[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

@Tucubanito07

 

Your port forwarding is now correct, it looks to me as though your nextcloud config is wrong.

 

Right, this is getting out of control.  Lets stop for a moment, and forget about Nextcloud.  Because unless LE is setup properly it isn't going to work.

 

I want you to remove the LetsEncrypt container, then recreate it and post the logs and for the love of God, please paste text and wrap it with code tags rather than post screenshots, reason being, if something then needs changing, we can copy and edit, whereas with screenshots we have to type it out.

 

I suggest you read this as well so you can post a docker run command and logs rather than screenshots.

  • Like 2
Link to comment
I have change the variable to false. I still keep getting this.
 
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
Looking at log it also can't get a cert because I'd not passing the challenge.

Used mxtools dns look up you don't have a record for wwwf595fc138793ad521c6648f02d06be78.jpg

Sent from my SM-N960U using Tapatalk

Link to comment
7 minutes ago, CHBMB said:

@Tucubanito07

 

Your port forwarding is now correct, it looks to me as though your nextcloud config is wrong.

 

Right, this is getting out of control.  Lets stop for a moment, and forget about Nextcloud.  Because unless LE is setup properly it isn't going to work.

 

I want you to remove the LetsEncrypt container, then recreate it and post the logs and for the love of God, please paste text and wrap it with code tags rather than post screenshots, reason being, if something then needs changing, we can copy and edit, whereas with screenshots we have to type it out.

 

I suggest you read this as well so you can post a docker run command and logs rather than screenshots.

@saarg @CHBMB

 

 

ErrorWarningSystemArrayLogin


[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/Los_Angeles
URL=nextcloud-eleanor.ddns.net
SUBDOMAINS=www,
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
[email protected]
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.nextcloud-eleanor.ddns.net
E-mail address entered: [email protected]
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.nextcloud-eleanor.ddns.net
Waiting for verification...
Challenge failed for domain www.nextcloud-eleanor.ddns.net
http-01 challenge for www.nextcloud-eleanor.ddns.net
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: www.nextcloud-eleanor.ddns.net
Type: connection
Detail: dns :: DNS problem: NXDOMAIN looking up A for
www.nextcloud-eleanor.ddns.net

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Link to comment

@ijuarez Yeah, I know, problem is there's errors at every point in the chain and first principles have long been forgotten.  If it doesn't grab a cert, then Nginx doesn't start, and then Nextcloud isn't going to work. 

 

Until he/she gets LetsEncrypt working it's just wasting everyones time with a load of noise about Nextcloud.

 

@Tucubanito07 Here's what happens

1.  You open the relevant ports on your router - you now have that correct

2.  You start the LetsEncrypt container and it tries to grab certs

3.  If certs are grabbed successfully Nginx starts up

4.  Then you can setup Nextcloud and the reverse proxy side of things

5.  Then once that's setup it should all work.

 

Problem is you're failing at step 1 and 2 and keep looking to step 5 to see if it's working.

  • Like 1
Link to comment
2 minutes ago, CHBMB said:

Actually ignore me.

 

It should be:

 


URL=nextcloud-eleanor.ddns.net
SUBDOMAINS=
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false

 

I get this.

 

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/Los_Angeles
URL=nextcloud-eleanor.ddns.net
SUBDOMAINS=www,
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
[email protected]
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.nextcloud-eleanor.ddns.net
E-mail address entered: [email protected]
http validation is selected
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No match found for cert-path /config/etc/letsencrypt/live/nextcloud-eleanor.ddns.net/fullchain.pem!
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nextcloud-eleanor.ddns.net
http-01 challenge for www.nextcloud-eleanor.ddns.net
Waiting for verification...
Challenge failed for domain www.nextcloud-eleanor.ddns.net
http-01 challenge for www.nextcloud-eleanor.ddns.net
Cleaning up challenges
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...
usermod: no changes

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...
usermod: no changes

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/Los_Angeles
URL=nextcloud-eleanor.ddns.net
SUBDOMAINS=www,
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
[email protected]
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.nextcloud-eleanor.ddns.net
E-mail address entered: [email protected]
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.nextcloud-eleanor.ddns.net
Waiting for verification...
Challenge failed for domain www.nextcloud-eleanor.ddns.net
http-01 challenge for www.nextcloud-eleanor.ddns.net
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: www.nextcloud-eleanor.ddns.net
Type: connection
Detail: dns :: DNS problem: NXDOMAIN looking up A for
www.nextcloud-eleanor.ddns.net

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Link to comment

Here is the run commands.

 

 

Stopping container: letsencrypt

Successfully stopped container 'letsencrypt'

 

Removing container: letsencrypt

Successfully removed container 'letsencrypt'

 

Command:root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='proxynet' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'EMAIL'='[email protected]' -e 'URL'='nextcloud-eleanor.ddns.net' -e 'SUBDOMAINS'='www,' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'PUID'='99' -e 'PGID'='100' -p '180:80/tcp' -p '1443:443/tcp' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' 'linuxserver/letsencrypt' 

cb65e171d30113fc7312b3241d0581262f56262d4b9d7d63544f3b78bec704e5

The command finished successfully!

Link to comment

Would help if you actually did what I asked.....

 

From your logs:

 

URL=nextcloud-eleanor.ddns.net
SUBDOMAINS=www,
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false

And shown on your screenshot.  Look, I'm not being funny here, but it would help if you actually read things properly.  STOP POSTING screenshots

Link to comment
1 minute ago, CHBMB said:

Would help if you actually did what I asked.....

 

From your logs:

 


URL=nextcloud-eleanor.ddns.net
SUBDOMAINS=www,
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false

And shown on your screenshot.  Look, I'm not being funny here, but it would help if you actually read things properly.  STOP POSTING screenshots

I am reading what you guys are posting. Where on the screen shot i just posted do you see URL? i dont see it. Also, the Subddomain it generates the www, by itself. I am not doing it.

Link to comment
1 minute ago, CHBMB said:

The issue is that the docker command being run (repeatedly) is wrong and they're trying to grab a cert for www.

 

@Tucubanito07

Maybe pics will work better.  Delete this....

 

2019-05-30_01-44.thumb.png.a42ed3783e3c5e19a8acd8ae928b66ec.png

I have deleted that. It comes back on. 

 

here is the run command.

 

Stopping container: letsencrypt

Successfully stopped container 'letsencrypt'

 

Removing container: letsencrypt

Successfully removed container 'letsencrypt'

 

Command:root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='proxynet' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'EMAIL'='[email protected]' -e 'URL'='nextcloud-eleanor.ddns.net' -e 'SUBDOMAINS'='www,' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'PUID'='99' -e 'PGID'='100' -p '180:80/tcp' -p '1443:443/tcp' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' 'linuxserver/letsencrypt' 

e5081d19dbc0afdbd47d1c43b71d2b216bdebf6a994012df2685ffa8c53a2b28

The command finished successfully!

Link to comment
The issue is that the docker command being run (repeatedly) is wrong and they're trying to grab a cert for www.
 
[mention=78975]Tucubanito07[/mention]
Maybe pics will work better.  Delete this....
 
2019-05-30_01-44.thumb.png.a42ed3783e3c5e19a8acd8ae928b66ec.png
Sorry, again, but yeah makes sense sir. (I just followed SIOs YT guide & changed a few things I needed different/specific; not sure how this has been worked into such a conundrum LOL). Thank your elaboration with me I'll just watch and learn

Sent from my SM-G975U using Tapatalk

Link to comment
1 minute ago, CHBMB said:

@Tucubanito07

 

See the box named REMOVE, click it.  The one next to the Subdomain line

I did that and now i am getting this.

 

 

nginx: [emerg] PEM_read_bio_DHparams("/config/nginx/dhparams.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: DH PARAMETERS)

 

Here is the run command.

 

Stopping container: letsencrypt

Successfully stopped container 'letsencrypt'

 

Removing container: letsencrypt

Successfully removed container 'letsencrypt'

 

Command:root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='proxynet' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'EMAIL'='[email protected]' -e 'URL'='nextcloud-eleanor.ddns.net' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'PUID'='99' -e 'PGID'='100' -p '180:80/tcp' -p '1443:443/tcp' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' 'linuxserver/letsencrypt' 

761c925c49e1f090e6f5d58214d586fb40ff1df29b4c88d8ecbd8fc6b8e668b6

The command finished successfully!

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.