dalben Posted April 30, 2017 Share Posted April 30, 2017 In the other (incorrect) thread I was asked to check the A record. A DNS lookup shows it's ok. I'm using dns-o-matic to keep dns host record up to date. Quote Link to comment
CHBMB Posted April 30, 2017 Share Posted April 30, 2017 1 hour ago, dalben said: I do have some dlink webcams that are exposed to the intraweb via the dlink myhome software but there is no port forwarding of 443 required for that. I reckon that's the problem. The dlink software, is it using https? Might not have opened the ports but what about uPnP, may be doing it without you realising it? Quote Link to comment
dalben Posted April 30, 2017 Share Posted April 30, 2017 1 hour ago, CHBMB said: I reckon that's the problem. The dlink software, is it using https? Might not have opened the ports but what about uPnP, may be doing it without you realising it? Doing some reading DLink are a bit vague on how the webcams make it to their server. I'll deregister the cameras and see what happens when then. Quote Link to comment
harperbrett Posted May 1, 2017 Share Posted May 1, 2017 (edited) Does anyone know how to add additional lop level domains after this docker app has been configured? ie example.com AND example.org. If any commands need to be run or scripts modified I can do that, just need a little direction. Thanks! edit- I'm referring to the letsencrypt portion of this (not nginx) Edited May 1, 2017 by harperbrett Quote Link to comment
aptalca Posted May 1, 2017 Share Posted May 1, 2017 Does anyone know how to add additional lop level domains after this docker app has been configured? ie example.com AND example.org. If any commands need to be run or scripts modified I can do that, just need a little direction. Thanks! edit- I'm referring to the letsencrypt portion of this (not nginx)This container only supports one domain.You could redirect the org to the com, though, if they are pointing to the same web folder Quote Link to comment
In0cenT Posted May 1, 2017 Share Posted May 1, 2017 Hello Thanks for maintaining this wonderful docker. I have a minecraft server running and use a tool called overview which creates a "google maps" like map. This tool runs on a ubuntu VM and outputs all files in a folder. Now to share that I'd like to use the nginx webserver. My question now is whats the best way to mount that folder within the docker to be able to share it? Quote Link to comment
aptalca Posted May 1, 2017 Share Posted May 1, 2017 Hello Thanks for maintaining this wonderful docker. I have a minecraft server running and use a tool called overview which creates a "google maps" like map. This tool runs on a ubuntu VM and outputs all files in a folder. Now to share that I'd like to use the nginx webserver. My question now is whats the best way to mount that folder within the docker to be able to share it?Is the vm on unraid? You can probably do a 9p share in the vm, save into that folder and map that for this container Quote Link to comment
In0cenT Posted May 1, 2017 Share Posted May 1, 2017 1 hour ago, aptalca said: Is the vm on unraid? You can probably do a 9p share in the vm, save into that folder and map that for this container No the VM runs on my esxi host on 192.168.178.201 and unraid is 192.168.178.200. Quote Link to comment
aptalca Posted May 1, 2017 Share Posted May 1, 2017 No the VM runs on my esxi host on 192.168.178.201 and unraid is 192.168.178.200.Then you can cifs mount an unraid share in the vm and map that same folder to the docker container Quote Link to comment
faqchina Posted May 4, 2017 Share Posted May 4, 2017 nextcloud need xmlreader and zip module, can you add xmlreader and zip module? thank you Quote Link to comment
faqchina Posted May 4, 2017 Share Posted May 4, 2017 "apk add --update php7-xmlreader php7-zip" can not work in Letsencrypt ver:55 Quote Link to comment
CHBMB Posted May 4, 2017 Share Posted May 4, 2017 php has been updated to 7.14 I believe so a lot of dependencies have changed.Sent from my LG-H815 using Tapatalk Quote Link to comment
gshlomi Posted May 5, 2017 Share Posted May 5, 2017 Security question - what is more secure - using .htaccess for authentication or using each app built-in authentication? Sent from my LG-K430 using Tapatalk Quote Link to comment
aptalca Posted May 5, 2017 Share Posted May 5, 2017 In my personal opinion, htpasswd with a fail2ban rule that prevents brute force attempts by banning after so many tries On my company server, I even have a recidive rule set up so if any fail2ban rule does 3 10min bans in a 3hr period, they get banned for a week Quote Link to comment
gshlomi Posted May 5, 2017 Share Posted May 5, 2017 In my personal opinion, htpasswd with a fail2ban rule that prevents brute force attempts by banning after so many tries On my company server, I even have a recidive rule set up so if any fail2ban rule does 3 10min bans in a 3hr period, they get banned for a week But isn't passing htpasswd for one site (using brute, social eng, whatever) opens up all your sites to the attacker?Using every specific app built in authentication enables different passwords to different systems.Or am I missing something?Sent from my LG-K430 using Tapatalk Quote Link to comment
CHBMB Posted May 5, 2017 Share Posted May 5, 2017 You can create a different .htpasswd for each service if you wish. I think the main thing you're "missing" is that nginx's implementation of .htpasswd is likely to be far more secure than that of "app x" which is why I'd generally advocate the same as @aptalca Quote Link to comment
In0cenT Posted May 6, 2017 Share Posted May 6, 2017 Sorry to bother you again... I'm trying to run nextcloud in your nginx docker. When I try to access the site it would not open the site but would download the index.php file. My nginx config: server { listen 80; server_name cloud.XXX.ch; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name cloud.XXX.ch; root /config/www/cloud; index index.php index.html; access_log /var/log/nginx/cloud.example.com.access.log; error_log /var/log/nginx/cloud.example.com.error.log; client_max_body_size 0; underscores_in_headers on; ssl on; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_stapling on; ssl_stapling_verify on; location / { proxy_headers_hash_max_size 512; proxy_headers_hash_bucket_size 64; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Front-End-Https on; } } Can you find the reason behind this? Quote Link to comment
CHBMB Posted May 6, 2017 Share Posted May 6, 2017 I don't understand what you're trying to do? 1. Reverse proxy our Nextcloud container with this one? 2. Install Nextcloud into this container? If it's the first then wait for me to finish my guide. If it's the 2nd then you're on your own, configuring nginx for each individual app people want to install is way beyond what we're able to support. We support getting the container up and running. Advanced config is past that. Quote Link to comment
In0cenT Posted May 7, 2017 Share Posted May 7, 2017 18 hours ago, CHBMB said: I don't understand what you're trying to do? 1. Reverse proxy our Nextcloud container with this one? 2. Install Nextcloud into this container? If it's the first then wait for me to finish my guide. If it's the 2nd then you're on your own, configuring nginx for each individual app people want to install is way beyond what we're able to support. We support getting the container up and running. Advanced config is past that. Would have been the 2nd. Was hoping you've seen this problem before... Quote Link to comment
aptalca Posted May 7, 2017 Share Posted May 7, 2017 Would have been the 2nd. Was hoping you've seen this problem before...You did not set up your php processor (php-fpm) in your config so nginx doesn't know what to do with it. It just serves it as is Quote Link to comment
Homer-S Posted May 11, 2017 Share Posted May 11, 2017 Hello I created letsencrypt container with 3 different subdomains (pydio and nextcloud included). Then I followed latest article to run nextcloud behind nginx reverese proxy. for nextcloud it is working but with pydio (2 different config files) it fails with : SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown .... I am wondering how you differ the subdomain keys? Because in keys folder is only a link to one folder mydomain.com and in config file we have these lines each: ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; do I have to do something different? Thank Quote Link to comment
CHBMB Posted May 11, 2017 Share Posted May 11, 2017 The keys work for all the subdomains you specify. Your issue is reverse proxying pydio, which I have no experience of tbh. Quote Link to comment
Malykai Posted May 12, 2017 Share Posted May 12, 2017 Homer-S, can you include the rest of the error? A lot of the time that error is pointing out an incorrect IP but that part doesn't seem to be included here.Sent from my iPad using Tapatalk Quote Link to comment
Porkie Posted May 12, 2017 Share Posted May 12, 2017 For anyone that wants to get this working with cloudflare enabled. First toggle your the cloud icon for you domains in the DNS section so that they are grey and DNS only is enabled. Then install Letsencrypt and generate your certs. Once that is done go back to cloudflare crypto section and change the SSL cert from flexible to full strict and wait for it to issue, its says it can take up to 24 hours but mine was done in about 20 minutes. After all has been completed and working fine toggle the clouds back to original setting in DNS in the cloudflare panel. Quote Link to comment
Homer-S Posted May 12, 2017 Share Posted May 12, 2017 (edited) 6 hours ago, Malykai said: Homer-S, can you include the rest of the error? A lot of the time that error is pointing out an incorrect IP but that part doesn't seem to be included here. Sorry, for sure I can. Quote SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: XX.174.239.197, server: pydio.XX.myadress.de, request: "GET / HTTP/1.1", upstream: "https://192.168.100.10:84/", host: "pydio.XX.myadress.de" Is there a way to check if all three subdomains are included in keys? I found my mistake!!! wrong: proxy_pass https://192.168.100.10:84/; correct: proxy_pass http://192.168.100.10:84/; That was the reason for SSL error Thanks anyway Edited May 12, 2017 by Homer-S Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.