aptalca Posted January 19, 2019 Share Posted January 19, 2019 1 hour ago, Gobs said: The plex.subdomain.conf: # make sure that your dns has a cname set for plex, if plex is running in bridge mode, the below config should work as is, for host mode, # replace the line "proxy_pass https://$upstream_plex:32400;" with "proxy_pass https://HOSTIP:32400;" HOSTIP being the IP address of plex # in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443") server { listen 443 ssl; server_name plex.*; include /config/nginx/ssl.conf; client_max_body_size 0; proxy_redirect off; proxy_buffering off; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_plex plex; proxy_pass https://$upstream_plex:32400; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; proxy_set_header X-Plex-Device $http_x_plex_device; proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; proxy_set_header X-Plex-Platform $http_x_plex_platform; proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; proxy_set_header X-Plex-Product $http_x_plex_product; proxy_set_header X-Plex-Token $http_x_plex_token; proxy_set_header X-Plex-Version $http_x_plex_version; proxy_set_header X-Plex-Nocache $http_x_plex_nocache; proxy_set_header X-Plex-Provides $http_x_plex_provides; proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; proxy_set_header X-Plex-Model $http_x_plex_model; } } Nginx is listening to port 180 and 1443, since ports 80 and 443 are forwarded on my router to 180 and 1443. Both nginx and plex are running on a custom network in bridge mode. Is your Plex container name "plex"? Quote Link to comment
Gobs Posted January 20, 2019 Share Posted January 20, 2019 16 hours ago, aptalca said: Is your Plex container name "plex"? It is. Nginx log is shown below as well. In the Nginx log I saw this: [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready Signal handled: Terminated. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. But again, nextcloud works while plex doesn't which is weird. Quote Link to comment
aptalca Posted January 20, 2019 Share Posted January 20, 2019 13 minutes ago, Gobs said: It is. Nginx log is shown below as well. In the Nginx log I saw this: [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Server ready Signal handled: Terminated. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. But again, nextcloud works while plex doesn't which is weird. Is Plex all set up and running? Also that's not the nginx log. That's part of a docker log of a container Quote Link to comment
Gobs Posted January 20, 2019 Share Posted January 20, 2019 3 hours ago, aptalca said: Is Plex all set up and running? Also that's not the nginx log. That's part of a docker log of a container Yes, as in if I go to http://SERVER_IP:32400/web/index.html# I am greeted with a sign in page. I sign in and then Plex looks for servers but to no avail. Quote Link to comment
aptalca Posted January 20, 2019 Share Posted January 20, 2019 28 minutes ago, Gobs said: Yes, as in if I go to http://SERVER_IP:32400/web/index.html# I am greeted with a sign in page. I sign in and then Plex looks for servers but to no avail. Well there is your issue. Plex was never set up. You didn't claim your server. Until then it will block reverse proxy connections. Quote Link to comment
Tebasaki Posted January 21, 2019 Share Posted January 21, 2019 An issue I've had for the past 2 weeks. I've been able to open port 80 (TCP) on my router. (Confirmed on http://canyouseeme.org/. I've followed SpaceIndaver's instructions, and created the docker, however I'm getting a 404 error: Failed authorization procedure. myserver.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://myserver.duckdns.org/.well-known/acme-challenge/BPoI7fI9FIgfwZoIV_JSMFBjr1a8u1K5ATulxHV3gXQ: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>" This seems like it's accessing a website, but returning a 404? Quote Link to comment
Gobs Posted January 21, 2019 Share Posted January 21, 2019 (edited) 23 hours ago, aptalca said: Well there is your issue. Plex was never set up. You didn't claim your server. Until then it will block reverse proxy connections. Except I can't set it up since if I go to http://SERVER_IP:32400/web/index.html# and sign in Plex cannot find any servers. EDIT: I think this is an issue with Plex. The account that originally claimed the server was deleted, but it would appear that it's still in the Plex database somehow since I cannot create an account with the same email address. I assume then that Plex still considers the server to be claimed by that account, and so won't let any other account claim it. Edited January 21, 2019 by Gobs Quote Link to comment
aptalca Posted January 21, 2019 Share Posted January 21, 2019 16 hours ago, Tebasaki said: An issue I've had for the past 2 weeks. I've been able to open port 80 (TCP) on my router. (Confirmed on http://canyouseeme.org/. I've followed SpaceIndaver's instructions, and created the docker, however I'm getting a 404 error: Failed authorization procedure. myserver.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://myserver.duckdns.org/.well-known/acme-challenge/BPoI7fI9FIgfwZoIV_JSMFBjr1a8u1K5ATulxHV3gXQ: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>" This seems like it's accessing a website, but returning a 404? I believe your port 80 is forwarded to your unraid gui at the moment Quote Link to comment
itsdandandan Posted January 22, 2019 Share Posted January 22, 2019 Has anyone successfully reverse proxied Phlex with Ngninx? Have tried a few configs but can't get it to work. Quote Link to comment
Tebasaki Posted January 23, 2019 Share Posted January 23, 2019 On 1/21/2019 at 3:33 PM, aptalca said: I believe your port 80 is forwarded to your unraid gui at the moment It's forwarded to my unraid server port 80, yes. Quote Link to comment
JonathanM Posted January 23, 2019 Share Posted January 23, 2019 7 hours ago, Tebasaki said: It's forwarded to my unraid server port 80, yes. Don't do that. The unraid GUI is not meant to be exposed to the internet in general, only the local LAN. Quote Link to comment
aptalca Posted January 23, 2019 Share Posted January 23, 2019 (edited) 7 hours ago, Tebasaki said: It's forwarded to my unraid server port 80, yes. You do see the issue, right? Unraid gui runs on port 80? You gotta use a different port for letsencrypt Edited January 23, 2019 by aptalca Quote Link to comment
JohnSracic Posted January 23, 2019 Share Posted January 23, 2019 I am trying to get letsencrypt to work with sonarr and having issues. I have my own domain [domain name].me. I am running duckdns to update the ip address. When I start letsencrypt, I am receiving the below error in the log. My domain is registered with 1and1 and updated the cname to point to the duckdns one that was created. Created the subdomain of sonarr.[domain name].me off my domain with 1and1. On my router, I have port forwarded 443 to 1443 and 80 to 180, which match the settings in the docker container. Any ideas on what is going on? Please note I am pretty new to UnRaid and dockers and have been struggling with this part of the setup. After removing and reinstalling the dockers, I am still having the same issues. Error that I am receiving... Failed authorization procedure. sonarr.[domain name].me (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sonarr.[donaim name].me/.well-known/acme-challenge/mkUMG7gEgQDiPpXRxeaGRx-u--T16bUbDGzCOdxwh94 [2607:f1c0:100f:f000::2fa]: 204 - The following errors were reported by the server: Domain: sonarr.[domain name].me Type: unauthorized Detail: Invalid response from http://sonarr.[donaim name].me/.well-known/acme-challenge/mkUMG7gEgQDiPpXRxeaGRx-u--T16bUbDGzCOdxwh94 [2607:f1c0:100f:f000::2fa]: 204 To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
aptalca Posted January 23, 2019 Share Posted January 23, 2019 1 hour ago, JohnSracic said: I am trying to get letsencrypt to work with sonarr and having issues. I have my own domain [domain name].me. I am running duckdns to update the ip address. When I start letsencrypt, I am receiving the below error in the log. My domain is registered with 1and1 and updated the cname to point to the duckdns one that was created. Created the subdomain of sonarr.[domain name].me off my domain with 1and1. On my router, I have port forwarded 443 to 1443 and 80 to 180, which match the settings in the docker container. Any ideas on what is going on? Please note I am pretty new to UnRaid and dockers and have been struggling with this part of the setup. After removing and reinstalling the dockers, I am still having the same issues. Error that I am receiving... Failed authorization procedure. sonarr.[domain name].me (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sonarr.[donaim name].me/.well-known/acme-challenge/mkUMG7gEgQDiPpXRxeaGRx-u--T16bUbDGzCOdxwh94 [2607:f1c0:100f:f000::2fa]: 204 - The following errors were reported by the server: Domain: sonarr.[domain name].me Type: unauthorized Detail: Invalid response from http://sonarr.[donaim name].me/.well-known/acme-challenge/mkUMG7gEgQDiPpXRxeaGRx-u--T16bUbDGzCOdxwh94 [2607:f1c0:100f:f000::2fa]: 204 To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Either your ip or your port forwarding is incorrect. Letsencrypt servers get a response, but it's not from the letsencrypt container. Quote Link to comment
bioneye Posted January 24, 2019 Share Posted January 24, 2019 Hello fellow unRAID users, first I'd like to thank the Linuxserver-Team for the great work with this and all the other containers. I have one small question: - Will there be added TLS 1.3 support in the future? If yes, do you have an ETA? Reason behind my question: I would like to use TLS 1.3 for my services running on unRAID. I'd like to avoid creating my own letsencrypt container as I really like the easy-to-use letsencrypt container provided by the Linuxserver-Team. Thank you very much in advance and kind regards, bioneye Quote Link to comment
JohnSracic Posted January 25, 2019 Share Posted January 25, 2019 (edited) On 1/23/2019 at 11:52 AM, aptalca said: Either your ip or your port forwarding is incorrect. Letsencrypt servers get a response, but it's not from the letsencrypt container. @aptalca, first I want to say thank you for your help. As you mentioned, there was an issue with the DDNS not updating the subdomain. Finally got that figured out. Now I have an issue with sonarr and radarr. When I navigate to the https://sonarr.[domainname].me, I get the login page for sonarr and radarr both, but after logging in it just spins (the 4 little dots across the screen). If I click the WebUI from either of these dockers, it works as it should. Any idea what would cause this? Figured it out... since I was using the binhex version of sonarr and radarr, I changed the one line in the configs but overlooked the line for the api. All working now. Edited January 25, 2019 by JohnSracic Quote Link to comment
aptalca Posted January 25, 2019 Share Posted January 25, 2019 5 hours ago, bioneye said: Hello fellow unRAID users, first I'd like to thank the Linuxserver-Team for the great work with this and all the other containers. I have one small question: - Will there be added TLS 1.3 support in the future? If yes, do you have an ETA? Reason behind my question: I would like to use TLS 1.3 for my services running on unRAID. I'd like to avoid creating my own letsencrypt container as I really like the easy-to-use letsencrypt container provided by the Linuxserver-Team. Thank you very much in advance and kind regards, bioneye It needs a newer version of nginx that is not yet released for alpine stable. When it is released, or image will use it. Quote Link to comment
tillkrueger Posted January 26, 2019 Share Posted January 26, 2019 It's forwarded to my unraid server port 80, yes. Might u have a way of setting up a VPN on your server, to separate the public and internal parts of your unRAID system, Tabasaki? I have my unRAID webUI running at port 8008 of my VPN, so I can access it at (in my case) 10.0.195.2:8008 *only* after connecting with OpenVPN, and as far as public access goes, *only* port 80 is exposed for my static IP address which points to letsencrypt’s Nginx server. That way you could safely SFTP, SSH, and do everything you need to do “under the hood”, with minimal public exposure of your unRAID server. Quote Link to comment
TheDragon Posted January 26, 2019 Share Posted January 26, 2019 (edited) Hi there im trying to get a wildcard cert using Cloudflare but it keeps giving this error - I’ve checked the API key, even regenerated a new one but it just keeps giving the same error every time. is there anything you can suggest trying? 👍 Variables set: PUID=99 PGID=100 TZ=Europe/London URL=jaxnet.uk SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=4096 VALIDATION=dns DNSPLUGIN=cloudflare [email protected] STAGING= 4096 bit DH parameters present SUBDOMAINS entered, processing Wildcard cert for only the subdomains of domain.net will be requested E-mail address entered: [email protected] dns validation via cloudflare plugin is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-cloudflare, Installer None Obtaining a new certificate Performing the following challenges: dns-01 challenge for domain.net Cleaning up challenges Error determining zone_id: 0 connection failed.. Please confirm that you have supplied valid Cloudflare API credentials. Edited January 27, 2019 by jack0w Quote Link to comment
aptalca Posted January 26, 2019 Share Posted January 26, 2019 1 hour ago, jack0w said: Hi there im trying to get a wildcard cert using Cloudflare but it keeps giving this error - I’ve checked the API key, even regenerated a new one but it just keeps giving the same error every time. is there anything you can suggest trying? 👍 Variables set: PUID=99 PGID=100 TZ=Europe/London URL=jaxnet.uk SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=true DHLEVEL=4096 VALIDATION=dns DNSPLUGIN=cloudflare [email protected] STAGING= 4096 bit DH parameters present SUBDOMAINS entered, processing Wildcard cert for only the subdomains of jaxnet.uk will be requested E-mail address entered: [email protected] dns validation via cloudflare plugin is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-cloudflare, Installer None Obtaining a new certificate Performing the following challenges: dns-01 challenge for jaxnet.uk Cleaning up challenges Error determining zone_id: 0 connection failed.. Please confirm that you have supplied valid Cloudflare API credentials. Make sure you're using the global api key and not the other one. It's a bit confusing to get to global the api key on the cloudflare interface. Also make sure that you're copying and pasting correctly and not missing or introducing characters 1 Quote Link to comment
truetype Posted January 28, 2019 Share Posted January 28, 2019 When I try to connect to my site via subdomain.domain.com it says that the certificate has expired since 26th january. When I restart letsencrypt it does not automatically renew. Can I run a command to force it to renew? Quote Link to comment
aptalca Posted January 28, 2019 Share Posted January 28, 2019 4 hours ago, truetype said: When I try to connect to my site via subdomain.domain.com it says that the certificate has expired since 26th january. When I restart letsencrypt it does not automatically renew. Can I run a command to force it to renew? Check the logs under letsencrypt folder to see why the renewals failed the last 30 nights Quote Link to comment
truetype Posted January 28, 2019 Share Posted January 28, 2019 (edited) 4 hours ago, aptalca said: Check the logs under letsencrypt folder to see why the renewals failed the last 30 nights Thanks for reply. Seems to be a failure with fullchain.pem, and also firewall problem but I haven't changed any firewall settings during the last 6 months... See log here please https://pastebin.com/UnEP0a4B EDIT: Maybe it has todo with cname configuration at my domain provider? I set my domain as cname to duckdns, that's the only change I made in the past 2 months. Edited January 28, 2019 by truetype Quote Link to comment
ramblinreck47 Posted January 28, 2019 Share Posted January 28, 2019 I’m getting ready to setup a reverse proxy for my Tautulli and Ombi containers but I wanted to see where I should buy my domain first. I know it’s possible to just use DuckDNS as a solution but I wanted a cheap domain that my parents would remember. I was thinking under $5 for the year. I’m going to follow spaceinvader one’s guide on YouTube so if anyone has any advice, I’d greatly appreciate that as well. Quote Link to comment
CHBMB Posted January 28, 2019 Share Posted January 28, 2019 1 hour ago, ramblinreck47 said: I’m getting ready to setup a reverse proxy for my Tautulli and Ombi containers but I wanted to see where I should buy my domain first. I know it’s possible to just use DuckDNS as a solution but I wanted a cheap domain that my parents would remember. I was thinking under $5 for the year. I’m going to follow spaceinvader one’s guide on YouTube so if anyone has any advice, I’d greatly appreciate that as well. Namecheap is my default go to provider. Using Cloudflare as DNS Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.