Dutch Vertigo Posted November 12, 2019 Share Posted November 12, 2019 6 minutes ago, H2O_King89 said: he sure right here. I've followed this step by step, didn't work so i used to later added video using DNS Verification with lets encrypt Quote Link to comment
H2O_King89 Posted November 12, 2019 Share Posted November 12, 2019 I've followed this step by step, didn't work so i used to later added video using DNS Verification with lets encryptOkay thats fine but change the ports though Sent from my Pixel 4 XL using Tapatalk Quote Link to comment
aptalca Posted November 13, 2019 Share Posted November 13, 2019 16 hours ago, Spectral Force said: Good morning/afternoon. I am a bit out of my element with the reverse proxy stuff and custom conf files and need some help. I am trying to run the CSMM-7DTD server manager (docker by ich77) via reverse proxy and https. It works portionately via http, but uses steam to login to the software itself and that's where I get hung up. I click my steam login and because its https it craps out. I am unsure if this is supposed to be handled by the .conf file or elsewhere. Anything to point me in the proper direction would be appreciated. What I do have for a conf file comes from the creator of CSMM. I am using DuckDNS docker and links, as well as a CNAME from my website. Thanks in advance for any and all help. server { server_name csmm.example.com; index index.html; location / { proxy_pass http://localhost:1337; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 300; proxy_connect_timeout 300; } listen 80; } Don't copy paste a conf from another source. Use an existing preset proxy conf and modify accordingly. The conf you posted above is missing all the ssl bits, and it tries to reverse proxy localhost, which won't work in a container. Also see the examples in the default site config for very basic confs Quote Link to comment
ffhelllskjdje Posted November 13, 2019 Share Posted November 13, 2019 (edited) anyone able to get reverse proxy on a searx docker working? I have 5 other dockers that work flawlessly but for whatever reason i get a bad gateway with searx. It works with the internal br0 (http://192.168.1.19:8888) but when going to my external domain it doesn't work at all. Cname is correctly setup and letsencrypt as well. server { listen 80; listen 443 ssl; server_name searx.myprivatedomain.org; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DS> ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass http://192.168.1.19:8888; include /config/nginx/proxy.conf; } } Edited November 13, 2019 by ffhelllskjdje Quote Link to comment
aptalca Posted November 13, 2019 Share Posted November 13, 2019 4 minutes ago, ffhelllskjdje said: anyone able to get reverse proxy on a searx docker working? I have 5 other dockers that work flawlessly but for whatever reason i get a bad gateway with searx. It works with the internal br0 (http://192.168.1.19:8888) but when going to my external domain it doesn't work at all. Cname is correctly setup and letsencrypt as well. server { listen 80; listen 443 ssl; server_name searx.myprivatedomain.org; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DS> ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass http://192.168.1.19:8888; include /config/nginx/proxy.conf; } } If it's macvlan, it blocks connections between macvlan and host. Try to ping it from inside the letsencrypt container Quote Link to comment
ffhelllskjdje Posted November 13, 2019 Share Posted November 13, 2019 1 hour ago, aptalca said: If it's macvlan, it blocks connections between macvlan and host. Try to ping it from inside the letsencrypt container That was it, switched to bridge and remapped the port and all is working now, thanks Quote Link to comment
gray squirrel Posted November 15, 2019 Share Posted November 15, 2019 Is it possible to use the reverse proxy to redirect traffic to an internal IP, either a VM or another machine? I am new to unraid, and I have a synology NAS that I am migrating away from. I have also set up a xpenology VM. I have set up a number of synology units with friends and family and I like the way it handles backup, so I want to use my xpenology VM or current synology as a remote target. I have set up Letsencrypt docker and it works grate after following the spaceinvaderone video. However this only looks to work with dockers on the Unraid machine, via proxynet. I found some example code to root the proxy pass to an internal IP for example 192.168.X.XX at https://www.reddit.com/r/unRAID/comments/apapqw/reverse_proxy_with_letsencrypt_docker_and_vm/ However I cant get it to work. I have my own domain and plan to use something like xpenology.mydomain.com and synology.mydomain.com. If it forward port 5001 to my xpenology vm I can connect directly using xpenology.mydomain.com:5001 but if I don’t specify the port I get the “Welcome to our server” nginx splash page. It would be nice to be redirected to each of these DSM web interfaces by using xpenology. and synology. as i can only forward 5001 once. My congfig file is currently. server { listen 443 ssl http2; server_name xpenology.*; server_tokens off; access_log /var/log/nginx/xpenology.SITE.access.log; error_log /var/log/nginx/xpenology.SITE.error.log error; ssl on; ssl_certificate /etc/letsencrypt/live/SITE/fullchain.pem; ssl_certificate_key /etc/letsencrypt/SITE/privkey.pem; location /{ proxy_pass https://192.168.X.XXX:50001; proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Url-Scheme $scheme; } } Quote Link to comment
Ladrek Posted November 18, 2019 Share Posted November 18, 2019 I keep getting 403 Forbidden ive changed folder permission then restart the container and still get 403 Quote Link to comment
saarg Posted November 18, 2019 Share Posted November 18, 2019 22 minutes ago, Ladrek said: I keep getting 403 Forbidden ive changed folder permission then restart the container and still get 403 With the little info you have supplied, I can say that something isn't configured properly. Quote Link to comment
Ladrek Posted November 18, 2019 Share Posted November 18, 2019 (edited) 57 minutes ago, saarg said: With the little info you have supplied, I can say that something isn't configured properly. Found this in the error log Edited November 18, 2019 by Ladrek Quote Link to comment
saarg Posted November 18, 2019 Share Posted November 18, 2019 2 hours ago, Ladrek said: Found this in the error log Permission issues is my guess. So check the permissions on the recentlyadded folder. Should be nobody:users Quote Link to comment
Ladrek Posted November 18, 2019 Share Posted November 18, 2019 (edited) 1 hour ago, saarg said: Permission issues is my guess. So check the permissions on the recentlyadded folder. Should be nobody:users Everything has full access - i even changed the permission via unraid terminal and terminal on the container as well Edited November 18, 2019 by Ladrek Quote Link to comment
saarg Posted November 19, 2019 Share Posted November 19, 2019 12 hours ago, Ladrek said: Everything has full access - i even changed the permission via unraid terminal and terminal on the container as well If you are going to post a screenshot of permissions, please post the ones from unraid command line, not something from windows. Quote Link to comment
Ladrek Posted November 19, 2019 Share Posted November 19, 2019 6 hours ago, saarg said: If you are going to post a screenshot of permissions, please post the ones from unraid command line, not something from windows. Screenshot of linux Quote Link to comment
saarg Posted November 19, 2019 Share Posted November 19, 2019 29 minutes ago, Ladrek said: Screenshot of linux Looks good. I have no idea what is wrong then. I got limited knowledge about nginx, so you will have to wait until one of the nginx wizards pops up. Quote Link to comment
g0nz0 Posted November 19, 2019 Share Posted November 19, 2019 I'm trying to use this container, which I had working for a single subdomain, but now I'm getting the following after trying to add additional domains: Plugins selected: Authenticator standalone, Installer None An unexpected error occurred: Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 157, in _new_conn (self._dns_host, self.port), self.timeout, **extra_kw File "/usr/lib/python3.7/site-packages/urllib3/util/connection.py", line 61, in create_connection for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): File "/usr/lib/python3.7/socket.py", line 748, in getaddrinfo for res in _socket.getaddrinfo(host, port, family, type, proto, flags): socket.gaierror: [Errno -3] Try again I've treid rebuilding the container etc, but I'm not unable to get past this error. Any one able to help or point me in the right direction as this appears to be an issue with custom internal code so I'm at a loss at being able to debug the issue myself. Thanks for the help. Quote Link to comment
Seq Posted November 19, 2019 Share Posted November 19, 2019 Hi, getting this when starting the container, no idea how to fix it.. Please help. Generating new certificate An unexpected error occurred: pkg_resources.ContextualVersionConflict: (cryptography 2.6.1 (/usr/lib/python3.7/site-packages), Requirement.parse('cryptography>=2.8'), {'PyOpenSSL'}) Please see the logfile '/tmp/tmph9dkw77d/log' for more details. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
aptalca Posted November 19, 2019 Share Posted November 19, 2019 1 hour ago, g0nz0 said: I'm trying to use this container, which I had working for a single subdomain, but now I'm getting the following after trying to add additional domains: Plugins selected: Authenticator standalone, Installer None An unexpected error occurred: Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/urllib3/connection.py", line 157, in _new_conn (self._dns_host, self.port), self.timeout, **extra_kw File "/usr/lib/python3.7/site-packages/urllib3/util/connection.py", line 61, in create_connection for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): File "/usr/lib/python3.7/socket.py", line 748, in getaddrinfo for res in _socket.getaddrinfo(host, port, family, type, proto, flags): socket.gaierror: [Errno -3] Try again I've treid rebuilding the container etc, but I'm not unable to get past this error. Any one able to help or point me in the right direction as this appears to be an issue with custom internal code so I'm at a loss at being able to debug the issue myself. Thanks for the help. Post your container settings Quote Link to comment
g0nz0 Posted November 19, 2019 Share Posted November 19, 2019 4 hours ago, aptalca said: Post your container settings Sorry to be dense, but are they in an xml file somewhere like with rancher and it's API? Quote Link to comment
g0nz0 Posted November 19, 2019 Share Posted November 19, 2019 (edited) 13 minutes ago, g0nz0 said: Sorry to be dense, but are they in an xml file somewhere like with rancher and it's API? If not, this is a copy paste from the docker container edit page: Name: letsencrypt Repository: linuxserver/letsencrypt Network Type: Custom: br2.2502 Fixed IP address (optional): 10.250.2.101 Subnet: 10.250.2.0/24 Console shell command: Shell Privileged: ON http: Container Port: 80 https: Container Port: 443 Email: [email protected] Domain Name: g0nz0.me.uk Subdomain(s): unifi,plex,firewall, Only Subdomains: true Diffie Hellman: 2048 Validation: http AppData Config Path: /mnt/user/appdata/letsencrypt Edited November 19, 2019 by g0nz0 Quote Link to comment
g0nz0 Posted November 19, 2019 Share Posted November 19, 2019 2 minutes ago, g0nz0 said: If not, this is a copy paste from the docker container edit page: Name: letsencrypt Repository: linuxserver/letsencrypt Network Type: Custom: br2.2502 Fixed IP address (optional): 10.250.2.101 Subnet: 10.250.2.0/24 Console shell command: Shell Privileged: ON http: Container Port: 80 https: Container Port: 443 Email: [email protected] Domain Name: g0nz0.me.uk Subdomain(s): unifi,plex,firewall, Only Subdomains: true Diffie Hellman: 2048 Validation: http AppData Config Path: /mnt/user/appdata/letsencrypt Seriously, it's working again now. The issue must have been an error coming back from the letsencrypt API or certbot and just not being handled well in the code. If you're a / the dev on this project, let me know if you want some log extracts (specifically what you want from the logs etc) and I'll get them to you to investigate. Quote Link to comment
CHBMB Posted November 19, 2019 Share Posted November 19, 2019 18 minutes ago, g0nz0 said: Seriously, it's working again now. The issue must have been an error coming back from the letsencrypt API or certbot and just not being handled well in the code. If you're a / the dev on this project, let me know if you want some log extracts (specifically what you want from the logs etc) and I'll get them to you to investigate. I don't think we need them, if it were a widespread issue, we'd have heard by now. As it stands a solitary report I don't think justifies a conclusion of the container logic not handling things well. If the API/certbot had an issue, no amount of rewriting of the container is going to fix that. Quote Link to comment
drumstyx Posted November 20, 2019 Share Posted November 20, 2019 (edited) Having issues with python cryptography -- looks like py3-openssl was updated just a few hours after the current latest version was updated, and is causing issues because py3-cryptography is outdated now? I'm no expert, just a bit of digging. Error is: pkg_resources.ContextualVersionConflict: (cryptography 2.6.1 (/usr/lib/python3.7/site-packages), Requirement.parse('cryptography>=2.8'), {'PyOpenSSL'}) EDIT: In the meantime, running this in console and restarting works fine, though it has to be done each time the container is recreated (edited, etc) apk add gcc musl-dev libffi-dev openssl-dev python3-dev; pip install cryptography --upgrade apk add gcc musl-dev libffi-dev openssl-dev python3-dev; pip install cryptography --upgrade Edited November 20, 2019 by drumstyx Quote Link to comment
aptalca Posted November 20, 2019 Share Posted November 20, 2019 6 hours ago, drumstyx said: Having issues with python cryptography -- looks like py3-openssl was updated just a few hours after the current latest version was updated, and is causing issues because py3-cryptography is outdated now? I'm no expert, just a bit of digging. Error is: pkg_resources.ContextualVersionConflict: (cryptography 2.6.1 (/usr/lib/python3.7/site-packages), Requirement.parse('cryptography>=2.8'), {'PyOpenSSL'}) EDIT: In the meantime, running this in console and restarting works fine, though it has to be done each time the container is recreated (edited, etc) apk add gcc musl-dev libffi-dev openssl-dev python3-dev; pip install cryptography --upgrade apk add gcc musl-dev libffi-dev openssl-dev python3-dev; pip install cryptography --upgrade https://github.com/linuxserver/docker-letsencrypt/issues/379#issuecomment-555991614 Quote Link to comment
drumstyx Posted November 20, 2019 Share Posted November 20, 2019 2 hours ago, aptalca said: https://github.com/linuxserver/docker-letsencrypt/issues/379#issuecomment-555991614 Ah yeah, makes sense -- I couldn't figure out how to specify an older version of the docker via GUI, but I suppose I could do it in console... Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.