/components/http/ Quote Link to comment
CHBMB Posted February 17, 2017 Share Posted February 17, 2017 Unable to give specific help on this, but I would drop trying to get HA to use the certs from LE. Allow LE to do all the SSL stuff and just get LE to connect to HA via a http reverse proxy Quote Link to comment
ritalin Posted February 17, 2017 Share Posted February 17, 2017 Unable to give specific help on this, but I would drop trying to get HA to use the certs from LE. Allow LE to do all the SSL stuff and just get LE to connect to HA via a http reverse proxy Ok, Im game. Am I still on the right path with the HA file in the same directory as the default file? Quote Link to comment
ritalin Posted February 17, 2017 Share Posted February 17, 2017 Yeah Sorry man, Im banging my head against the desk over here. Anything you can spot that you think is wrong, Id appreciate the help. Here is a my letsencrypt docker setup My Router's Firewall Here is the ha file sitting in /mnt/user/appdata/letsencrypt/nginx/site-confs/ with the default file. server { listen 80; server_name ha.mydomain.com; return 301 https://$server_name$requests_uri; } server { listen 443 ssl; server_name ha.mydomain.com; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass http://192.168.1.2:8123; Does the contents of the default file matter at all, if the ha file is whats doing the reverse proxy? Since Home-Assistant is running in another docker on the same machine, should the proxy_pass be the ip or localhost, or does it even matter? Ive been working on this for so long now, and I dont fully comprehend the syntax of this HA file, I feel like Im overlooking something stupid. Thanks again for any help offered. Quote Link to comment
aptalca Posted February 17, 2017 Share Posted February 17, 2017 First confirm that the ha subdomain works by directing the ha site config to a static html file (remove just the proxy bit and it should open the Welcome page) Then you can see if the reverse proxy works. Does the home assistant page work at that ip and port 8123? you can also try adding in the include for proxy conf as shown in the examples. That contains specific rules to make the proxies work. Quote Link to comment
ritalin Posted February 17, 2017 Share Posted February 17, 2017 First confirm that the ha subdomain works by directing the ha site config to a static html file (remove just the proxy bit and it should open the Welcome page) Then you can see if the reverse proxy works. Does the home assistant page work at that ip and port 8123? you can also try adding in the include for proxy conf as shown in the examples. That contains specific rules to make the proxies work. Alright I think Im making some progress. Ive got it working, but the redirect all traffic to https portion is causing issues. If I unhash it, the page fails to load no matter if I manually specify https or not. Is there something wrong with the servername portion? #server { #listen 80; #server_name ha.mydomain.com; #return 301 https://$server_name$requests_uri; #} Other than that, the last hurdle is that I can't log into home-assistant when I load up the secure link. Not via https:ha.mydomain.com or https://192.168.1.2:8123 After I enter the password, it just spins for a bit and then I get a notice below the password field of Unable to Connect. Have you ever run into an issue like that with a proxy? REALLY! Thank you for the help. Quote Link to comment
Bizmo Posted February 17, 2017 Share Posted February 17, 2017 Having a strange issue when updating muximux from 1.0 to 2.0 In config I have location /admin { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; } This allows me to lock down the /admin directory which is where I run Muximux. into this directory I pasted the contents of the muximux 1 docker and I am fine but when I go to replace it with 2 I just get a white screen in safari and a 500 error in Chrome. I have run chmod 777 and 775 on the directory to try and default permissions with no luck and have tried to restart the docker but nothing. Any ideas? Quote Link to comment
Tyler Posted February 17, 2017 Share Posted February 17, 2017 Other than that, the last hurdle is that I can't log into home-assistant when I load up the secure link. Not via https:ha.mydomain.com or https://192.168.1.2:8123 After I enter the password, it just spins for a bit and then I get a notice below the password field of Unable to Connect. Have you ever run into an issue like that with a proxy? Hi ritalin I have this Letsencrypt / Nginx docker, and the Home Assistant docker setup working. Just wanted to check if you've had a read of the Home Assistant team's guide for setting up Nginx: https://home-assistant.io/ecosystem/nginx/ Specifically their sample config in step 8 (looks like you've already done the rest). This is what I based my config on, and having a quick look over your config it seems to be missing a few settings/parameters. I'm by no means an expert with Nginx or docker, but if you're still having issues I can post a copy of my configs. Quote Link to comment
jfrancais Posted February 17, 2017 Share Posted February 17, 2017 What version of nginx is included with this? does it support stream? I'd like to use this same docker to handle non http traffic as well. I'd like to have this handle vnc and ssh for certain domains. Is this possible? https://pkgs.alpinelinux.org/package/v3.4/main/x86_64/nginx No stream mod in this version, but the next version will include it. No eta yet (currently testing it) With the recent changes, has stream mod made it in yet? Quote Link to comment
sparklyballs Posted February 17, 2017 Share Posted February 17, 2017 What version of nginx is included with this? does it support stream? I'd like to use this same docker to handle non http traffic as well. I'd like to have this handle vnc and ssh for certain domains. Is this possible? https://pkgs.alpinelinux.org/package/v3.4/main/x86_64/nginx No stream mod in this version, but the next version will include it. No eta yet (currently testing it) With the recent changes, has stream mod made it in yet? https://github.com/linuxserver/docker-letsencrypt/blob/master/Dockerfile#L38 Quote Link to comment
skyline7349 Posted February 17, 2017 Share Posted February 17, 2017 So im trying to configure proxy pass for this docker to point example.com/request to my plex request docker. Ive been looking on this forum and internet and no solutions seem to work. I made my server config very simple server { listen 80 default_server; server_name _; location / { #include /config/nginx/proxy.conf; proxy_pass http://192.168.1.90:3000; } #return 301 https://$host$request_uri; } This works and shows my the plex request page. When i make it this. server { listen 80 default_server; server_name _; location /request { #include /config/nginx/proxy.conf; proxy_pass http://192.168.1.90:3000; } #return 301 https://$host$request_uri; } it doesnt work. Ive also tried with location as /request/ That didnt work either. So my letsencrypt docker is setup to have external port of 83. When i go to http://192.168.1.90:83/request/ for some reason it redirects the url to http://192.168.1.90/request/ which isnt correct. Does this have something to do with setting up other proxy headers? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.