[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

I have a similar request than fc0712

I want to redirect "subdomain.mydomain.org" to the according docker on my unraid server.

So in this case for e.g. teamspeak should be available via ts.domain.org

unRaid is running behind an avm fritzbox router (non-static-ip)

 

internet - > ts.domain.org -> avm router -> unraid server :)

 

Has somebody a "how-to" for this setup in regards to namecheap config and most important unRaid reverseproxy setup ?

 

 

 

Edited by Mastermischke
Link to comment
1 hour ago, Mastermischke said:

I have a similar request than fc0712

I want to redirect "subdomain.mydomain.org" to the according docker on my unraid server.

So in this case for e.g. teamspeak should be available via ts.domain.org

unRaid is running behind an avm fritzbox router (non-static-ip)

 

internet - > ts.domain.org -> avm router -> unraid server :)

 

Has somebody a "how-to" for this setup in regards to namecheap config and most important unRaid reverseproxy setup ?

 

 

 

I can recommend this guide: https://cyanlabs.net/tutorials/the-complete-unraid-reverse-proxy-duck-dns-dynamic-dns-and-letsencrypt-guide/

Link to comment
9 hours ago, In0cenT said:

Hello

Since today my fail2ban in the container is spitting errors. All my subdomains do not work anymore too.
https://pastebin.com/C2mP23s4

Any idea how to get it back working?

 

OK, I see that although the issue was fixed back in March per https://github.com/fail2ban/fail2ban/issues/1741 there hasn't been a new release with the fix in it yet. Temporary solution to fix fail2ban here: https://gist.github.com/aptalca/ac9c3f931de460c9a2c12176e26df7d8

 

However, this issue should not break your reverse proxy. It only breaks fail2ban. You probably have a different issue regarding the subdomains.

Link to comment
On 1.6.2017 at 2:56 PM, aptalca said:

ip6tables issue again. We had fixed that before. I'll look into it

 

Ok so the fail2ban seems fine again and as you thought my subdomains are still not working. I've checked all logs and nothing seems to have a problem? Everything worked fine before and nothing was changed...

Should I just reinstall the docker?

Thanks for your help!

Link to comment
Ah ok thanks. Is the php.ini not exposed in this container for some reason? I also need the mysqli extension enabled if possible.


Php.ini is inside the image and not directly accessible.

I believe the mysqli package is already installed so it should be good to go.

By the way an update was pushed today with bzip2
Link to comment

Hey :) 

 

I have the SSL certificates running on the NGINX webserver. I now need the certificates for my openvpn acces server web server. 

 

Any of you guys know which files to upload under CA bundle, Certificate and Private Key. 

 

Thanks in advance :)

Link to comment
1 hour ago, fc0712 said:

Hey :) 

 

I have the SSL certificates running on the NGINX webserver. I now need the certificates for my openvpn acces server web server. 

 

Any of you guys know which files to upload under CA bundle, Certificate and Private Key. 

 

Thanks in advance :)

I think he explanes it in this video

 

Link to comment
On 11/17/2016 at 9:13 AM, vurt said:

You have to edit /appdata/rutorrent/nginx/nginx.conf. Change

 

 


server {
listen 80 default_server;
        root /var/www/localhost/rutorrent;
index index.html index.htm index.php;
to

 


server {
listen 80 default_server;
        root /var/www/localhost;
index index.html index.htm index.php;
And then add to /appdata/letsencrypt/nginx/site-confs/default

#Config for ruTorrent
	location ^~ /ru {
		auth_basic "Restricted";
		auth_basic_user_file /config/nginx/.htpasswd;
		include /config/nginx/proxy.conf;
		proxy_pass http://your.internal.ip:port/rutorrent/;
	}
 

So I did this (except I used /rutorrent rather than /ru in the location line) and it works for me now - however when I am in the unRAID dashboard and I click on the web UI it doesn't work since it tries to open http://tower:7777 rather than http://tower:7777/rutorrent which is now the correct URL given the config change that we did in the /appdata/rutorrent/nginx/nginx.conf file .  What do you do you fix the URL that it uses by default in the dashboard?

Link to comment
So I did this (except I used /rutorrent rather than /ru in the location line) and it works for me now - however when I am in the unRAID dashboard and I click on the web UI it doesn't work since it tries to open http://tower:7777 rather than http://tower:7777/rutorrent which is now the correct URL given the config change that we did in the /appdata/rutorrent/nginx/nginx.conf file .  What do you do you fix the URL that it uses by default in the dashboard?


Edit container settings in advanced view, you'll see the field for the gui url
Link to comment

After upgrading to 6.4, I have had some problems with my container that wont start. 

 

Tried to remove everything except my nginx config file yesterday, and now I am getting this error when trying to start letsencrypt:

 

EDIT: I am running letsencrypt with fixed IP

 

Quote

Generating new certificate
WARNING: The standalone specific supported challenges flag is deprecated.
Please use the --preferred-challenges flag instead.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
ConnectionError: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x2b85236dee10>: Failed to establish a new connection: [Errno -3] Try again',))
Please see the logfiles in /var/log/letsencrypt for more details.
/var/run/s6/etc/cont-init.d/50-config: line 108: cd: /config/keys/letsencrypt: No such file or directory
[cont-init.d] 50-config: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

 

Edited by ZataH
Link to comment
7 minutes ago, ZataH said:

After upgrading to 6.4, I have had some problems with my container that wont start. 

 

Tried to remove everything except my nginx config file yesterday, and now I am getting this error when trying to start letsencrypt:

 

 

 

port 443 on 6.4 is used for the https version of the unraid webui. 

Link to comment
2 hours ago, ZataH said:

I forgot to mention, I am running letsencrypt with fixed IP

 

 

it makes no difference, on unraid 6.4 port 443 is being used by the https page for the unraid webui and so is not available for any containers and as letsencrypt runs in host networking mode.....

Link to comment
50 minutes ago, sparklyballs said:

 

 

it makes no difference, on unraid 6.4 port 443 is being used by the https page for the unraid webui and so is not available for any containers and as letsencrypt runs in host networking mode.....

Why not? If the container are running on a different IP, this should not be a issue

Link to comment
After upgrading to 6.4, I have had some problems with my container that wont start. 
 
Tried to remove everything except my nginx config file yesterday, and now I am getting this error when trying to start letsencrypt:
 
EDIT: I am running letsencrypt with fixed IP
 
Generating new certificate
WARNING: The standalone specific supported challenges flag is deprecated.
Please use the --preferred-challenges flag instead.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
ConnectionError: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(': Failed to establish a new connection: [Errno -3] Try again',))
Please see the logfiles in /var/log/letsencrypt for more details.
/var/run/s6/etc/cont-init.d/50-config: line 108: cd: /config/keys/letsencrypt: No such file or directory
[cont-init.d] 50-config: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
 


I assume you mean separate IP through macvlan. In that case, make sure that your router is forwarding port 443 to the letsencrypt container's IP rather than unraid's
Link to comment
4 hours ago, sparklyballs said:

 

 

it makes no difference, on unraid 6.4 port 443 is being used by the https page for the unraid webui and so is not available for any containers and as letsencrypt runs in host networking mode.....

 

I installed the Linuxserver LetsEncrypt container for the first time last night, and the template I used via Community Applications set it up with bridge mode and 80 -> 80, 443 -> 443. I don't see anything at the github page that says to swap to host mode.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.