[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

17 hours ago, saarg said:

I think you don't fully understand port forwarding.

You are not forwarding port 8008. You are forwarding port 80 on the Wan side to port 8008 on the container. So on the wsn side it's always 443 and 80, but in the actual router/firewall you use the Wan side ports as the source ports and the ports you set in the container template you set as the destination ports.

From looking at your screenshot, you are just opening the ports, and not port forwarding.

No, I fully understand port forwarding. I'm just really distracted lately and at the risk of getting too personal, I'm on some new ADD meds that are kind of messing with my memory and cognition (and you guys have been super patient with me so thanks).

I see what you are saying now, I just didn't notice it before. The router doesn't allow me that level of control like my other did and I just didn't notice it until you said something. It seems I can only forward a port to a specific IP of the SAME port. The layout sucks but it seems start port and end port refers to port range and not source and destination. I included a stock image of the menu (not what I actually have in my settings). So I don't think I can forward port 80 from outside my network to 8008 on my UnRAID server, just 80 to 80. I may have to go back to my previous set up. This is kind of what I meant when I said the feature of ISP branded routers being sub-par.

 
image.png.2e3488c6278f051008e886599245b32a.png

Link to comment
1 hour ago, bobbintb said:

No, I fully understand port forwarding. I'm just really distracted lately and at the risk of getting too personal, I'm on some new ADD meds that are kind of messing with my memory and cognition (and you guys have been super patient with me so thanks).

I see what you are saying now, I just didn't notice it before. The router doesn't allow me that level of control like my other did and I just didn't notice it until you said something. It seems I can only forward a port to a specific IP of the SAME port. The layout sucks but it seems start port and end port refers to port range and not source and destination. I included a stock image of the menu (not what I actually have in my settings). So I don't think I can forward port 80 from outside my network to 8008 on my UnRAID server, just 80 to 80. I may have to go back to my previous set up. This is kind of what I meant when I said the feature of ISP branded routers being sub-par.

 
image.png.2e3488c6278f051008e886599245b32a.png

I believe you need to change the remote port shown on there

Link to comment
2 hours ago, Chandler said:

Alright, I've been reading through this forum getting all the answers to my problems so far. I was able to figure it out and get everything in a working state. 

I just have just a few questions now -- 

 

On startup I see the alert about the LuaJIT version issue, is that a problem?

I also see the warnings for conflicting server names. How do I fix that? I have only used the default templates and only edited them where necessary.  


Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
nginx: [warn] conflicting server name "ombi.*" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "sl.*" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "tautulli.*" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "ombi.*" on [::]:443, ignored
nginx: [warn] conflicting server name "sl.*" on [::]:443, ignored
nginx: [warn] conflicting server name "tautulli.*" on [::]:443, ignored
Server ready

 

In my default site config I enable the http redirect to https

 


server {
	listen 80;
	listen [::]:80;
	server_name _;
	return 301 https://$host$request_uri;
}

This works for all dockers except for Tautulli. When I go to the http for that I get page not found, any ideas? 

Lua issues are harmless.

 

Server name conflicts are a problem you need to fix. You likely have duplicate site configs

Link to comment
16 minutes ago, aptalca said:

Lua issues are harmless.

 

Server name conflicts are a problem you need to fix. You likely have duplicate site configs

Ok I fixed the name conflicts. Accidentally included subdomains.conf twice in the default. Any idea on the Tautulli not redirecting to https when attempting to reach from http? 

 

Link to comment

Hi guys,

 

I am trying to get airsonic to work, i have copied my nextcloud config and changed what i see is required but its not working.  i have added the airsonic A RECORD to my domain, also in the docker subdomain

 

Id be most grateful if assistance.

 

NEXTCLOUD

 

server {  
    listen 443 ssl;
    server_name nextcloud.domain.co.uk;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-rr:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-rr-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:rr-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-rr-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHtE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-rr:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.200:446/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }

 

AIRSONIC

 

server {  
    listen 443 ssl;
    server_name airsonic.domain.co.uk;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-rr:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-rr-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:rr-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-rr-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHtE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-rr:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.200:4040/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }

Edited by Greygoose
Link to comment
12 hours ago, Chandler said:

Ok I fixed the name conflicts. Accidentally included subdomains.conf twice in the default. Any idea on the Tautulli not redirecting to https when attempting to reach from http? 

 

Try incognito, 301 redirects are supposed to be permanent and are cached by the browser

Link to comment
16 minutes ago, Greygoose said:

Hi guys,

 

I am trying to get airsonic to work, i have copied my nextcloud config and changed what i see is required but its not working.  i have added the airsonic A RECORD to my domain, also in the docker subdomain

 

Id be most grateful if assistance.

 

NEXTCLOUD

 

server {  
    listen 443 ssl;
    server_name nextcloud.domain.co.uk;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-rr:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-rr-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:rr-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-rr-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHtE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-rr:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.200:446/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }

 

AIRSONIC

 

server {  
    listen 443 ssl;
    server_name airsonic.domain.co.uk;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-rr:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-rr-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:rr-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-rr-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHtE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-rr:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.200:4040/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }

Define not working

Link to comment
1 hour ago, Greygoose said:

unable to access the airsonic from web browser via

 

 

dd.png

dd1.png

Your confs don't match your logs. The web address you're trying to connect to has http auth turned on.

 

It looks like you have a conf somewhere that has an incorrect server name set (with /airsonic at the end), etc.

 

Either go back to defaults and start over, it post your full config or it is impossible for us to help you

Link to comment

Thanks for the help Aptalca

 

this is my default file

 

server {
    listen 80;
        server_name www.domain.co.uk;
        return 301 https://.co.uk$request_uri;
}

server {
    listen 443;
        server_name www.domain.co.uk;
        return 301 https://.co.uk$request_uri;
}

server {
        listen 80;
        server_name domain.com;
        return 301 https://domain.co.uk$request_uri;
}

server {

    listen 443 ssl default_server;
    server_name domain.co.uk;

    add_header Front-End-Https on;

    root /config/www;
    index index.html index.htm index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        # With php5-cgi alone:
        fastcgi_pass 127.0.0.1:9000;
        # With php5-fpm:
        #fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;
    }
    
    location /books {
            proxy_pass              http://192.168.0.1:9083;
            proxy_set_header        Host            $http_host;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header        X-Scheme        $scheme;
            proxy_set_header        X-Script-Name   /books;
        }

        #   location ^~/books {
    #    proxy_pass http://192.168.0.1:82/;
    #    rewrite /books/?(.*) /$1 break;
    #    auth_basic "Restricted";
        #    auth_basic_user_file /config/nginx/.htpasswd;
    #    include /config/nginx/proxy.conf;
    #}

    location /booksonic {
        proxy_pass http://192.168.0.1:4040/booksonic;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

    location /couch {
        proxy_pass http://192.168.0.1:5050/couch;
        auth_basic "Restricted";
              auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
        }

        location /deluge {
            proxy_pass http://192.168.0.1:8112/;
            proxy_set_header  X-Deluge-Base "/deluge/";
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;
        }

    location /emby {
    # Send traffic to the backend
            proxy_pass http://192.168.0.1:8096/emby;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Proto $remote_addr;
            proxy_set_header X-Forwarded-Protocol $scheme;
            proxy_redirect off;
    
    # Send websocket data to the backend aswell
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
    }

    location /headphones {
        proxy_pass http://192.168.0.1:8178/headphones;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /htpc {
        proxy_pass http://192.168.0.1:8085/htpc;
        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /lazylibrarian {
        proxy_pass http://192.168.0.1:5299/lazylibrarian;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /mylar {
        proxy_pass http://192.168.0.1:8090/mylar;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /nzbget {
        proxy_pass http://192.168.0.1:6789/nzbget;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /hydra {
        proxy_pass http://192.168.0.1:5075/hydra;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /plex {
        proxy_pass http://192.168.1.200:32400/web;
        include /config/nginx/proxy.conf;
    }

    location /web {
        proxy_pass http://192.168.0.150:32400/web;
        include /config/nginx/proxy.conf;
    }

        location /plexpy/ {
           proxy_pass http://192.168.0.1:8181;
        include /config/nginx/proxy.conf;
              proxy_bind $server_addr;
              proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-Ssl     on;
        auth_basic "Restricted";
              auth_basic_user_file /config/nginx/.htpasswd;
     }
    
    location /requests {
        proxy_pass http://192.168.0.1:3579/requests;
        include /config/nginx/proxy.conf;
    }

    location /radarr {
        proxy_pass http://192.168.1.200:7878/radarr;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /sonarr {
        proxy_pass http://192.168.1.200:8989/sonarr;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /ubooquity {
        proxy_pass http://192.168.0.1:2202/ubooquity;
        auth_basic "Restricted";
             auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

 location /airsonic {
        proxy_pass http://192.168.0.1:4040/airsonic;
        auth_basic "Restricted";
             auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
}

Link to comment

this is my airsonic file

 

server {  
    listen 443 ssl;
    server_name airsonic.domain.co.uk;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-C3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.200:4040/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }
}

 

 

Link to comment

this is my proxy conf

 

client_max_body_size 10m;
client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

Link to comment
51 minutes ago, Greygoose said:

this is my proxy conf

 

client_max_body_size 10m;
client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

 

Why not use our supplied airsonic proxy conf that works?

Link to comment

Hi Sarrg,

 

I have tried this using the airconic, domain sample. I renamed it to airsonic and copied into the nginx/site-confs folder

 

# make sure that your dns has a cname set for airsonic and that your airsonic container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name airsonic.domain.co.uk*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;
        
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_airsonic airsonic;
        proxy_pass http://192.168.1.100:4040;
    }
}

}

Link to comment

So i renamed the subdomain conf file to airsonic and copyed into the site-confs folder, still getting the issue above.

 

# make sure that your dns has a cname set for airsonic and that your airsonic container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name airsonic.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;
        
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_airsonic airsonic;
        proxy_pass http://$upstream_airsonic:4040;
    }
}

Link to comment
2 hours ago, Greygoose said:

PROGRESS

 

I deleted the letsencrypt docker & folder. I started fresh with spaceinvader one guide. 

 

10minutes later things look much better,.

 

however I now get this error, its getting the airsonic docker via the domain but this error below

 

dd.png

You don't move the files. You just remove the sample part from the file. And also read the top of the file to check if you have to make any changes.

Link to comment

guys,

 

sorry for wasting your time.

 

all sorted now. I also changed the context path in the airsonic docker to work using airsonic.domain instead of the airsonic.domain/airsonic

 

I was making things way too complex, you guys did all the work. Thank you, thnak you for now loosing it with me :/

Link to comment
On 7/19/2019 at 8:02 PM, aptalca said:

I believe you need to change the remote port shown on there

Weird, that column is in the stock image but not on my actual router. I did try the remote port settings but I must have done it wrong initially because I tried it just now and it worked. Hopefully I can manage from here. Thanks for the help, I know I wasn't making things easy but I just really needed another set of eyes because I haven't been able to keep things straight lately.

Link to comment
On 7/15/2019 at 11:10 PM, aptalca said:

That command creates the credentials file. Then edit your site config files to enable it for whatever location you want

 

I'm trying this in the console for the letsencrypt docker.

 

I must be doing something wrong...

 

root@27g4c5326171:/# docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd
sh: docker: not found
root@27g4c5326171:/# exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd
sh: exec: illegal option -i
root@27g4c5326171:/#

 

Link to comment
4 hours ago, Lien1454 said:

 

I'm trying this in the console for the letsencrypt docker.

 

I must be doing something wrong...

 

root@27g4c5326171:/# docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd
sh: docker: not found
root@27g4c5326171:/# exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd
sh: exec: illegal option -i
root@27g4c5326171:/#

 

"docker exec -it letsencrypt" is used to run things things inside the container while you're on the host console, outside of the container.

 

If you're already inside the container, just run the part that starts with htpasswd

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.