[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

Hi,

 

I am running the LetsEncrypt Container with NextCloud and an apache-Container without  issues.

 

Now I have some questions::

1) The Apache Container is not working anymore. Should I move to an NGINX-Container or could I run it on the LetsEncrypt-Docker?

2) If I could run it on the LetsEncrypt-Docker, do you have an example vhost config?

3) I have some webapps which still need PHP5 and not working with PHP7. What option do I have here? As far as I know NGINX (and LetsEncrpyt) is based on PHP7?

 

Br,

Johannes

Link to comment
5 hours ago, ebnerjoh said:

Hi,

 

I am running the LetsEncrypt Container with NextCloud and an apache-Container without  issues.

 

Now I have some questions::

1) The Apache Container is not working anymore. Should I move to an NGINX-Container or could I run it on the LetsEncrypt-Docker?

2) If I could run it on the LetsEncrypt-Docker, do you have an example vhost config?

3) I have some webapps which still need PHP5 and not working with PHP7. What option do I have here? As far as I know NGINX (and LetsEncrpyt) is based on PHP7?

 

Br,

Johannes

 

There is no apache in letsencrypt, you would have to either run it on a separate apache container and reverse proxy, or run it on nginx. 

 

Only php7 in letsencrypt. You can however set up a separate php container (official one might do) that listens on a port and put that ip and port in your nginx config for that specific location

Link to comment

Hi all, I'm trying to use the nginx module called "ngx_stream_core_module" (available since version 1.9.0) but it doesn't seem to be enabled in this Letsencrypt docker. The man page says it's "enabled with the --with-stream" option. Is that something I have control over in the docker?

 

The reason I want this module is to forward non-http ports to different IPs (yes, just like my router does, but with the added ability to filter out certain things or block file access).

Thanks!

Link to comment
18 hours ago, tomahawk1277 said:

Hi all, I'm trying to use the nginx module called "ngx_stream_core_module" (available since version 1.9.0) but it doesn't seem to be enabled in this Letsencrypt docker. The man page says it's "enabled with the --with-stream" option. Is that something I have control over in the docker?

 

The reason I want this module is to forward non-http ports to different IPs (yes, just like my router does, but with the added ability to filter out certain things or block file access).

Thanks!

 

It's already enabled

 

Make sure your nginx.conf has this line in it: https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/nginx.conf#L6

Edited by aptalca
Link to comment
17 minutes ago, tomahawk1277 said:

 

Ah! Mine didn't have the include line for some reason. It recognizes the stream command now. Thanks aptalca!

 

When we update certain default conf files like nginx.conf or the default site conf, we don't overwrite the existing files because they contain user custom config. That's why we started tagging the conf files with dates and a link to view recent changes so you can make those in your config manually: https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/default#L1

  • Like 1
Link to comment

Hi guys. My apache docker just died yesterday. So, I gave a letsencrypt a try. It work with my nextcloud and my website. However,  a problem is I cannot use DNS  resolver to access my web page in the internal network(LAN). Out side, It works no problem. I use PFsense. Any ideal? Thank.

Link to comment
2 hours ago, Hoanh said:

Hi guys. My apache docker just died yesterday. So, I gave a letsencrypt a try. It work with my nextcloud and my website. However,  a problem is I cannot use DNS  resolver to access my web page in the internal network(LAN). Out side, It works no problem. I use PFsense. Any ideal? Thank.

 

Pfsense system / advanced / nat, enable nat reflection and automatic outbound

  • Upvote 1
Link to comment

I've search a bit but there's 81 pages... so I might have missed that.

 

Is there a way to have multiple domain ? Like domain1.com and domain2.com with some subdomain ?

 

I can configure it manually (already done in fact), but I can I'm not sure about the CertBot to make a renew the cert ?

 

Thanks !

Link to comment
3 hours ago, nka said:

I've search a bit but there's 81 pages... so I might have missed that.

 

Is there a way to have multiple domain ? Like domain1.com and domain2.com with some subdomain ?

 

I can configure it manually (already done in fact), but I can I'm not sure about the CertBot to make a renew the cert ?

 

Thanks !

On 3/25/2018 at 1:42 AM, geekypenguin said:

 

Advanced view > Extra parameters then the full command is -e EXTRA_DOMAINS=<domain2>,<domain3> etc

 

Thanks!

 

Documented here: https://github.com/linuxserver/docker-letsencrypt#parameters

Edited by Encino Stan
  • Like 1
Link to comment

anyone has a working config for a Nextcloud Reverse proxy with NGINX? (Lets'Encrypt Docker).  My apache docker died yesterday like everyone else that tried to restart it.  I moved all my other Reverse proxies with much effort, but the NextCloud one doesnt want.  Also, what are in your working config file of Nextcloud itselft (not just the NGINX config).

 

Thanks  

Link to comment
37 minutes ago, Pducharme said:

anyone has a working config for a Nextcloud Reverse proxy with NGINX? (Lets'Encrypt Docker).  My apache docker died yesterday like everyone else that tried to restart it.  I moved all my other Reverse proxies with much effort, but the NextCloud one doesnt want.  Also, what are in your working config file of Nextcloud itselft (not just the NGINX config).

 

Thanks  

 

I'm using this docker along with OAuth2 Proxy.... getting Hosted website and reverse proxy with (or without if I don't need it) Google Auth  is perfect! :)

Link to comment

I followed the article here :  https://blog.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/

 

I have my DNS entry with the subdomain.  If I do not use the subdomain conf file for Nextcloud, I can see the default NGINX page.  When I enable the subdomain conf, I got the error in the browser (i.e.: https://cloud.mydomain.com).

 

500 Internal Server Error
nginx/1.12.2

 

Is anyone successfully ran the nextcloud docker behind a NGINX reverse proxy following the guide ??

 

Here is my config file :

 

cloud.subdomain.conf  (tried the proxy_pass to https://$upstream_cloud:4443; and also with https://$upstream_cloud:443 since it wasn't clear if it was the SSL port or the Port that the nextcloud run, both fail).

 

# make sure that your dns has a cname set for nextcloud
# edit your nextcloud container's /config/www/nextcloud/config/config.php file and change the server address info as described
# at the end of the following article: https://blog.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/

server {
    listen 443 ssl;

    server_name cloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_cloud cloud;
        proxy_max_temp_file_size 8092m;
        proxy_pass https://$upstream_cloud:4443;
    }
}

Here is my config file of NextCloud :

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'ock3zdmauibe',
  'passwordsalt' => 'xxxxxxxxxxxxxxxxxxxxxxxxx/bEaYx',
  'secret' => 'xxxxxxxxxxxxx+64Ze5W7tkOyYNzOgxhiWiLJItx8zWGrZM3',
  'trusted_domains' => 
  array (
    0 => '192.168.2.6:4443',
    1 => 'cloud.mydomain.com',
  ),
  'overwrite.cli.url' => 'https://cloud.mydomain.com',
  'overwritehost' => 'cloud.mydomain.com',
  'overwriteprotocol' => 'https',
  'dbtype' => 'mysql',
  'version' => '11.0.1.2',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.2.6',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'myuser',
  'dbpassword' => 'mypassword',
  'logtimezone' => 'UTC',
  'installed' => true,
  'maintenance' => false,
  'loglevel' => 2,
);

 

Link to comment
Just now, Pducharme said:

Edit your Docker setting of letsencrypt docker, enable the "advanced mode" in top right.    Then, in Extra parameters add:  -e EXTRA_DOMAINS=domain2.com

do i need to add the -e? I have EXTRA_DOMAINS but not -e EXTRA_DOMAINS

Link to comment
5 minutes ago, Pducharme said:

 

I have exactly this in mine :

 


-e EXTRA_DOMAINS=best-network.info

 

works OK for me.

odd, how do i need to set the location in the site-conf?

 

right now i have domainA.com set up with the cert and all of my locations are just sub-directories such as /sonarr

 

how do i need to set this up for domainB.com? For the location do i need to add the full address doimainB.com/sonarr and not just the sub-directory?

 

I really want to switch to subdomains (sonarr.domainB.com) but one step at a time lol

image.png.fb0237a371dddf9c4ee9c9350cbff3d9.png

Edited by Aurao
Link to comment
6 hours ago, Pducharme said:

I followed the article here :  https://blog.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/

 

I have my DNS entry with the subdomain.  If I do not use the subdomain conf file for Nextcloud, I can see the default NGINX page.  When I enable the subdomain conf, I got the error in the browser (i.e.: https://cloud.mydomain.com).

 


500 Internal Server Error
nginx/1.12.2

 

Is anyone successfully ran the nextcloud docker behind a NGINX reverse proxy following the guide ??

 

Here is my config file :

 

cloud.subdomain.conf  (tried the proxy_pass to https://$upstream_cloud:4443; and also with https://$upstream_cloud:443 since it wasn't clear if it was the SSL port or the Port that the nextcloud run, both fail).

 


# make sure that your dns has a cname set for nextcloud
# edit your nextcloud container's /config/www/nextcloud/config/config.php file and change the server address info as described
# at the end of the following article: https://blog.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/

server {
    listen 443 ssl;

    server_name cloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_cloud cloud;
        proxy_max_temp_file_size 8092m;
        proxy_pass https://$upstream_cloud:4443;
    }
}

Here is my config file of NextCloud :


<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'ock3zdmauibe',
  'passwordsalt' => 'xxxxxxxxxxxxxxxxxxxxxxxxx/bEaYx',
  'secret' => 'xxxxxxxxxxxxx+64Ze5W7tkOyYNzOgxhiWiLJItx8zWGrZM3',
  'trusted_domains' => 
  array (
    0 => '192.168.2.6:4443',
    1 => 'cloud.mydomain.com',
  ),
  'overwrite.cli.url' => 'https://cloud.mydomain.com',
  'overwritehost' => 'cloud.mydomain.com',
  'overwriteprotocol' => 'https',
  'dbtype' => 'mysql',
  'version' => '11.0.1.2',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.2.6',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'myuser',
  'dbpassword' => 'mypassword',
  'logtimezone' => 'UTC',
  'installed' => true,
  'maintenance' => false,
  'loglevel' => 2,
);

 

 

This was solved through discord, but for reference, the issue stemmed from incorrectly editing the nextcloud proxy conf. In the version posted above, nginx would be trying to connect to a container named "cloud" which does not exist

Link to comment
6 hours ago, Aurao said:

odd, how do i need to set the location in the site-conf?

 

right now i have domainA.com set up with the cert and all of my locations are just sub-directories such as /sonarr

 

how do i need to set this up for domainB.com? For the location do i need to add the full address doimainB.com/sonarr and not just the sub-directory?

 

I really want to switch to subdomains (sonarr.domainB.com) but one step at a time lol

image.png.fb0237a371dddf9c4ee9c9350cbff3d9.png

 

You need to create a new server block for the second domain the same way you create new server blocks for subdomains. Look at the cp subdomain example and replicate it

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.