[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

1 hour ago, CHBMB said:

publicip:port will only work if you have forwarded the relevant port.

 

To be honest I'm confused, what I think the situation is, is this.

 

From a WAN connection everything is working as expected.

When on your LAN you can't connect via domainname.com/service

 

Is that's the case, and it was happening before, still sounds like NAT reflection / hairpin NAT issues to me.

 

Yeah, me too, but I actually CAN connect from my LAN connection, here's what I've tested;

 

domain.com/service - works for external user and my phone connected to LAN, but NOT on my PC (timeout error).

public IP:port (had the port configured before I switched to letsencrypt) - works for external user and my phone connected to LAN, but NOT on my PC (timeout error).

local IP:port - works on my PC, but not for my phone.

 

This really bugs me, since I had no problem accessing either on my PC before this happened, and now after getting them working again, my PC is blocked somehow.

 

We've already confirmed my docker and ports have been properly setup, and since nextcloud works via domain.com/service for everyone but my PC, we can rule out duckdns config as well (correct me if I'm wrong), and if the issue was NAT at my router, then my phone would experience the same problem, yes? My phone and PC being on the same network, only difference is my phone using wifi and my pc being cabled, shouldn't make a difference.. I just don't understand, I haven't changed anything other than applying the fix needed for letsencrypt?

Link to comment
1 minute ago, Dhagon said:

 

Yeah, me too, but I actually CAN connect from my LAN connection, here's what I've tested;

 

domain.com/service - works for external user and my phone connected to LAN, but NOT on my PC (timeout error).

public IP:port (had the port configured before I switched to letsencrypt) - works for external user and my phone connected to LAN, but NOT on my PC (timeout error).

local IP:port - works on my PC, but not for my phone.

 

This really bugs me, since I had no problem accessing either on my PC before this happened, and now after getting them working again, my PC is blocked somehow.

 

We've already confirmed my docker and ports have been properly setup, and since nextcloud works via domain.com/service for everyone but my PC, we can rule out duckdns config as well (correct me if I'm wrong), and if the issue was NAT at my router, then my phone would experience the same problem, yes? My phone and PC being on the same network, only difference is my phone using wifi and my pc being cabled, shouldn't make a difference.. I just don't understand, I haven't changed anything other than applying the fix needed for letsencrypt?

 

I don't think it's anything to do with letsencrypt, as it works on your phone connected to LAN.  Therefore has to be something with the PC.  Tried clearing out browser cache and cookies?

Link to comment
Just now, CHBMB said:

 

I don't think it's anything to do with letsencrypt, as it works on your phone connected to LAN.  Therefore has to be something with the PC.  Tried clearing out browser cache and cookies?

 

Yeah, that was my first conclusion as well, that's why I was hestitant on posting here in the first place, and then I discovered the HTTPVAL problem like everyone else. I just can't figure out what it could be. I've tried different browsers; edge, firefox, chrome; same result across all of them, cleared cookies and browser cache, no difference.. The more I try to fix it the more I think I've over complicated this and missed something really simple. At least you got confused too.

Link to comment
Just now, Dhagon said:

 

Yeah, that was my first conclusion as well, that's why I was hestitant on posting here in the first place, and then I discovered the HTTPVAL problem like everyone else. I just can't figure out what it could be. I've tried different browsers; edge, firefox, chrome; same result across all of them, cleared cookies and browser cache, no difference.. The more I try to fix it the more I think I've over complicated this and missed something really simple. At least you got confused too.

 

Some sort of port redirection that's come about because of you starting to use port 80?

 

 

Link to comment
5 minutes ago, CHBMB said:

 

Is there a special character in your subdomain?

 

I have exactly the same error since update to 6.4 - before everything was running fine.

 

I don´t have any special character in my domain ;)

Edited by b0mb
  • Like 1
Link to comment
9 minutes ago, CHBMB said:

 

Some sort of port redirection that's come about because of you starting to use port 80?

 

 

 

I've thought about that, but I don't understand how that only affects traffic coming from my PC? If it was redirecting to somewhere wrong using port 80, wouldn't that happen on my phone, too?

Link to comment

Same issues as the rest.  I've read the 100+ responses on how to fix.  I went to go edit the HTTPVAL option.  Can't find it.  I have advanced settings selected, and I've also clicked on "show more settings" and it's not there.  


I removed the docker and image and nothing different.

 

I must be blind.  Someone take a look at the image and say "it's right there ya fool!".

 

httpval.png

Link to comment
26 minutes ago, Brettv said:

This might be a dumb question, but if i had a VPN, would that get around my ISP blocking port 80?

No, unless you control the other endpoint and have ports forwarded through the VPN. Most commercial VPN's don't forward port 80, so pointing your domain name at the VPN's IP address isn't going to work.

 

If you have a VPN to a server elsewhere that you control, and that remote servers WAN connection has incoming port 80 open, then yes, you should be able to get it set up.

Link to comment
2 hours ago, CHBMB said:

Anyone needing help.  Read this first.....

 

Posting this again before I go to bed in the hope it will get read......

 

I read through the tips and have hopefully done everything and posted everything necessary.

 

This all happened immediately upon update to 6.4.

 

Since then, the docker has been unable to start.  

 

This is my error when I deleted the docker and restarted it:

error.thumb.jpg.7926c30e599b8b2c0343aef600ec027d.jpg

 

This is my template:

templateLetsEncrypt.thumb.jpg.df7d9db72cd573183617d9ea8e865aff.jpg

 

 

The log file only shows this (unsure which one to pull off appdata folder):

logs.jpg.5b86fa9e7047f88f08c12c4f9e235520.jpg

 

Here are the router settings:

portForward.jpg.323a759506c53bd02a35da0d8f62b4d4.jpg

 

And since the basic error would make me think I used 443 for something else, here is a screenshot of currently deployed ports for the dockers:

port443.jpg.b34d01c9a07b2f23ccff65dd7ff73f19.jpg

Edited by Living Legend
Link to comment
6 minutes ago, Living Legend said:

 

I read through the tips and have hopefully done everything and posted everything necessary.

 

This all happened immediately upon update to 6.4.

 

Since then, the docker has been unable to start.  

 

This is my error when I deleted the docker and restarted it:

error.thumb.jpg.7926c30e599b8b2c0343aef600ec027d.jpg

 

This is my template:

templateLetsEncrypt.thumb.jpg.d61747672eac8a533cfff00f0b5e4fb1.jpg

 

The log file only shows this (unsure which one to pull off appdata folder):

logs.jpg.5b86fa9e7047f88f08c12c4f9e235520.jpg

 

Here are the router settings:

portForward.jpg.323a759506c53bd02a35da0d8f62b4d4.jpg

 

And since the basic error would make me think I used 443 for something else, here is a screenshot of currently deployed ports for the dockers:

port443.jpg.b34d01c9a07b2f23ccff65dd7ff73f19.jpg

 

Read through the last few pages

Link to comment
8 minutes ago, CorneliousJD said:

Got everything setup and running now - but when users to go to www.mydomain.com it fails to load, but if you go to https://www.mydomain.com it will load fine, and then going to the plain old HTTP version (no HTTPS) will auto-redirect after that.

 

How can I get visitors to not have to first enter HTTPS and get it to auto-redirect?

 

Thanks!

 

It seems your redirect of http to https is not working, but you have hsts working. Check your nginx config. Google has plenty of guides for that

Link to comment

EDIT: Thanks I'll look into the nginx redirect part, and see if I can find a way to disable HSTS as well due to the below issue I had just posted. Unless someone knows a quick way to disable HSTS?

 

Another, separate issue - I use my www.mydomain.com as kind of a shortcut page to other services, e.g. a shortcut on there links to my UniFi setup, which runs HTTPS on a different port than 443, and obviously doesn't use the same certificate. When I try to browse to that site I get 

 

Because this site uses HTTP Strict Transport Security, you can’t continue to this site at this time. 

That's in IE, and in Chrome it shows

You cannot visit mydomain.com right now because the website uses HSTS. 

Edited by CorneliousJD
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.