[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

4 hours ago, TechMed said:

Hi @aptalca,

 

Since you appear to have a deep understanding of Let's Encrypt, I am wondering if when you have time, you would take a look at this post from earlier? Either I am missing something obvious or I am not using the correct search parameters to find the answer because I have looked for a while now. Thanks!

Roxedus already answered you there. It's a macvlan issue. You have some containers on macvlan, and they can't access the host or any service running on the host. That's a docker security feature.

  • Thanks 1
Link to comment
19 hours ago, BeeKay said:

Hi there,

Hoping you guys can help me out. In short, my letsencrypt docker is giving me the 'likely firewall issue' message but I have tested port forwarding with nginx and nginxproxymanager dockers, which show their default pages via the opened ports.

 

I followed spaceinvaderone's guide (with methodical pausing while i applied the steps), so forwarding 443 from router to 1443 on unraid host, and 80 to 180 in the same way. 

 

I've got a domain registered. I've added a CNAME to my domain, pointing to a duckdns subdomain. I've setup the duckdns docker to update IP for this.

 

My ISP did have default ports blocked, which I've turned off (otherwise the tests above wouldn't have worked anyway).

 

I've also followed the linuxserver troubleshooting guide for the port forwarding issue already.

 

Can anyone shed some light? Would be much appreciated

 

If my letsencrypt log is useful, it's pasted below (xxxx'd out the domain and email specifics:

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Australia/Sydney
URL=xxxxxxxx.net
SUBDOMAINS=nextcloud
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
[email protected]
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d nextcloud.xxxxxxxx.net
E-mail address entered: [email protected]
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nextcloud.xxxxxxxx.net
Waiting for verification...
Challenge failed for domain nextcloud.xxxxxxxx.net

http-01 challenge for nextcloud.xxxxxxxx.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: nextcloud.xxxxxxxx.net
Type: connection
Detail: Fetching
http://nextcloud.xxxxxxxx.net/.well-known/acme-challenge/dTkFfXItBI3Q886xxxxxxxxxxxxXeCA8Dz6mEyanU:
Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
 

You said you followed the linuxserver troubleshooting guide. So what happened? Did you do the test?

Link to comment

Hey All,

 

Having an Issue....not sure why im getting this fail.  Pretty sure my ports are right. what is :/mnt/mtd/WebSites/.well and where and how do i fix this :s

 

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Australia/Sydney
URL=duckdns.org
SUBDOMAINS=aquillacomputingsystems,aquillacomputingsystemsbitwarden,aquillacomputingsystemsnextcloud,aquillacomputingsystemsombi
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=https
DNSPLUGIN=
[email protected]
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d aquillacomputingsystems.duckdns.org -d aquillacomputingsystemsbitwarden.duckdns.org -d aquillacomputingsystemsnextcloud.duckdns.org -d aquillacomputingsystemsombi.duckdns.org
E-mail address entered: [email protected]
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for aquillacomputingsystems.duckdns.org
http-01 challenge for aquillacomputingsystemsbitwarden.duckdns.org
http-01 challenge for aquillacomputingsystemsnextcloud.duckdns.org
http-01 challenge for aquillacomputingsystemsombi.duckdns.org
Waiting for verification...
Challenge failed for domain aquillacomputingsystems.duckdns.org
Challenge failed for domain aquillacomputingsystemsbitwarden.duckdns.org
Challenge failed for domain aquillacomputingsystemsnextcloud.duckdns.org
Challenge failed for domain aquillacomputingsystemsombi.duckdns.org
http-01 challenge for aquillacomputingsystems.duckdns.org
http-01 challenge for aquillacomputingsystemsbitwarden.duckdns.org
http-01 challenge for aquillacomputingsystemsnextcloud.duckdns.org
http-01 challenge for aquillacomputingsystemsombi.duckdns.org
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: aquillacomputingsystems.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://aquillacomputingsystems.duckdns.org/.well-known/acme-challenge/sGXwHiagrWpxp7w8HM2WDg4O-8-JOFxtfAWo5XItEHc
[110.175.43.148]: "<html>\r\n<head><title>Cross
Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross
couldn't find this file:/mnt/mtd/WebSites/.well"

Domain: aquillacomputingsystemsbitwarden.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://aquillacomputingsystemsbitwarden.duckdns.org/.well-known/acme-challenge/H5BbKDF70r7Rk6tOZmwqzDfs4eAaISCwyoFsVr7mh4Q
[110.175.43.148]: "<html>\r\n<head><title>Cross
Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross
couldn't find this file:/mnt/mtd/WebSites/.well"

Domain: aquillacomputingsystemsnextcloud.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://aquillacomputingsystemsnextcloud.duckdns.org/.well-known/acme-challenge/XOHa60mCm3ZoerrniI1iMAu4t1NC8YeIO-0urQcddOA
[110.175.43.148]: "<html>\r\n<head><title>Cross
Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross
couldn't find this file:/mnt/mtd/WebSites/.well"

Domain: aquillacomputingsystemsombi.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://aquillacomputingsystemsombi.duckdns.org/.well-known/acme-challenge/Qw8MqOfucfdgyfBkW_XF6F8UK2RXtx7ztz3ta8C4NSo
[110.175.43.148]: "<html>\r\n<head><title>Cross
Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross
couldn't find this file:/mnt/mtd/WebSites/.well"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

 

 

Untitled.thumb.png.b2e2cbb6ca2f35f7033e3b96c709b8ac.png

Link to comment
4 hours ago, aptalca said:

Roxedus already answered you there. It's a macvlan issue.

 

Based on my readings before and after Roxedus' answer, I figured that was the case. However, it never hurts to get a second opinion/confirmation. 🙂

Thanks for taking the time to respond.

Link to comment

So I'm trying to set this up on a second unraid machine. use the same domain but with a different subdomain and at a different location so with a different public ip.

I want to use the same domain as I have on my other location/public ip/letsencrypt nginx docker.

 

My problem is that I can't port forward with the router at this location. It is only allowing me to ports that are the same for internal and external. Since the Modem/router is provided by the isp and isn't allowed to be exchanged the only option I saw that I could do is wildcard/dns verfication.

 

I'm now unsure how to get around this problem. So If I use several subdomains already for let's say cloud.mydomain.com, xyz.mydomain.com, ....
Can I set up a wildcard with dns verfication under a subdomain of my domain for example location.mydomain.com so it the wildcard only covers things to the left like cloud.location.mydomain.com,... but leaves the certificates for the already working letsencrypt/nginx docker working.


If the above isn't possible my second idea would be to give the custom network or proxynet as spaceinvader calls it in his tutorial its own ip adress. So put multiple dockers on that same network with the same ip adress. Is that possible? What's the command for that?

 

I hope this makes sense.
Thank you in advance!

Edited by Heciruam
Link to comment
8 hours ago, Alphacosmos said:

Hey All,

 

Having an Issue....not sure why im getting this fail.  Pretty sure my ports are right. what is :/mnt/mtd/WebSites/.well and where and how do i fix this :s

 

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Australia/Sydney
URL=duckdns.org
SUBDOMAINS=aquillacomputingsystems,aquillacomputingsystemsbitwarden,aquillacomputingsystemsnextcloud,aquillacomputingsystemsombi
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=https
DNSPLUGIN=
[email protected]
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d aquillacomputingsystems.duckdns.org -d aquillacomputingsystemsbitwarden.duckdns.org -d aquillacomputingsystemsnextcloud.duckdns.org -d aquillacomputingsystemsombi.duckdns.org
E-mail address entered: [email protected]
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for aquillacomputingsystems.duckdns.org
http-01 challenge for aquillacomputingsystemsbitwarden.duckdns.org
http-01 challenge for aquillacomputingsystemsnextcloud.duckdns.org
http-01 challenge for aquillacomputingsystemsombi.duckdns.org
Waiting for verification...
Challenge failed for domain aquillacomputingsystems.duckdns.org
Challenge failed for domain aquillacomputingsystemsbitwarden.duckdns.org
Challenge failed for domain aquillacomputingsystemsnextcloud.duckdns.org
Challenge failed for domain aquillacomputingsystemsombi.duckdns.org
http-01 challenge for aquillacomputingsystems.duckdns.org
http-01 challenge for aquillacomputingsystemsbitwarden.duckdns.org
http-01 challenge for aquillacomputingsystemsnextcloud.duckdns.org
http-01 challenge for aquillacomputingsystemsombi.duckdns.org
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: aquillacomputingsystems.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://aquillacomputingsystems.duckdns.org/.well-known/acme-challenge/sGXwHiagrWpxp7w8HM2WDg4O-8-JOFxtfAWo5XItEHc
[110.175.43.148]: "<html>\r\n<head><title>Cross
Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross
couldn't find this file:/mnt/mtd/WebSites/.well"

Domain: aquillacomputingsystemsbitwarden.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://aquillacomputingsystemsbitwarden.duckdns.org/.well-known/acme-challenge/H5BbKDF70r7Rk6tOZmwqzDfs4eAaISCwyoFsVr7mh4Q
[110.175.43.148]: "<html>\r\n<head><title>Cross
Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross
couldn't find this file:/mnt/mtd/WebSites/.well"

Domain: aquillacomputingsystemsnextcloud.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://aquillacomputingsystemsnextcloud.duckdns.org/.well-known/acme-challenge/XOHa60mCm3ZoerrniI1iMAu4t1NC8YeIO-0urQcddOA
[110.175.43.148]: "<html>\r\n<head><title>Cross
Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross
couldn't find this file:/mnt/mtd/WebSites/.well"

Domain: aquillacomputingsystemsombi.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://aquillacomputingsystemsombi.duckdns.org/.well-known/acme-challenge/Qw8MqOfucfdgyfBkW_XF6F8UK2RXtx7ztz3ta8C4NSo
[110.175.43.148]: "<html>\r\n<head><title>Cross
Error</title></head>\r\n<body>\r\n404:Not found\r\n<p>Cross
couldn't find this file:/mnt/mtd/WebSites/.well"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

 

 

Untitled.thumb.png.b2e2cbb6ca2f35f7033e3b96c709b8ac.png

Either your IP is incorrect, or you have port forwarding issues.

 

Also, you really don't need to create multiple domains on duckdns. Create one, use that as the url here, and everything else will be a sub-subdomain. For example, you register mycustom as your duckdns subdomain, so you'll put "mycustom.duckdns.org" into url, and put "nextcloud,sonarr,sabnzbd" into subdomains and your services will be accessible at "nextcloud.mycustom.duckdns.org".

 

See here to troubleshoot the port/IP issue: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/

Link to comment
10 hours ago, aptalca said:

Either your IP is incorrect, or you have port forwarding issues.

 

Also, you really don't need to create multiple domains on duckdns. Create one, use that as the url here, and everything else will be a sub-subdomain. For example, you register mycustom as your duckdns subdomain, so you'll put "mycustom.duckdns.org" into url, and put "nextcloud,sonarr,sabnzbd" into subdomains and your services will be accessible at "nextcloud.mycustom.duckdns.org".

 

See here to troubleshoot the port/IP issue: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/

Thanks for the troubleshooting guide. I gave it a go but it seems my ports are configured correctly. when i ran the Nginx docker with worked fine. It must be something to do with the the file it cant locate. I have tried removing lets encrypt and retrying a few times. Same error

Link to comment
6 hours ago, Alphacosmos said:

Thanks for the troubleshooting guide. I gave it a go but it seems my ports are configured correctly. when i ran the Nginx docker with worked fine. It must be something to do with the the file it cant locate. I have tried removing lets encrypt and retrying a few times. Same error

When I try to connect to your domain, I get a blank yellow/green page with "webcam" as the page title.

 

Are you sure you did the test correctly as described?

Link to comment

Hey wondering 

Hey wondering if anyone else is having problem with their Next cloud docker/ letencrypt docker.  I had everything up and running with NC going through Letsencrypt. 

Just finished updating the dockers and now getting the following error

"Internal Server Error The server encountered an internal error and was unable to complete your request. Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report. More details can be found in the server log."

 

Had not changed anything but updating the dockers  through unraid interface.. 

 

I can try and post logs of things just not sure where to grab them. 

 

 

Link to comment
15 minutes ago, Aceriz said:

Hey wondering 

Hey wondering if anyone else is having problem with their Next cloud docker/ letencrypt docker.  I had everything up and running with NC going through Letsencrypt. 

Just finished updating the dockers and now getting the following error

"Internal Server Error The server encountered an internal error and was unable to complete your request. Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report. More details can be found in the server log."

 

Had not changed anything but updating the dockers  through unraid interface.. 

 

I can try and post logs of things just not sure where to grab them. 

 

 

Here is my Lestencrypt log- I did delete email and actual subdomains but have verified they are correct. 

 

_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/Halifax
URL=duckdns.org
SUBDOMAINS=*****List of my subdomains****
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=***my email
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -***listed at -d mysubdomains 
E-mail address entered: ***@gmail.com
http validation is selected
Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready
nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')

Link to comment
16 minutes ago, Aceriz said:

Hey wondering 

Hey wondering if anyone else is having problem with their Next cloud docker/ letencrypt docker.  I had everything up and running with NC going through Letsencrypt. 

Just finished updating the dockers and now getting the following error

"Internal Server Error The server encountered an internal error and was unable to complete your request. Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report. More details can be found in the server log."

 

Had not changed anything but updating the dockers  through unraid interface.. 

 

I can try and post logs of things just not sure where to grab them. 

 

 

Here is also my Nexcloud log 

 

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 40-config: executing...
[cont-init.d] 40-config: exited 0.
[cont-init.d] 50-install: executing...
[cont-init.d] 50-install: exited 0.
[cont-init.d] 60-memcache: executing...
[cont-init.d] 60-memcache: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

Link to comment
5 hours ago, Aceriz said:

Here is also my Nexcloud log 

 

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 40-config: executing...
[cont-init.d] 40-config: exited 0.
[cont-init.d] 50-install: executing...
[cont-init.d] 50-install: exited 0.
[cont-init.d] 60-memcache: executing...
[cont-init.d] 60-memcache: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

There is no need to post the same info in two different threads.

Link to comment
6 hours ago, turt1e said:

Haven't seen it posted here yet but Letsencrypt will be revoking certain certs starting today due to a CAA rechecking bug. This affects about 2.6% of issued certs. More info in the link below including a way to check if your cert is affected.

 

https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864

If anybody's affected, set the staging var to true, hit save. Then edit again and set it back to false. That action will force a renewal of the cert.

  • Like 2
Link to comment

Hey,

I'm having an issue on wordpress and it's erroring regarding Imagick; ImagickException thrown – NoDecodeDelegateForThisImageFormat `JPEG’.

I'v checked on phpinfo and it shows "ImageMagick number of supported formats:0" Any idea how i could fix this? Or is this part of the docker build that needs fixing?

 

Screenshot 2020-03-05 at 13.38.19.png

Link to comment
If anybody's affected, set the staging var to true, hit save. Then edit again and set it back to false. That action will force a renewal of the cert.
Thanks for the heads up. Headed over here to this thread to figure out what I needed to do to fix my mess. After I received the notification for Let'sencrypt revoking certs, I tried to use certbot to revoke and then renew my certs and things got all jumbled. Been dealing with notifications from my various apps about connection issues for three days. Can't wait to try this out when I get home tonight! Thanks again for the tip.

Sent from my ONEPLUS A6013 using Tapatalk

Link to comment
1 hour ago, illsnryhybrid said:

Thanks for the heads up. Headed over here to this thread to figure out what I needed to do to fix my mess. After I received the notification for Let'sencrypt revoking certs, I tried to use certbot to revoke and then renew my certs and things got all jumbled. Been dealing with notifications from my various apps about connection issues for three days. Can't wait to try this out when I get home tonight! Thanks again for the tip.

Sent from my ONEPLUS A6013 using Tapatalk
 

Yeah, don't run manual commands in the container unless we tell you to. Things are sure to break

Link to comment

Hi,

 

Hopefully someone can help me. I've got letsencrypt setup and working with various subdomains point at docker containers i.e. sonarr.mydomain.com but I want to do something a little different for some things that I only want to be accessible when I'm on my internal network i.e. internal.mydomain.com/nzbget or internal.mydomain.com/motioneyeos etc. 

 

I'm not sure how I should setup the proxy confs to point at the right location. I'm thinking something like this...

    

location internal.mydomain.com/nzbget {
    # enable the next two lines for http auth
    #auth_basic "Restricted";
    #auth_basic_user_file /config/nginx/.htpasswd;

    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
    #auth_request /auth;
    #error_page 401 =200 /login;

    include /config/nginx/proxy.conf;
    resolver 127.0.0.11 valid=30s;
    set $upstream_app nzbget;
    set $upstream_port 6789;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

}

 

 

Link to comment
3 hours ago, jdndm said:

Hi,

 

Hopefully someone can help me. I've got letsencrypt setup and working with various subdomains point at docker containers i.e. sonarr.mydomain.com but I want to do something a little different for some things that I only want to be accessible when I'm on my internal network i.e. internal.mydomain.com/nzbget or internal.mydomain.com/motioneyeos etc. 

 

I'm not sure how I should setup the proxy confs to point at the right location. I'm thinking something like this...

    

location internal.mydomain.com/nzbget {
    # enable the next two lines for http auth
    #auth_basic "Restricted";
    #auth_basic_user_file /config/nginx/.htpasswd;

    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
    #auth_request /auth;
    #error_page 401 =200 /login;

    include /config/nginx/proxy.conf;
    resolver 127.0.0.11 valid=30s;
    set $upstream_app nzbget;
    set $upstream_port 6789;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

}

 

 

Use allow/deny statements to block outside access and only allow internal access

 

Location does not refer to the domain. Server name directive is for the domain name

Link to comment
On 3/4/2020 at 7:55 PM, aptalca said:

If anybody's affected, set the staging var to true, hit save. Then edit again and set it back to false. That action will force a renewal of the cert.

Hi, I'm a noob, how do you do this? I use Letsencrypt with TheLounge docker only.

Thanks.

Link to comment
21 hours ago, aptalca said:

Use allow/deny statements to block outside access and only allow internal access

 

Location does not refer to the domain. Server name directive is for the domain name

Where would I set the server name directive?

Link to comment
8 hours ago, jdndm said:

Where would I set the server name directive?

You'll have to create a new server block for the subdomain. See the default proxy conf for examples. Server name is defined in there. And then, inside that new server block, you'll create a location block for whatever subfolder you want. 

Link to comment

Anyone else having an issue with the renewal of the certs? I am leaving the server switched on during the night and having looked at the "Troubleshooting Letsencrypt Image Port Mapping and Forwarding" guide and I can access my server via a cell phone as described in the troubleshooting guide. I haven't changed my router setting either (Ports 443 and 80 are forwarded since years...). Have no idea where to look next.

 

Edited by EdgarWallace
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.