CHBMB Posted May 30, 2019 Share Posted May 30, 2019 TL:DR I remoted in, fixed it. 1 Quote Link to comment
blaine07 Posted May 30, 2019 Share Posted May 30, 2019 TL:DR I remoted in, fixed it. You the real MVP. Wasnt my ordeal but that's some first class service; thanks!Sent from my SM-G975U using Tapatalk Quote Link to comment
Tucubanito07 Posted May 30, 2019 Share Posted May 30, 2019 13 minutes ago, CHBMB said: TL:DR I remoted in, fixed it. Yes i agree with @blaine07 he is the MVP. Thanks again for all your help @CHBMB and to everyone else that helped. Thank you soo much. Now i have to fix my LAN so i can use it inside the LAN at home. Quote Link to comment
ijuarez Posted May 30, 2019 Share Posted May 30, 2019 Yes i agree with [mention=88940]blaine07[/mention] he is the MVP. Thanks again for all your help [mention=6219]CHBMB[/mention] and to everyone else that helped. Thank you soo much. Now i have to fix my LAN so i can use it inside the LAN at home.Buy him a beer or twoSent from my SM-N960U using Tapatalk Quote Link to comment
Tucubanito07 Posted May 30, 2019 Share Posted May 30, 2019 1 minute ago, ijuarez said: Buy him a beer or two Sent from my SM-N960U using Tapatalk If he lived in Florida I would get him two packs of beer. 1 Quote Link to comment
gacpac Posted May 30, 2019 Share Posted May 30, 2019 Buy him a beer or twoSent from my SM-N960U using TapatalkWow. Everything escalated quickly. So many notifications here. I'm glad@CHBMB fixed it. This forum gets more interesting everydaySent from my Pixel 2 XL using Tapatalk Quote Link to comment
Lynxphp Posted May 30, 2019 Share Posted May 30, 2019 I already posted a few days ago regarding setting up letsencrypt for nextcloud and got from no access at all to remote access only, which i am very happy about. Remote access works perfectly with duckdns but i still can't get local access and that is what i am trying to fix. I will try to summarize the relevant information here. I run a pfsense router which is in the DMZ behind my ISP router. Both have NAT enabled. I have port forwarding rules setup and as remote access works, i tend to think that they are not the problem. I have a host override setup in pfsense: Here are the results of nslookup and tracert from a computer within the same network (behind pfsense) as the unraid server on which letsencrypt and nextcloud are running: My interpretation is that the dns override works as it is correctly resolved with the external (internet) ip. Is that correct? Or should a local dns lookup response be the local ip adress? The fact that the dns seems to work leads me to believe that the problem lies with my configuration of letsencrypt (possibly nextcloud?). Here is the result of a tracert showing the connection timing out: My current configuration of LE and nextcloud: appdata/letsencrypt/nginx/site-confs/nextcloud server { listen 443 ssl; listen [::]:443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:443; } } appdata/nextcloud/www/nextcloud/config/config.php <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'XXX', 'passwordsalt' => 'XXX', 'secret' => 'XXX', 'trusted_domains' => array ( 0 => '19.16.17.101:444', 1 => 'nextcloud.XXX.duckdns.org', ), 'dbtype' => 'mysql', 'version' => '16.0.1.1', 'overwrite.cli.url' => 'https://nextcloud.XXX.duckdns.org', 'overwritehost' => 'nextcloud.XXX.duckdns.org', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => '19.16.17.101:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'XXX', 'dbpassword' => 'XXX', 'installed' => true, ); I am quite a networking newbie. I have tried to read and inform myself as much as i could, but i can't seem to figure this out. Any help would be greatly appreciated. Quote Link to comment
ijuarez Posted May 30, 2019 Share Posted May 30, 2019 1 hour ago, Lynxphp said: I already posted a few days ago regarding setting up letsencrypt for nextcloud and got from no access at all to remote access only, which i am very happy about. Remote access works perfectly with duckdns but i still can't get local access and that is what i am trying to fix. I will try to summarize the relevant information here. I run a pfsense router which is in the DMZ behind my ISP router. Both have NAT enabled. I have port forwarding rules setup and as remote access works, i tend to think that they are not the problem. I have a host override setup in pfsense: Here are the results of nslookup and tracert from a computer within the same network (behind pfsense) as the unraid server on which letsencrypt and nextcloud are running: My interpretation is that the dns override works as it is correctly resolved with the external (internet) ip. Is that correct? Or should a local dns lookup response be the local ip adress? The fact that the dns seems to work leads me to believe that the problem lies with my configuration of letsencrypt (possibly nextcloud?). Here is the result of a tracert showing the connection timing out: My current configuration of LE and nextcloud: appdata/letsencrypt/nginx/site-confs/nextcloud server { listen 443 ssl; listen [::]:443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:443; } } appdata/nextcloud/www/nextcloud/config/config.php <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'XXX', 'passwordsalt' => 'XXX', 'secret' => 'XXX', 'trusted_domains' => array ( 0 => '19.16.17.101:444', 1 => 'nextcloud.XXX.duckdns.org', ), 'dbtype' => 'mysql', 'version' => '16.0.1.1', 'overwrite.cli.url' => 'https://nextcloud.XXX.duckdns.org', 'overwritehost' => 'nextcloud.XXX.duckdns.org', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => '19.16.17.101:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'XXX', 'dbpassword' => 'XXX', 'installed' => true, ); I am quite a networking newbie. I have tried to read and inform myself as much as i could, but i can't seem to figure this out. Any help would be greatly appreciated. From your graphic it looks like you're double natting? Quote Link to comment
saarg Posted May 30, 2019 Share Posted May 30, 2019 2 hours ago, Lynxphp said: I already posted a few days ago regarding setting up letsencrypt for nextcloud and got from no access at all to remote access only, which i am very happy about. Remote access works perfectly with duckdns but i still can't get local access and that is what i am trying to fix. I will try to summarize the relevant information here. I run a pfsense router which is in the DMZ behind my ISP router. Both have NAT enabled. I have port forwarding rules setup and as remote access works, i tend to think that they are not the problem. I have a host override setup in pfsense: Here are the results of nslookup and tracert from a computer within the same network (behind pfsense) as the unraid server on which letsencrypt and nextcloud are running: My interpretation is that the dns override works as it is correctly resolved with the external (internet) ip. Is that correct? Or should a local dns lookup response be the local ip adress? The fact that the dns seems to work leads me to believe that the problem lies with my configuration of letsencrypt (possibly nextcloud?). Here is the result of a tracert showing the connection timing out: My current configuration of LE and nextcloud: appdata/letsencrypt/nginx/site-confs/nextcloud server { listen 443 ssl; listen [::]:443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:443; } } appdata/nextcloud/www/nextcloud/config/config.php <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'XXX', 'passwordsalt' => 'XXX', 'secret' => 'XXX', 'trusted_domains' => array ( 0 => '19.16.17.101:444', 1 => 'nextcloud.XXX.duckdns.org', ), 'dbtype' => 'mysql', 'version' => '16.0.1.1', 'overwrite.cli.url' => 'https://nextcloud.XXX.duckdns.org', 'overwritehost' => 'nextcloud.XXX.duckdns.org', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => '19.16.17.101:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'XXX', 'dbpassword' => 'XXX', 'installed' => true, ); Did you also enable the dns resolver? Quote Link to comment
gacpac Posted May 31, 2019 Share Posted May 31, 2019 (edited) @Lynxphp I noticed and please tell me if I'm wrong you are an IP address not reserved by IANA. Meaning you are using a public IP range for a private addressing.@CHBMB can you help here? Sent from my Pixel 2 XL using Tapatalk Edited May 31, 2019 by gacpac Quote Link to comment
gacpac Posted May 31, 2019 Share Posted May 31, 2019 @Lynxphp you also created an alias for your nextcloud. Let's do this. Why don't you focus on getting your certificates working first, and then you play with adding aliases.Since you have no control over duckdns I'm not sure you can do nextcloud.xxx.duckdns.orgHave you checked space invader guide for nextcloud as well? Also check this forum, that has been talked before in here. Sent from my Pixel 2 XL using Tapatalk Quote Link to comment
CHBMB Posted May 31, 2019 Share Posted May 31, 2019 27 minutes ago, gacpac said: @Lynxphp I noticed and please tell me if I'm wrong you are an IP address not reserved by IANA. Meaning you are using a public IP range for a private addressing.@CHBMB can you help here? Sent from my Pixel 2 XL using Tapatalk 9 minutes ago, gacpac said: @Lynxphp you also created an alias for your nextcloud. Let's do this. Why don't you focus on getting your certificates working first, and then you play with adding aliases.Since you have no control over duckdns I'm not sure you can do nextcloud.xxx.duckdns.org Have you checked space invader guide for nextcloud as well? Also check this forum, that has been talked before in here. Sent from my Pixel 2 XL using Tapatalk @gacpac Please don't ping me, this isn't my job, I help out when I can, I'm currently in bed. Also, @gacpac whilst your enthusiasm is admirable, I'm not certain you understand this stuff as well as you think you do, and no disrespect, you're sometimes confusing the issue even more. The issue looks to me to be that of NAT reflection/Hairpin NAT. @Lynxphp Try adding this in pfsense in the custom options of DNS resolver. server: local-zone: "xxx.duckdns.org" redirect local-data: "xxx.duckdns.org 3600 IN A 19.16.17.101" Quote Link to comment
CHBMB Posted May 31, 2019 Share Posted May 31, 2019 5 hours ago, Lynxphp said: Remote access works perfectly with duckdns but i still can't get local access and that is what i am trying to fix. @gacpac That information ^ tells you he already has certs. And as we've told @Lynxphp previously, the issue is probably hairpin NAT Quote Link to comment
CHBMB Posted May 31, 2019 Share Posted May 31, 2019 @gacpac The other learning point is he has control over xxx.duckdns.org so he can have as many (sub)subdomains of that as he wants, that's what Nginx will handle. Quote Link to comment
gacpac Posted May 31, 2019 Share Posted May 31, 2019 @CHBMB I know it's not your job, but I figured you probably had a better answer. I do like to help, but that's why I said correct me if I'm wrong. Also sorry If I pinged you, to jump in on this, but you don't have to reply if you are busy.Everything is cool, I really thank you for all the help you do. Sent from my Pixel 2 XL using Tapatalk Quote Link to comment
JonathanM Posted May 31, 2019 Share Posted May 31, 2019 5 hours ago, Lynxphp said: I am quite a networking newbie. Regardless of whether it works for you or not, it's not good to use somebody else's IP addresses in your private network. It can make for some confusing troubleshooting, The 19.16.17.X block of addresses is owned by Ford Motor Company in the USA. I'd advise using blocks of addresses that are reserved for private use, the 192.168.X.X, 10.X.X.X, etc. Quote Link to comment
ijuarez Posted May 31, 2019 Share Posted May 31, 2019 Regardless of whether it works for you or not, it's not good to use somebody else's IP addresses in your private network. It can make for some confusing troubleshooting, The 19.16.17.X block of addresses is owned by Ford Motor Company in the USA. I'd advise using blocks of addresses that are reserved for private use, the 192.168.X.X, 10.X.X.X, etc.I thought that IP looked funny ...Sent from my SM-N960U using Tapatalk Quote Link to comment
bamy Posted May 31, 2019 Share Posted May 31, 2019 Could somebody create a NGINX template for Linuxserver.io - ZNC? I've tried but ended up with 502 Bad Gateway server { listen 443 ssl; listen [::]:443 ssl; server_name znc.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_znc znc; proxy_pass http://$upstream_znc:6501/; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } I added proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; per https://wiki.znc.in/Reverse_Proxy , without it I still get 502. Thanks! Quote Link to comment
CHBMB Posted May 31, 2019 Share Posted May 31, 2019 Could somebody create a NGINX template for Linuxserver.io - ZNC? I've tried but ended up with 502 Bad Gateway server { listen 443 ssl; listen [::]:443 ssl; server_name znc.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_znc znc; proxy_pass http://$upstream_znc:6501/;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }} I added proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; per https://wiki.znc.in/Reverse_Proxy , without it I still get 502. Thanks!Then it's working?Submit a template to the repository then.It's fine to have extra parameters in there.Sent from my Mi A1 using Tapatalk Quote Link to comment
bamy Posted May 31, 2019 Share Posted May 31, 2019 1 hour ago, CHBMB said: Then it's working? No unfortunately it's not working still, even with that extra parameter described in the znc wiki. I still get 502 bad gateway Quote Link to comment
CHBMB Posted May 31, 2019 Share Posted May 31, 2019 No unfortunately it's not working still, even with that extra parameter described in the znc wiki. I still get 502 bad gateway I don't use ZNC, might be an idea if you can get it working conventionally using the examples their and post a working example then we might be able to look at translating that to over docker networking.Unless someone else has a working example?Figuring out these things can be a time consuming problem so I'm not going to personally pick it up and run with it.Sent from my Mi A1 using Tapatalk Quote Link to comment
CHBMB Posted May 31, 2019 Share Posted May 31, 2019 Also is ZNC over https or http?Sent from my Mi A1 using Tapatalk Quote Link to comment
aptalca Posted May 31, 2019 Share Posted May 31, 2019 3 hours ago, bamtan said: No unfortunately it's not working still, even with that extra parameter described in the znc wiki. I still get 502 bad gateway You don't need to add that line to the bottom, it's already in proxy.conf Is znc on the same user defined bridge network as letsencrypt? Is the container named "znc"? Is it running? Can you reach it via http://unraidip:6501 ? Quote Link to comment
bamy Posted May 31, 2019 Share Posted May 31, 2019 (edited) 3 hours ago, CHBMB said: Also is ZNC over https or http? Over https I changed proxy_pass http://$upstream_znc:6501/; to proxy_pass https://$upstream_znc:6501/; and now i'm able to see the ZNC login (without css, though). Once I log in, I get "403 Access denied POST requests need to send a secret token to prevent cross-site request forgery attacks." 34 minutes ago, aptalca said: Is znc on the same user defined bridge network as letsencrypt? Is the container named "znc"? Is it running? Can you reach it via http://unraidip:6501 ? Yeah that's all good from me. Edited May 31, 2019 by bamtan Quote Link to comment
Tucubanito07 Posted May 31, 2019 Share Posted May 31, 2019 11 minutes ago, bamtan said: Over https I changed proxy_pass http://$upstream_znc:6501/; to proxy_pass https://$upstream_znc:6501/; and now i'm able to see the ZNC login (without css, though). Once I log in, I get "403 Access denied POST requests need to send a secret token to prevent cross-site request forgery attacks." Yeah that's all good from me. Hey @bamtan if you get Nextcloud working within your Lan can you let us know please. I am able to connect to Nextcloud through Wan but inside the network i can. I bought a Linksys to see if i can use that router for my setup. I didn't buy it just for that but it should be a better wireless router then the one i have from my isp. Thanks in advance. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.