ijuarez Posted July 7, 2017 Share Posted July 7, 2017 2 hours ago, aptalca said: FYI, the new version of this image supports multiple domains through a new environment variable. Details are on the docker hub page I've updated my docker how do I add the new variable? Quote Link to comment
jrdnlc Posted July 7, 2017 Share Posted July 7, 2017 I do have that, pfsense does it for me. I can do a nslookup from outside my home network and it will reply with the correct ip. But when the docket runs it just says no valid ip for my Google domains. If you need help setting this up with Google Domains let me know. I just switched my domains to Google and took me a about a day to figure things out. All good now though Quote Link to comment
ijuarez Posted July 7, 2017 Share Posted July 7, 2017 7 hours ago, jrdnlc said: If you need help setting this up with Google Domains let me know. I just switched my domains to Google and took me a about a day to figure things out. All good now though sure send me the info, i like to use the domain i paid for. Quote Link to comment
ChaOConnor Posted July 7, 2017 Share Posted July 7, 2017 7 hours ago, jrdnlc said: If you need help setting this up with Google Domains let me know. I just switched my domains to Google and took me a about a day to figure things out. All good now though Thanks! I'm going to try what ijuarez suggested, but I think it should all be pretty automated right? I mean, I run a ddclient docker to update my google domain with my current IP. Then the letsencrypt docker should reference that domain and be good to go. Right now I'd have to do it manually every time the IP changes. Appreciate seeing how you managed it! Quote Link to comment
aptalca Posted July 7, 2017 Share Posted July 7, 2017 For google domains dns setting, see the link, second paragraph: https://haskovec.com/ssl-certificates-google-domains/ 1 Quote Link to comment
jrdnlc Posted July 7, 2017 Share Posted July 7, 2017 2 hours ago, ChaOConnor said: Thanks! I'm going to try what ijuarez suggested, but I think it should all be pretty automated right? I mean, I run a ddclient docker to update my google domain with my current IP. Then the letsencrypt docker should reference that domain and be good to go. Right now I'd have to do it manually every time the IP changes. Appreciate seeing how you managed it! I don't use the ddclient docker. I use my router dynamic dns service to update my IP. Let me know how that goes. Feel free to message me 1 Quote Link to comment
ijuarez Posted July 7, 2017 Share Posted July 7, 2017 thanks to aptalca for the link, it took me several reads to understand how he set it up but i finally got it. No ip needed. on goolge domains, select the domain you want to use, select DNS, create a dynamic dns entry for you domain. us the @. whatever your domain is and add it then create a cname record www cname 1H yourdomain,com then add it. For DynamicDNS, setup whatever you want router, ddclient, whatever and use the new creds for the dynamic dns run the docker and boom its good 1 Quote Link to comment
Ezro Posted July 7, 2017 Share Posted July 7, 2017 On 7/4/2017 at 1:12 PM, Ezro said: Does anyone know how to get this to work with the gitlab docker? (https://forums.lime-technology.com/topic/48653-support-gitlab-ce/) I set my letsencrypt\nginx\site-confs to the following location /gitlab { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.207:9080/gitlab; } When I go to my server.duckdns.org/gitlab, I get a '404 not found' error. Anyone have an idea how to fix this? Sorry to bump, but I'm still having issues with Gitlab routing. Also, I tried getting Nextcloud to work using this guide, and when I try to access https://192.168.1.207:444 I receive an "Insecure Connection" error. When I try to access server.duckdns.org/nextcloud/ I get a 502 bad gateway. Does anyone know what I should look at in order to fix the Nextcloud routing? Quote Link to comment
ebnerjoh Posted July 8, 2017 Share Posted July 8, 2017 On 7.7.2017 at 6:11 AM, ijuarez said: I've updated my docker how do I add the new variable? Hi, I am also interested how to add the new variable. Br, Johannes Quote Link to comment
aptalca Posted July 8, 2017 Share Posted July 8, 2017 Hi, I am also interested how to add the new variable. Br, JohannesClick on "Add another Path, Port or Variable" Quote Link to comment
ebnerjoh Posted July 8, 2017 Share Posted July 8, 2017 1 hour ago, aptalca said: Click on "Add another Path, Port or Variable" Like this? Quote Link to comment
aptalca Posted July 8, 2017 Share Posted July 8, 2017 Like this? Key should be EXTRA_DOMAINS and don't forget the underscore in the middleIf you go to edit one of the other variables like the PUID, you can see the format 1 Quote Link to comment
Roxedus Posted July 8, 2017 Share Posted July 8, 2017 I want to restart nginx, without restarting the whole docker, prefferably by using docker exec letsencrypt nginx -s reload But all i get is nginx: [error] open() "/run/nginx/nginx.pid" failed (2: No such file or directory) Is there any easy fix i can do on my end? Quote Link to comment
aptalca Posted July 8, 2017 Share Posted July 8, 2017 I want to restart nginx, without restarting the whole docker, prefferably by using docker exec letsencrypt nginx -s reload But all i get is nginx: [error] open() "/run/nginx/nginx.pid" failed (2: No such file or directory) Is there any easy fix i can do on my end?s6-svc -h /var/run/s6/services/nginx Quote Link to comment
ebnerjoh Posted July 10, 2017 Share Posted July 10, 2017 On 8.7.2017 at 5:41 PM, aptalca said: Key should be EXTRA_DOMAINS and don't forget the underscore in the middle If you go to edit one of the other variables like the PUID, you can see the format Thanks, it is working. Br, Johannes Quote Link to comment
mikeyw Posted July 10, 2017 Share Posted July 10, 2017 All, First of all ThanX!, I have been watching this thread for a while. it has helped me get letsencrypt/nginx running on my (Unraid)server with no real issues till now. I have a working nextcloud confg and I can get to my index page. (which I have modified slightly just so I know its mine) and can get my instance of couch potato running on my server. So now I am having issues with getting a rev proxy to my instance of home-assistant, I followed a thread bite from feb 17 about this but have tried the included config file with no success. So just looking for a little help. So here is what I have also done: copied my working nextcloud file an changed it accordingly. added the necessary stuff to the ha config file. Now what I get is "502 Bad Gateway" when I go to https://subdomain.my_server.com Here is a portion from the error log file: 2017/07/10 14:47:06 [error] 347#347: *1 SSL_do_handshake() failed (SSL: error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number) while SSL handshaking to upstream, client: ISP, server: SUBDOMAIN.myserver.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://0.0.0.0:port/favicon.ico", host: "SUBDOMAIN.myserver.com", referrer: "https://SUBDOMAIN.myserver.com/" And here is the "site-confs" file:( just the one that seems to be the issue): # This is the virtual host part that allows a subdomain include server { listen 443 ssl; server_name subdomain.my_server.com; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'there is really a key here'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://0.0.0.0:port/; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } } hopefully I didn't redact too much info for it to make sense but here it is. I am sure it is something that I missed, so I would appreciate some extra eyes. ThanX in advance Mikey Quote Link to comment
mattekure Posted July 11, 2017 Share Posted July 11, 2017 I just read that LetsEncrypt recently announced that starting in Jan 2018, they will offer wildcard certificates for free. so you could have one for all the subdomains https://arstechnica.com/information-technology/2017/07/lets-encrypt-to-start-offering-free-wildcard-certificates-for-https/ Quote Link to comment
aptalca Posted July 11, 2017 Share Posted July 11, 2017 (edited) 19 hours ago, mikeyw said: All, First of all ThanX!, I have been watching this thread for a while. it has helped me get letsencrypt/nginx running on my (Unraid)server with no real issues till now. I have a working nextcloud confg and I can get to my index page. (which I have modified slightly just so I know its mine) and can get my instance of couch potato running on my server. So now I am having issues with getting a rev proxy to my instance of home-assistant, I followed a thread bite from feb 17 about this but have tried the included config file with no success. So just looking for a little help. So here is what I have also done: copied my working nextcloud file an changed it accordingly. added the necessary stuff to the ha config file. Now what I get is "502 Bad Gateway" when I go to https://subdomain.my_server.com Here is a portion from the error log file: 2017/07/10 14:47:06 [error] 347#347: *1 SSL_do_handshake() failed (SSL: error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number) while SSL handshaking to upstream, client: ISP, server: SUBDOMAIN.myserver.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://0.0.0.0:port/favicon.ico", host: "SUBDOMAIN.myserver.com", referrer: "https://SUBDOMAIN.myserver.com/" And here is the "site-confs" file:( just the one that seems to be the issue): # This is the virtual host part that allows a subdomain include server { listen 443 ssl; server_name subdomain.my_server.com; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'there is really a key here'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://0.0.0.0:port/; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } } hopefully I didn't redact too much info for it to make sense but here it is. I am sure it is something that I missed, so I would appreciate some extra eyes. ThanX in advance Mikey A couple of thing I noticed. . . I am not sure if 0.0.0.0 is the real ip you are trying to reverse proxy or if that's your redaction. If former, that is incorrect. 0.0.0.0 in net=bridge will refer only to the letsencrypt container, not the host and not other containers. You can use the server ip to connect to a different container. Also, you are trying to reverse proxy an https page. That is likely the reason you are getting the ssl handshake error (or a combination with a nonexistent service on 0.0.0.0 as referenced above). Try to use an http address for the reverse proxy. Edited July 11, 2017 by aptalca Quote Link to comment
aptalca Posted July 11, 2017 Share Posted July 11, 2017 15 hours ago, mattekure said: I just read that LetsEncrypt recently announced that starting in Jan 2018, they will offer wildcard certificates for free. so you could have one for all the subdomains https://arstechnica.com/information-technology/2017/07/lets-encrypt-to-start-offering-free-wildcard-certificates-for-https/ DNS challenge only https://community.letsencrypt.org/t/wildcard-certificates-coming-january-2018/37567/8 Quote Link to comment
sethrd Posted July 11, 2017 Share Posted July 11, 2017 I just switched back to unRAID, and am working on getting the LE+Nginx docker setup. Nginx starts, but the logs are constantly being populated with the following: 2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:82 failed (98: Address in use) 2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:444 failed (98: Address in use) No matter what I put the port to in the docker config, or in the nginx.conf, these errors just stream across with the port I specified. Nothing is using those ports except for nginx. I'm able to access most of the proxy_pass (except plex, working on that too), but within just a few minutes, my error.log is growing huge. Anyone come across this before? Quote Link to comment
aptalca Posted July 11, 2017 Share Posted July 11, 2017 I just switched back to unRAID, and am working on getting the LE+Nginx docker setup. Nginx starts, but the logs are constantly being populated with the following:2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:82 failed (98: Address in use)2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:444 failed (98: Address in use) No matter what I put the port to in the docker config, or in the nginx.conf, these errors just stream across with the port I specified. Nothing is using those ports except for nginx. I'm able to access most of the proxy_pass (except plex, working on that too), but within just a few minutes, my error.log is growing huge. Anyone come across this before?I suspect you highly modified the nginx. conf and perhaps removed the "daemon off" setting so it's trying to launch a second instance unsuccessfully. Did you by any chance copy your nginx settings over from another install? If so, go back to defaults by deleting them and restarting the container. Then modify the defaults as needed. If that doesn't work, post your container settings along with nginx and site configs and we'll take a look. 1 Quote Link to comment
sethrd Posted July 12, 2017 Share Posted July 12, 2017 (edited) 1 hour ago, aptalca said: I suspect you highly modified the nginx. conf and perhaps removed the "daemon off" setting so it's trying to launch a second instance unsuccessfully. Did you by any chance copy your nginx settings over from another install? If so, go back to defaults by deleting them and restarting the container. Then modify the defaults as needed. If that doesn't work, post your container settings along with nginx and site configs and we'll take a look. Should I not be editing the nginx.conf then? Just put my config in the site-confs/default? I use a subdomain map for my proxy pass, with some nifty logic that has worked on other boxes, e.g.: map $subdomain $proxy_url { pr "http://192.168.1.103:3000"; py "http://192.168.1.103:8181"; cp "http://192.168.1.103:5050"; pms "http://192.168.1.103:32400"; nzb "http://192.168.1.103:6789"; down "http://192.168.1.103:9091"; } if ($host ~* ^([a-z0-9-\.]+)\.mydomain.tld$) { set $subdomain $1; } location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; if ($subdomain) { proxy_pass $proxy_url; } } if ($subdomain = "pms") { rewrite ^/$ $1/web; } if ($subdomain = "down") { rewrite ^/$ $1/transmission; } This has worked on other servers no problem, although I'm not used to running things in a docker, and haven't used unRAID in almost a year. Edited July 12, 2017 by sethrd Quote Link to comment
aptalca Posted July 12, 2017 Share Posted July 12, 2017 You can edit the nginx.conf but don't overwrite it with a config from another server or you'll break it. Nginx package from the ubuntu repo has very different defaults than this container which is alpine based, and uses s6 as the supervisor. What you posted is just a snippet of the site config. And not related to the error you're getting. 1 Quote Link to comment
sethrd Posted July 12, 2017 Share Posted July 12, 2017 Got it. Removed my custom stuff, and added most of my config to the site-confs/default file and the errors are no longer showing. Still working on getting some of the proxy_pass working, mainly for plex access. Thanks aptalca! Quote Link to comment
mattekure Posted July 12, 2017 Share Posted July 12, 2017 5 hours ago, aptalca said: DNS challenge only https://community.letsencrypt.org/t/wildcard-certificates-coming-january-2018/37567/8 I tried to read through and figure out what the implications are, but it goes beyond me. It seems like if I own my domain yyyyy.com, I can get the wildcard certificate for *.yyyyy.com. Is that right? or am I totally off base? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.