[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

3 hours ago, Tucubanito07 said:

Hey Guys, I have a quick question. I had @CHBMB help me a couple of months ago. I wanted to know if is possible to always have the (Subdomain www,) to always be deleted? The reason why is because every time I update the docker it always comes back and I have to deleted in order for the docker to work or how can I make it work with the (Subdomain www,)? Thanks in advance.

You have to go into docker settings, turn on authoring mode, go to the template and delete the address in the template address box, update the template and go disable authoring mode.

 

We added www, to the template, so it will always come back if you det it to nothing. You can try to just add a comma and see if that works. Then you don't have to do the procedure above.

Link to comment
17 hours ago, saarg said:

You have to go into docker settings, turn on authoring mode, go to the template and delete the address in the template address box, update the template and go disable authoring mode.

 

We added www, to the template, so it will always come back if you det it to nothing. You can try to just add a comma and see if that works. Then you don't have to do the procedure above.

Thank you so much @saarg.

Link to comment
7 hours ago, capino said:

Instead of installing all the requested PHP modules, could it be possible to use a variable where you can enter the modules you want.
I use my letsencrypt docker only as letsencrypt and don't need all the modules installed.

 

Having additional modules doesn't really hurt anything. We're going for simplicity. Variable for modules would increase complexity

Link to comment

Hi there. Previously I had an issue with reverse proxy where something like mydomain.net/radarr would only work when I'm outside my home network and within the network, I could only use my internal IP, like http://192.168.1.252:8989/radarr/ .

 

But today I accidentally tried mydomain.net/radarr and it worked fine. Nothing's changed on my end, same router and settings.

 

Did something change with Nginx to enable this? I'm just surprised it works because I thought it was a limitation of my router, something to do with firewall pinhole.

Link to comment
4 hours ago, aptalca said:

Having additional modules doesn't really hurt anything. We're going for simplicity. Variable for modules would increase complexity

Exactly. Also we’re asking for them to be included, not enabled. Having the option to use it or not is all we want. 

Link to comment
12 hours ago, vurt said:

Hi there. Previously I had an issue with reverse proxy where something like mydomain.net/radarr would only work when I'm outside my home network and within the network, I could only use my internal IP, like http://192.168.1.252:8989/radarr/ .

 

But today I accidentally tried mydomain.net/radarr and it worked fine. Nothing's changed on my end, same router and settings.

 

Did something change with Nginx to enable this? I'm just surprised it works because I thought it was a limitation of my router, something to do with firewall pinhole.

No, it's strictly a routing/dns issue. Something must have changed on your side. Did you reboot the router perhaps?

  • Like 1
Link to comment
10 hours ago, mattgob86 said:

I am getting an error this morning after the last update

 


nginx: [emerg] unknown directive "geoip_country" in /config/nginx/nginx.conf:15

nothing changed on my end, do I need to change something in my config?

Geoip v1 has been deprecated for a while and as of last week, the databases are no longer available for download. So we removed the geoip packages from the image.

 

But don't fret, geoip2 is included in the image and works. You just need to update your config to use that instead.

Edited by aptalca
Link to comment
9 hours ago, aptalca said:

Geoip v1 has been deprecated for a while and as of last week, the databases are no longer available for download. So we removed the geoip packages from the image.

 

But don't fret, geoip2 is included in the image and works. You just need to update your config to use that instead.

I am trying to update my config but it does not appear to have the new geoip2 in the appdata.  Everything that I am looking at for geoip still has a data of 10/20/18 when I initially created it.  Is there a walkthrough or something I can follow to get it back up and going? 

Link to comment
2 hours ago, mattgob86 said:

I am trying to update my config but it does not appear to have the new geoip2 in the appdata.  Everything that I am looking at for geoip still has a data of 10/20/18 when I initially created it.  Is there a walkthrough or something I can follow to get it back up and going? 

the geoip2 database is at this path inside the container: /var/lib/libmaxminddb/GeoLite2-City.mmdb

the instructions are here: https://github.com/leev/ngx_http_geoip2_module/blob/master/README.md#example-usage

Edited by aptalca
  • Like 1
  • Thanks 1
Link to comment
23 hours ago, aptalca said:

No, it's strictly a routing/dns issue. Something must have changed on your side. Did you reboot the router perhaps?

I haven't and I won't complain! I just thought maybe you worked some magic, a pleasant surprise nonetheless. 😀

Link to comment
2 hours ago, Thomas126a said:

Hi guys,

love the image. I would to know if it is possible to only run the image for ssl certification set and renewal. Then stop it afterwards. Maybe in a cronjob each night. Could you tell me how to do it if its possible?

 

Best regards,

Tom

Don't stop it, keep it running. If you don't want to use the webserver features at all, use dns validation and don't map any ports

Link to comment
On 8/5/2019 at 12:57 PM, tillkrueger said:

After updating the Docker today, and doing nothing that I can think of (what I did change in my settings and config files, I have since un-done), I can't connect to my domain anymore...log is attached, and letsencrypt.status.io appears to show some issues...is it something I did, or is there a problem outside of my control?

After 3hrs with a *very* generous unRAID'er here in Berlin, Toobie, who is running a very similar setup as I am, we isolated the issues I was having to the updated letsencrypt Docker...after figuring out how to downgrade to the most recent previous version (by putting "linuxserver/letsencrypt:0.36.0-ls49" into Letsencrypt's "Repository" field in its settings...that is if you're on INTEL 64bit, not ARM!), the Docker re-installed itself and, lo-and-behold, my site could be reached again.

Now what exactly caused it to not be reachable anymore after the upgrade to the newest version is beyond me (connection refused errors in all browsers), but I thought I'd post what fixed it for me here, in case someone else's site runs into the same issue.

So happy that aptalca's amazing Letsencrypt is working again, and for the gracious gift of time that Toobie presented me with today, to get me back on track. Will have to be more careful with the "Update All" button from here on out.

Edited by tillkrueger
correction
Link to comment
4 hours ago, tillkrueger said:

After 3hrs with a *very* generous unRAID'er here in Berlin, Toobie, who is running a very similar setup as I am, we isolated the issues I was having to the updated letsencrypt Docker...after figuring out how to downgrade to the most recent previous version (by putting "linuxserver/letsencrypt:0.36.0-ls49" into Letsencrypt's "Repository" field in its settings...that is if you're on INTEL 64bit, not ARM!), the Docker re-installed itself and, lo-and-behold, my site could be reached again.

Now what exactly caused it to not be reachable anymore after the upgrade to the newest version is beyond me (connection refused errors in all browsers), but I thought I'd post what fixed it for me here, in case someone else's site runs into the same issue.

So happy that aptalca's amazing Letsencrypt is working again, and for the gracious gift of time that Toobie presented me with today, to get me back on track. Will have to be more careful with the "Update All" button from here on out.

The only thing I can think of is that geoip v1 was recently removed as it was deprecated a while back and now the databases are no longer available.

 

If you were using geoip, that will result in a failure.

 

Geoip v2 is included in the image with an up-to-date database. You can use that instead

Link to comment
4 hours ago, aptalca said:

The only thing I can think of is that geoip v1 was recently removed as it was deprecated a while back and now the databases are no longer available.

 

If you were using geoip, that will result in a failure.

 

Geoip v2 is included in the image with an up-to-date database. You can use that instead

I am not aware of having used geoip, and don't even know what it is used for, or what part of Letsencrypt uses it. I saw it mentioned in this thread, and that it was deprecated, but shrugged it off as "well, I'm not using it, so that can't be  it"...but maybe I did use it unknowingly? what is it used for or by?

Link to comment
After 3hrs with a *very* generous unRAID'er here in Berlin, Toobie, who is running a very similar setup as I am, we isolated the issues I was having to the updated letsencrypt Docker...after figuring out how to downgrade to the most recent previous version (by putting "linuxserver/letsencrypt:0.36.0-ls49" into Letsencrypt's "Repository" field in its settings...that is if you're on INTEL 64bit, not ARM!), the Docker re-installed itself and, lo-and-behold, my site could be reached again.

Now what exactly caused it to not be reachable anymore after the upgrade to the newest version is beyond me (connection refused errors in all browsers), but I thought I'd post what fixed it for me here, in case someone else's site runs into the same issue.

So happy that aptalca's amazing Letsencrypt is working again, and for the gracious gift of time that Toobie presented me with today, to get me back on track. Will have to be more careful with the "Update All" button from here on out.
appreciate it and I will not update my docker at the moment or at least only with a working backup.

Sent from my MI 6 using Tapatalk

  • Like 1
Link to comment

Hello, works great but now i want to configure reserve proxy with a specific ssl port (standard ssl 443 works fine) for nextcloud.

 

I tried to change the port in nextcloud.conf but then i get 403 Forbidden nginx/1.16.0 error, what I do wrong? Thank you very much in advance. Router is configured with this port. Standard ssl (443) works.

server {
    listen 53444 ssl;
    listen [::]:53444 ssl;

    server_name cloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_nextcloud nextcloud;
        proxy_max_temp_file_size 2048m;
        proxy_pass https://$upstream_nextcloud:443;
    }
}


 

Link to comment
6 minutes ago, unMaxe said:

Hello, works great but now i want to configure reserve proxy with a specific ssl port (standard ssl 443 works fine) for nextcloud.

 

I tried to change the port in nextcloud.conf but then i get 403 Forbidden nginx/1.16.0 error, what I do wrong? Thank you very much in advance. Router is configured with this port. Standard ssl (443) works.


server {
    listen 53444 ssl;
    listen [::]:53444 ssl;

    server_name cloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_nextcloud nextcloud;
        proxy_max_temp_file_size 2048m;
        proxy_pass https://$upstream_nextcloud:443;
    }
}


 

Iam not 100% sure but I think you are on the wrong way.

If your router is on port 53444 you have to forward the port 53444 to 443.

I my configuration iam using 1443 as mentioned in one of spaceinvaders video.

But the config file is still with 443.

Link to comment
6 minutes ago, Toobie said:

Iam not 100% sure but I think you are on the wrong way.

If your router is on port 53444 you have to forward the port 53444 to 443.

I my configuration iam using 1443 as mentioned in one of spaceinvaders video.

But the config file is still with 443.

 

Yes I took that into account, my configuration works fine with 443. I had also refer spaceinvaders trutorial :))

 

I only change port in nextcloud.conf from 443 ssl to 53444 ssl, and router config outside port 443 to 53444, all other config are the same. Router seems not the problem because I get on my web-request to the ngix proxy.

 

 

 

 

 

 

 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.