RockDawg Posted August 4, 2018 Share Posted August 4, 2018 On 8/3/2018 at 2:35 AM, CHBMB said: Same as what I do. Generally I try and use .htpasswd but for some services it just doesn't work well, such as those you've mentioned. Sent from my Mi A1 using Tapatalk Thanks for the feedback! Quote Link to comment
sansoo22 Posted August 4, 2018 Share Posted August 4, 2018 I'm in the process of building a landing page that has built in authentication and Google Recaptcha support. I need to port my custom PHP framework to PHP7 and it relies on Composer for package management. My goal is to build something simple yet secure with bcrypt hashing and support for MySQL or MongoDB. If all goes well I will be hosting the code on Github for others to use. Planned features: - Authentication with username/password - MongoDB and MySQL support - Admin CMS for adding links and icons - Landing page that looks similar to the Chrome Apps view - User management - Activation email support (not sure how this will work just yet) Nice to haves: - Google account linking with 2 factor authentication Probably some lofty goals but being a developer by trade I already have most of the code ready to go. Just need help getting Composer set up. I'm not sure which install method would be best suited for a docker environment. Should I install directly to this container or stand up a composer docker and map its volumes to letsencrypt? Any help would be greatly appreciated Quote Link to comment
ijuarez Posted August 4, 2018 Share Posted August 4, 2018 I'm in the process of building a landing page that has built in authentication and Google Recaptcha support. I need to port my custom PHP framework to PHP7 and it relies on Composer for package management. My goal is to build something simple yet secure with bcrypt hashing and support for MySQL or MongoDB. If all goes well I will be hosting the code on Github for others to use. Planned features: - Authentication with username/password - MongoDB and MySQL support - Admin CMS for adding links and icons - Landing page that looks similar to the Chrome Apps view - User management - Activation email support (not sure how this will work just yet) Nice to haves: - Google account linking with 2 factor authentication Probably some lofty goals but being a developer by trade I already have most of the code ready to go. Just need help getting Composer set up. I'm not sure which install method would be best suited for a docker environment. Should I install directly to this container or stand up a composer docker and map its volumes to letsencrypt? Any help would be greatly appreciatedAwesome, I hope lsio team can lend a helping . Sent from my BND-L34 using Tapatalk Quote Link to comment
crazygambit Posted August 4, 2018 Share Posted August 4, 2018 Thanks to @CHBMB and @bonienl for their very clear responses. It clears a lot of stuff up. Now I have yet another question. Yesterday when I clicked on the docker icon in the docker page on the GUI I had the option to look at the logs, but now for some reason it's gone and I can't find the logs in the appdata folder either. Does anyone know how I can get that option back? Quote Link to comment
CHBMB Posted August 4, 2018 Share Posted August 4, 2018 8 minutes ago, crazygambit said: Thanks to @CHBMB and @bonienl for their very clear responses. It clears a lot of stuff up. Now I have yet another question. Yesterday when I clicked on the docker icon in the docker page on the GUI I had the option to look at the logs, but now for some reason it's gone and I can't find the logs in the appdata folder either. Does anyone know how I can get that option back? As far as I know the way to view logs is by clicking the icon on the far right. Quote Link to comment
Arndroid Posted August 4, 2018 Share Posted August 4, 2018 (edited) I see that sendmail is installed in the docker container. Is there a particular way to set it up in a way so that after every reboot/update the settings will stick? (To work for PHP sites and scripts) And I can't actually see the "/etc/mail/sendmail.conf" config file though for example? Otherwise, I would just create a Path variable and map it under "appdata/letsencrypt/sendmail.conf" for example and make it permanent that way. Edit: In the meanwhile, I utilized ssmtp and mailutils and filled in the blanks so to speak. Edited August 4, 2018 by Arndroid Quote Link to comment
crazygambit Posted August 4, 2018 Share Posted August 4, 2018 (edited) 1 hour ago, CHBMB said: As far as I know the way to view logs is by clicking the icon on the far right. That's weird, I'm 100% sure that option was there yesterday. Indeed clicking on the icon on the far right works, I hadn't noticed because I was using advanced view. I finally managed to get Tautulli working well, but I'm having some issues with Ombi. I get to the login page fine, but after I login I'm getting "400 Bad Request The plain HTTP request was sent to HTTPS port". I'm following the template of the readme, but not the custom docker network, so I put in my IP address. Edited August 4, 2018 by crazygambit Quote Link to comment
CHBMB Posted August 4, 2018 Share Posted August 4, 2018 You've put https somewhere where it should be http Quote Link to comment
crazygambit Posted August 4, 2018 Share Posted August 4, 2018 2 hours ago, CHBMB said: You've put https somewhere where it should be http I don't think that's quite it. In fact if I change it from http to https in the Ombi section I immediately get a 502 Bad Getaway error and don't even get to see the login info. I suspect it has to do with Ombi requiring the blocks of code before and after the typical proxy pass stuff. Here's my current try, I'd love to see how you have it setup if you're using Ombi. location /ombi { return 301 $scheme://$host/ombi/; } location /ombi/ { include /config/nginx/proxy.conf; proxy_pass http://192.168.0.11:3579; } if ($http_referer ~* /ombi/) { rewrite ^/dist/(.*) $scheme://$host/ombi/dist/$1 permanent; } Quote Link to comment
CHBMB Posted August 4, 2018 Share Posted August 4, 2018 1 minute ago, crazygambit said: I don't think that's quite it. In fact if I change it from http to https in the Ombi section I immediately get a 502 Bad Getaway error and don't even get to see the login info. I suspect it has to do with Ombi requiring the blocks of code before and after the typical proxy pass stuff. Here's my current try, I'd love to see how you have it setup if you're using Ombi. location /ombi { return 301 $scheme://$host/ombi/; } location /ombi/ { include /config/nginx/proxy.conf; proxy_pass http://192.168.0.11:3579; } if ($http_referer ~* /ombi/) { rewrite ^/dist/(.*) $scheme://$host/ombi/dist/$1 permanent; } Quote Link to comment
crazygambit Posted August 4, 2018 Share Posted August 4, 2018 (edited) 3 minutes ago, CHBMB said: I'll take a look. I just realized that if I manually type "https://" before the url giving the 400 Bad Request error it actually works. Of course it's not ideal though. Edited August 4, 2018 by crazygambit Quote Link to comment
CHBMB Posted August 4, 2018 Share Posted August 4, 2018 Just now, crazygambit said: I'll take a look. I just realize that if I manually type "https://" before the url giving the 400 Bad Request error it actually works. Of course it's not ideal though. Then it's not redirecting. No error. I use this to redirect all my traffic from http to https. server { listen 80; server_name server.com; return 301 https://server.com$request_uri; } Quote Link to comment
crazygambit Posted August 4, 2018 Share Posted August 4, 2018 27 minutes ago, CHBMB said: Then it's not redirecting. No error. I use this to redirect all my traffic from http to https. server { listen 80; server_name server.com; return 301 https://server.com$request_uri; } For some reason it's not making any difference. It still works if I manually redirect, but otherwise, no dice. Quote Link to comment
saarg Posted August 5, 2018 Share Posted August 5, 2018 21 hours ago, sansoo22 said: I'm in the process of building a landing page that has built in authentication and Google Recaptcha support. I need to port my custom PHP framework to PHP7 and it relies on Composer for package management. My goal is to build something simple yet secure with bcrypt hashing and support for MySQL or MongoDB. If all goes well I will be hosting the code on Github for others to use. Planned features: - Authentication with username/password - MongoDB and MySQL support - Admin CMS for adding links and icons - Landing page that looks similar to the Chrome Apps view - User management - Activation email support (not sure how this will work just yet) Nice to haves: - Google account linking with 2 factor authentication Probably some lofty goals but being a developer by trade I already have most of the code ready to go. Just need help getting Composer set up. I'm not sure which install method would be best suited for a docker environment. Should I install directly to this container or stand up a composer docker and map its volumes to letsencrypt? Any help would be greatly appreciated We already developed a landing page which is called Heimdall. You can check it out at https://github.com/linuxserver/Heimdall. Might be you could contribute there? Quote Link to comment
sansoo22 Posted August 5, 2018 Share Posted August 5, 2018 34 minutes ago, saarg said: We already developed a landing page which is called Heimdall. You can check it out at https://github.com/linuxserver/Heimdall. Might be you could contribute there? That's awesome! Working on setting it up now. My main goal for starting this was to add a more secure authentication layer and the ability to invite friends and family. I will pull the repo down and take a look at it. Thanks for sharing this! Quote Link to comment
CHBMB Posted August 5, 2018 Share Posted August 5, 2018 That's awesome! Working on setting it up now. My main goal for starting this was to add a more secure authentication layer and the ability to invite friends and family. I will pull the repo down and take a look at it. Thanks for sharing this!Pop by our Discord channel, https://discord.gg/YWrKVTn@Kode is the author of Heimdall and can be found there, as well as a dedicated channel for Heimdall.Sent from my Mi A1 using Tapatalk Quote Link to comment
SpaceInvaderOne Posted August 6, 2018 Share Posted August 6, 2018 (edited) Finally, finished making my video on setting up a reverse proxy. Hope it helps people who haven't set it up before Edited August 6, 2018 by gridrunner 2 1 Quote Link to comment
Heciruam Posted August 6, 2018 Share Posted August 6, 2018 So followed Gridrunner's video and everything went fine until now. I'm just not sure why I'm getting this loop in the log: " nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 " Can I go ahead with the tutorial or is something wrong? ErrorWarningSystemArrayLogin [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=MYDOMAIN SUBDOMAINS=nextcloud,emby,sonarr,radarr EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=MYEMAIL STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d nextcloud.MYDOMAIN -d emby.MYDOMAIN -d sonarr.MYDOMAIN -d radarr.MYDOMAIN E-mail address entered: MYEMAIL http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for emby.MYDOMAIN http-01 challenge for radarr.MYDOMAIN http-01 challenge for sonarr.MYDOMAIN http-01 challenge for nextcloud.MYDOMAIN Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/nextcloud.MYDOMAIN/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/nextcloud.MYDOMAIN/privkey.pem Your cert will expire on 2018-11-04. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 Server ready nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /config/nginx/site-confs/default.txt:7 Quote Link to comment
JonathanM Posted August 6, 2018 Share Posted August 6, 2018 16 minutes ago, Heciruam said: Can I go ahead with the tutorial or is something wrong? Something is definitely wrong, and you can't proceed until you straighten it out. Was this a fresh pull or have you already played with it before following the tutorial? In a nutshell, the error is telling you that there are multiple places in your config files where a default server is defined, so you need to go through them and remove the duplicate entry. If this was a fresh pull, and you are SURE you followed the directions exactly, you may want to message @gridrunner and let him know where and how it went wrong. 1 Quote Link to comment
Heciruam Posted August 6, 2018 Share Posted August 6, 2018 (edited) Yep it wasn't a fresh pull. I have been trying to set this up before. If I delete the docker and the data in the appdata share, will that be enough for a fresh pull or do I have to delete something else (like something of the bootstick) as well? Edit: Ok a fresh pull helped! Thank you! Edited August 6, 2018 by Heciruam Quote Link to comment
H2O_King89 Posted August 6, 2018 Share Posted August 6, 2018 I’m getting a warning in my log about hash and can’t seem to fix it. I can’t post a config right now but this is a clean install and the only thing changed is proxy.conf files subdomain. Everything seams to work fine but I’m getting this in the log nginx: [warn] could not build optimal types_hash, you should increase either types_hash_max_size: 2048 or types_hash_bucket_size: 64; ignoring types_hash_bucket_sizeI’ve tried changing the types_hash_max_size to 4096 and still get the warn Quote Link to comment
shremi Posted August 7, 2018 Share Posted August 7, 2018 Can someone explain to me how to get unifi controller to work with this??? I just watched eds video and i am able to get almost all of my containers but i am stuck with this one... i am using brettm357/unifi docker. thanks Quote Link to comment
CHBMB Posted August 7, 2018 Share Posted August 7, 2018 54 minutes ago, shremi said: Can someone explain to me how to get unifi controller to work with this??? I just watched eds video and i am able to get almost all of my containers but i am stuck with this one... i am using brettm357/unifi docker. thanks I don't use brett357's container (obviously ) But this works for our container. server { listen 80; server_name unifi.server.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name unifi.server.com; include /config/nginx/ssl.conf; location / { proxy_pass https://192.168.0.1:8443/; include /config/nginx/proxy.conf; #proxy_http_version 1.1; #proxy_buffering off; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection "Upgrade"; #proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; satisfy any; allow 192.168.0.0/24; deny all; } } Quote Link to comment
shremi Posted August 7, 2018 Share Posted August 7, 2018 4 minutes ago, CHBMB said: I don't use brett357's container (obviously ) But this works for our container. server { listen 80; server_name unifi.server.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name unifi.server.com; include /config/nginx/ssl.conf; location / { proxy_pass https://192.168.0.1:8443/; include /config/nginx/proxy.conf; #proxy_http_version 1.1; #proxy_buffering off; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection "Upgrade"; #proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; satisfy any; allow 192.168.0.0/24; deny all; } } Thank you for the reply ..... i installed the wrong unifi container and now i think i am stuck with it ..... sucks but thanks for trying to help i tried that already changing with those parameters and no dice ...... just to verify i need to rename the server_name also right??? the proxy_pass to match my subnet? Quote Link to comment
CHBMB Posted August 7, 2018 Share Posted August 7, 2018 Just now, shremi said: just to verify i need to rename the server_name also right??? the proxy_pass to match my subnet? IP addresses and server name do need to be changed satisfy any; allow 192.168.0.0/24; deny all; This bit just means it can only be accessed by clients on the 192.168.0.0 subnet. (My LAN) Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.