[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

24 minutes ago, Lee B said:

hi all, i'm looking for abit of help regarding the root /config/www folder, i'm wanting to find out if i can can this to use a share folder? and how i would map this?

You can set it to anything you like. But that folder has to be mapped in container settings and in nginx you will use the container side of the mount.

 

So if you map /mnt/user/webfiles as /webfiles in container settings, set the root to /webfiles so it will use that share

Link to comment
1 hour ago, aptalca said:

You can set it to anything you like. But that folder has to be mapped in container settings and in nginx you will use the container side of the mount.

 

So if you map /mnt/user/webfiles as /webfiles in container settings, set the root to /webfiles so it will use that share

cheers worked a treat :)

Link to comment
On 5/11/2019 at 6:20 PM, CHBMB said:

Docker run command

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='bridge' --privileged=true -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'EMAIL'='[email protected]' -e 'URL'='xxxxxx.xxx' -e 'SUBDOMAINS'='nextcloud,deluge' -e 'ONLY_SUBDOMAINS'='true' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'PUID'='99' -e 'PGID'='100' -p '180:80/tcp' -p '1443:443/tcp' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' -v '/mnt/user/appdata/letsencrypt/logs':'/var/log/letsencrypt':'rw' 'linuxserver/letsencrypt'

Link to comment
root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='bridge' --privileged=true -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'EMAIL'='[email protected]' -e 'URL'='xxxxxx.xxx' -e 'SUBDOMAINS'='nextcloud,deluge' -e 'ONLY_SUBDOMAINS'='true' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'PUID'='99' -e 'PGID'='100' -p '180:80/tcp' -p '1443:443/tcp' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' -v '/mnt/user/appdata/letsencrypt/logs':'/var/log/letsencrypt':'rw' 'linuxserver/letsencrypt'
Have you got your domain provider configured appropriately with a names and cnames etc and forwarding ports 80 to 180 and 443 to 1443 on your router.

Some screenshots might be helpful.

Sent from my Mi A1 using Tapatalk

Link to comment
I'm getting "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container" am i missing something?
 
Capture.thumb.PNG.6581c1b47ea3873720f9960c269281df.PNG
You need to forward 443 to 1443 and 80 to 180

Sent from my Mi A1 using Tapatalk

Link to comment

Here's the flow

Router (443) - External Docker Port (1443) - Internal Docker Port (443)

Router (80) - External Docker Port (180) - Internal Docker Port (80)

Hence why you forward 443 on router to 1443 and port 80 on the router to 180

Sent from my Mi A1 using Tapatalk

Link to comment
5 hours ago, CHBMB said:

Have you got your domain provider configured appropriately with a names and cnames etc and forwarding ports 80 to 180 and 443 to 1443 on your router.

Some screenshots might be helpful.

here's my routing. I have directed the a-records directly to my ip for now (my ip adress hasn't changed over a year), which I will set up further when I have this working.

routing.zip

Link to comment
1 hour ago, Abigel said:

Is it possible to protect the complete access to selected subdomains with a password ?
e.g. at the domain test.de 
that on nextcloud.test.de you can only access the login interface of Nextcloud with a password ?

Yes, edit the proxy confs to uncomment the relevant lines. Instructions in there.

 

If you're going to use http auth, first generate the .htpasswd as described in the readme

Edited by aptalca
Link to comment
21 hours ago, CHBMB said:

Struggling to get my head around why you have two routers and I can't visualise your setup at all. 

NP, I added an extra image to show how the routing is done. The reason for 2 routers is that router 1 used to be a simple cable modem. It broke when I was not at home and a technician replaced it with a fancy all in one modem / router. When I got back, I left it like that (due to the fact that the two are two floors apart) and just routed the ports on router 1 to just pass them on 1 on 1.

routing.zip

Link to comment
1 hour ago, ErikH said:

NP, I added an extra image to show how the routing is done. The reason for 2 routers is that router 1 used to be a simple cable modem. It broke when I was not at home and a technician replaced it with a fancy all in one modem / router. When I got back, I left it like that (due to the fact that the two are two floors apart) and just routed the ports on router 1 to just pass them on 1 on 1.

routing.zip 566.76 kB · 1 download

I suspect, although, I'm not 100% sure as I'm not a networking guy that the dual router setup is causing some issues, essentially you have a double NAT

 

http://www.practicallynetworked.com/networking/fixing_double_nat.htm

Link to comment
5 hours ago, ijuarez said:

Ding ding ding ding double natting.


Can you ask your ISP to set the all in one to bridge mode?

Sent from my SM-N960U using Tapatalk

Well it's a good excuse to clean up the network and take the 2nd router out of the loop. Been meaning to do that for some time, and this is a good reason. Port forwarding worked till now so I didn't expect that to be the problem. Anyway, I'll be back ;) 

Link to comment

Arrghh.. im trying to get subdomain working for Sonarr but i have troubles with setting it upo with Organizr authentication.

The authentication part works, but the UI wont load

api/config/ui gives a 404, same with api/config/status

Everything else loads just fine.

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name sonarr.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {

        auth_request /auth-0;
        error_page 401 =200 https://organizr.domain.tld/;

        location ~ (/sonarr)?/api {
            auth_request off;
            include /config/nginx/proxy.conf;
            resolver 127.0.0.11 valid=30s;
            set $upstream_sonarr sonarr;
            proxy_pass http://$upstream_sonarr:8989/api;
       }

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_sonarr sonarr;
        proxy_pass http://$upstream_sonarr:8989;
    }

    location ~ ^/auth-(.*) {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_organizrv2 organizrv2;
        proxy_pass http://$upstream_organizrv2/api/?v1/auth&group=$1;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
    }

The login to the domain.tld login page of Organizrv2 works fine.

Auth works fine but i just can't seem to load the:
https://sonarr.domain.tld/api/config/ui
https://sonarr.domain.tld/api/system/status

Any ideas?

Sonarr doesnt have a url base configured...

-edit-

With the default sonarr.subdomain.conf.sample without organizr auth, it works fine..

Edited by Tuumke
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.