aptalca Posted October 24, 2019 Share Posted October 24, 2019 (edited) 5 hours ago, war1000 said: Thanks for the reply. No I am testing from within my network. I will test it via the phone tonight. My network setup is pretty standard, 5 computers behind the router. 3 plugged into the router and 2 laptops (there are also phones). 1 server (UnRaid), 1 pc (Windows 10), 1 raspberry pi (Hassio), 2 laptops (Windows 10). I have a laptop that I can use to tether with the phone. Before I do this, I have disconnected hassio so it doesn't ping out when I test. I am also going to redo the nextcloud configs to make it match the spaceinvader setup. I will post the setting here for review. Fyi, your sonarr is accessible from the internet. Everything works properly. Your issue is hairpin nat or nat loopback. PS. Don't forget to enable http auth for sonarr or you might notice strange shows added to your library Edited October 24, 2019 by aptalca Quote Link to comment
Greg001 Posted October 24, 2019 Share Posted October 24, 2019 Darn, and here I was trying out those answers in case it helped my case! Any ideas what might be wrong with my logic and setup? I don't remember having to move or configure anything to indicate where the certificates are generated, could this explain why they can't be found? Happy to post any logs or configs that might help figure this out. Quote Link to comment
Marshalleq Posted October 24, 2019 Share Posted October 24, 2019 That is the same thing as item 5 in my list. Damn these threads with multiple topics are confusing though...Sent from my iPhone using Tapatalk Quote Link to comment
war1000 Posted October 24, 2019 Share Posted October 24, 2019 15 hours ago, Marshalleq said: For within your network, it's likely best to create a static DNS record, with the same domain name you're using and point that at your INTERNAL nextcloud / unraid address. Thank you for the reply! How do I create a static dns record? I have done the following in the UnRaid server. Then in the router I have done the following through the DHCP List: So: Unraid needs to have the correct IP for the domain ---> I think this has been done. Cloudflare needs to have the correct IP for the domain ---> This is done using the DNS pointing to irisnet. The proxy setting in cloudflare should be off ---> Done You need to give it time for the new cloudflare setting to propagate to the DNS servers on the internet (which will include the DNS server at whatever phone provider you are using AND the DNS server that your home router is using) ---> so far 24 hours. so I think this is done now. Internal devices either need the internal DNS updated or some router trickery which you may or may not have, which is why I suggest adding this manually for now ---> This one I am not sure if I am doing this right or not. Because I thought this was done with the Virtual server rules, which I did. @aptalca, hahahaha....how did you know I love my little ponny?!!! good one! Ok so if you were able to access it, did you use the sonarr.irisnet.ga? or some other way? I enabled the auth now. Would you also mind trying nextcloud.irisnet.ga? I am going to read up on the nat loopback. Thanks a lot for your help guys! even if I can't get it right, I am still learning new things! That is progress! Quote Link to comment
war1000 Posted October 24, 2019 Share Posted October 24, 2019 8 minutes ago, war1000 said: Thank you for the reply! How do I create a static dns record? I have done the following in the UnRaid server. Then in the router I have done the following through the DHCP List: So: Unraid needs to have the correct IP for the domain ---> I think this has been done. Cloudflare needs to have the correct IP for the domain ---> This is done using the DNS pointing to irisnet. The proxy setting in cloudflare should be off ---> Done You need to give it time for the new cloudflare setting to propagate to the DNS servers on the internet (which will include the DNS server at whatever phone provider you are using AND the DNS server that your home router is using) ---> so far 24 hours. so I think this is done now. Internal devices either need the internal DNS updated or some router trickery which you may or may not have, which is why I suggest adding this manually for now ---> This one I am not sure if I am doing this right or not. Because I thought this was done with the Virtual server rules, which I did. @aptalca, hahahaha....how did you know I love my little ponny?!!! good one! Ok so if you were able to access it, did you use the sonarr.irisnet.ga? or some other way? I enabled the auth now. Would you also mind trying nextcloud.irisnet.ga? I am going to read up on the nat loopback. Thanks a lot for your help guys! even if I can't get it right, I am still learning new things! That is progress! Ok I just confirmed this by using the phone that I can now reach both sonarr and nextcloud....so it must be the nat loopback issue because i can't connect from inside the network. Quote Link to comment
Tucubanito07 Posted October 24, 2019 Share Posted October 24, 2019 1 hour ago, war1000 said: Ok I just confirmed this by using the phone that I can now reach both sonarr and nextcloud....so it must be the nat loopback issue because i can't connect from inside the network. I had the same issue. Netgear routers support Nat loopback. Quote Link to comment
war1000 Posted October 24, 2019 Share Posted October 24, 2019 2 hours ago, Tucubanito07 said: I had the same issue. Netgear routers support Nat loopback. I have the Trendnet Router. I can't find any NAT Loopback anywhere. This is the emulator: https://www.trendnet.com/emulators/TEW-827DRU_v1.0R/basic_status.html Quote Link to comment
war1000 Posted October 24, 2019 Share Posted October 24, 2019 2 hours ago, Tucubanito07 said: I had the same issue. Netgear routers support Nat loopback. Ok I found this, is there where you can set the loopback? Quote Link to comment
Marshalleq Posted October 24, 2019 Share Posted October 24, 2019 I've been poking all round your emulator trying to find a loopback / multi-homed thing or perhaps even a DNS rebind and not found anything. I've also looked in the software for custom DNS records which is also not available. Someone else may have better luck than me, but to be honest this is not uncommon with consumer routers. Which is why DD-WRT was born - you can flash your router with firmware that does have these kinds of features. The router compatibility list is here: https://wiki.dd-wrt.com/wiki/index.php/Supported_Devices#TRENDnet It appears your router is still a work in progress, but perhaps you can have a poke around there - they may have a working beta or something. So for you, the best thing will be to put the settings manually into the hosts files of your internal computers. Or get a different router firewall. If you want to go the whole hog you can get your own firewall like opnsense. Or take your luck with another consumer router. Sorry to be the bearer of bad news. Quote Link to comment
almulder Posted October 24, 2019 Share Posted October 24, 2019 Ok so I was going to setup nextcloud, but need to install letsencrypt first, but I am lost can someone help me. Also I have pihole installed and its already using port 443. So not sure how to set this up. also I have dns service from noip.com (Paid version) Quote Link to comment
Marshalleq Posted October 24, 2019 Share Posted October 24, 2019 I'd suggest you watch the spaceinvaderone video on youtube first. Quote Link to comment
war1000 Posted October 24, 2019 Share Posted October 24, 2019 (edited) 2 hours ago, Marshalleq said: I've been poking all round your emulator trying to find a loopback / multi-homed thing or perhaps even a DNS rebind and not found anything. I've also looked in the software for custom DNS records which is also not available. Someone else may have better luck than me, but to be honest this is not uncommon with consumer routers. Which is why DD-WRT was born - you can flash your router with firmware that does have these kinds of features. The router compatibility list is here: https://wiki.dd-wrt.com/wiki/index.php/Supported_Devices#TRENDnet It appears your router is still a work in progress, but perhaps you can have a poke around there - they may have a working beta or something. So for you, the best thing will be to put the settings manually into the hosts files of your internal computers. Or get a different router firewall. If you want to go the whole hog you can get your own firewall like opnsense. Or take your luck with another consumer router. Sorry to be the bearer of bad news. Thank you for all your research and response. I will go with the host file. I do have a archer c2600 that is serving as an extender that i could flash with wrt but I need to take a break for a few days before I do that lol. I found the instrcutions here for the host file: so basically add the two hosts with the same ip in the file? Ok I added using the user script. But it didn't work...:( Edited October 24, 2019 by war1000 added additional update Quote Link to comment
war1000 Posted October 26, 2019 Share Posted October 26, 2019 On 10/24/2019 at 4:40 PM, war1000 said: Thank you for all your research and response. I will go with the host file. I do have a archer c2600 that is serving as an extender that i could flash with wrt but I need to take a break for a few days before I do that lol. I found the instrcutions here for the host file: so basically add the two hosts with the same ip in the file? Ok I added using the user script. But it didn't work...:( So just to kind of conclude on this, my friend who is in IT Infrastructure had been dissing me for a while for not getting an ASUS router. So I finally pulled the trigger and got one today. Configured everything almost the same as my Trendnet router....and now I can access the sites from within my network....so I supposed all it required was money!!! lol...I don't know how else to explain it. Quote Link to comment
ksarnelli Posted October 26, 2019 Share Posted October 26, 2019 Updated the container this morning and now getting: nginx: [emerg] dlopen() "/var/lib/nginx/modules/ngx_stream_geoip2_module.so" failed (Error loading shared library /var/lib/nginx/modules/ngx_stream_geoip2_module.so: No such file or directory) in /etc/nginx/modules/stream_geoip2.conf:1 Checked and the module is in fact missing. Any ideas? Quote Link to comment
j0nnymoe Posted October 26, 2019 Share Posted October 26, 2019 1 hour ago, ksarnelli said: Updated the container this morning and now getting: nginx: [emerg] dlopen() "/var/lib/nginx/modules/ngx_stream_geoip2_module.so" failed (Error loading shared library /var/lib/nginx/modules/ngx_stream_geoip2_module.so: No such file or directory) in /etc/nginx/modules/stream_geoip2.conf:1 Checked and the module is in fact missing. Any ideas? Already fixed and new image pushed. 1 Quote Link to comment
Marshalleq Posted October 26, 2019 Share Posted October 26, 2019 14 hours ago, war1000 said: So just to kind of conclude on this, my friend who is in IT Infrastructure had been dissing me for a while for not getting an ASUS router. So I finally pulled the trigger and got one today. Configured everything almost the same as my Trendnet router....and now I can access the sites from within my network....so I supposed all it required was money!!! lol...I don't know how else to explain it. Yeah - those routers do the loopback / rebind thing we've been talking about. Your hosts file should have worked too, but this is even better. Also the Asus usually do take the WRT. The archer if I recall correctly is actually even better than the Asus in terms of it's hardware so that could have also been an option. Great that it's sorted! Quote Link to comment
nikizm Posted October 27, 2019 Share Posted October 27, 2019 7 hours ago, j0nnymoe said: Already fixed and new image pushed. Hi Jonny, Is there a way to force update the image? I check for updates but none are available. This is killing access to all my dockers from outside the network! Alternatively, is there a way to revert to an old version? Quote Link to comment
rowid_alex Posted October 27, 2019 Share Posted October 27, 2019 49 minutes ago, nikizm said: Hi Jonny, Is there a way to force update the image? I check for updates but none are available. This is killing access to all my dockers from outside the network! Alternatively, is there a way to revert to an old version? I had the same problem and find the way to fix it. Go to UNRAID docker page, change the view from basic to advanced with the button in the up-right corner, then you will see there is a "force update" for every docker container. Force update letsencrypt and issue is resolved! Quote Link to comment
kyle1 Posted October 27, 2019 Share Posted October 27, 2019 (edited) 4 hours ago, nikizm said: Hi Jonny, Is there a way to force update the image? I check for updates but none are available. This is killing access to all my dockers from outside the network! Alternatively, is there a way to revert to an old version? For future reference, if you ever need to do this: edit the container in question, then look for "Repository". Usually this is something like "linuxserver/letsencrypt" or "linuxserver/letsencrypt:latest". Go to that repository on DockerHub and click the "Tags" tab under the name. You'll see a whole pile of things, but we're looking for something like "0.39.0-ls69". Note the most recent version (synonymous with "latest") and just work backwards, noting the tag. If you want to revert to an earlier version, add/edit the text after the ":" in the container edit screen to include the tag you chose from DockerHub. Will look like "linuxserver/letsencrypt:0.39.0-ls69". Then save and the prior version will be called up. Note that with a specific version selected in this way it will never show that updates are available (you are current on that version!) so you will need to check back periodically to see if the issue is fixed. Edited October 27, 2019 by kyle1 Quote Link to comment
AcidReign Posted October 27, 2019 Share Posted October 27, 2019 (edited) Hi everybody, I seem to have an issue with my letsencrypt. It has been working without a flaw for the last year and now it just stopped. I did not change anything. The subdomains just come back as: ERR_CONNECTION_REFUSED I tried updating the container, and also force updating, but it is up to date. I don't get any errors in the log except the ones about "lua" that have been discussed in this thread to be "harmless". Any ideas where I can start to troubleshoot? Edit: Could this be a time-zone issue? As we had the daylight saving time change tonight in our timezone? Acid Edited October 27, 2019 by AcidReign Quote Link to comment
Smooth Beaver Posted October 27, 2019 Share Posted October 27, 2019 I am trying to setup fail2ban with the nextcloud, letsencrypt and OnlyOffice Document Server dockers, (Nextcloud, letsencrypt & ONLYOFFICE currently work perfectly) When I look at Nextcloud's log file it shows all logins are coming from a single IP, probably because of the letsencrypt reverse proxy. So I found this page but it says I need a subscription to view it. Can anyone help with allowing the reverse proxy to pass the client IP so I can configure fail2ban to work using this as a rough guide: https://dennisnotes.com/note/20180831-nextcloud-docker-nginx-reverse-proxy/ Are these the lines that I need to add to the letsencrypt conf file for nextcloud that will do the client IP passthrough? proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; Do I need to add all three or just one or etc? I am not exactly sure what they do which is why I don't want to add them.... Quote Link to comment
nraygun Posted October 29, 2019 Share Posted October 29, 2019 I recently received this notice from Nextcloud: https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/ How can I confirm that my Docker container is updated to contain the updates to mitigate this issue? Quote Link to comment
saarg Posted October 29, 2019 Share Posted October 29, 2019 3 hours ago, nraygun said: I recently received this notice from Nextcloud: https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/ How can I confirm that my Docker container is updated to contain the updates to mitigate this issue? This isn't the Nextcloud support thread. No need to post the same question in two threads. Quote Link to comment
nraygun Posted October 30, 2019 Share Posted October 30, 2019 Sorry. Wasn't sure which NGINX was affected. From what I can tell NGINX is in the Nextcloud docker and in the Letsencrypt docker. Can someone answer the question in the context of Letsencrypt? Does it even apply? Quote Link to comment
saarg Posted October 30, 2019 Share Posted October 30, 2019 12 minutes ago, nraygun said: Sorry. Wasn't sure which NGINX was affected. From what I can tell NGINX is in the Nextcloud docker and in the Letsencrypt docker. Can someone answer the question in the context of Letsencrypt? Does it even apply? It affects every combination of php-fpm and nginx. Packages are updated in both nextcloud, nginx and letsencrypt container. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.