anongum Posted April 1, 2020 Share Posted April 1, 2020 17 minutes ago, aptalca said: A few things wrong here. Using uppercase letters in container name will prevent nginx from properly resolving it. You'll get a 502 If you're trying to access https://url:32400, you're not going through reverse proxy as letsencrypt is accessed at port 443, not 32400. You are giving direct access to Plex via that port. Start over and follow our guides: https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/ And for troubleshooting: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Ok, didn't about the uppercase thing, thanks. Regarding url:port, I tried that before setting up letsencrypt, it worked before, it doesn't now. I'm going to read thoroughly the guide and try again from scratch - to completely delete any previous installation deleting appdata container folders and the docker image is sufficient, or is there more I need to delete to start clean? Obviously I delete everything in the shares dedicated to some containers, like nextcloud or Plex. Quote Link to comment
anongum Posted April 2, 2020 Share Posted April 2, 2020 16 hours ago, aptalca said: A few things wrong here. Using uppercase letters in container name will prevent nginx from properly resolving it. You'll get a 502 If you're trying to access https://url:32400, you're not going through reverse proxy as letsencrypt is accessed at port 443, not 32400. You are giving direct access to Plex via that port. Start over and follow our guides: https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/ And for troubleshooting: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Ok, i reinstalled everything and looks like letsencrypt works fine now, I get the "website currently being setup under this address" that confirms me that the reverseproxy is working (I guess), and managed to make it work for nextcloud. Now I'm trying to install plex. The plex conf file says: # if plex is running in bridge mode and the container is named "plex", the below config should work as is # if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;" # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of plex # in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443") server { listen 443 ssl; listen [::]:443 ssl; server_name plex.*; include /config/nginx/ssl.conf; client_max_body_size 0; proxy_redirect off; proxy_buffering off; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app plex; set $upstream_port 32400; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; proxy_set_header X-Plex-Device $http_x_plex_device; proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; proxy_set_header X-Plex-Platform $http_x_plex_platform; proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; proxy_set_header X-Plex-Product $http_x_plex_product; proxy_set_header X-Plex-Token $http_x_plex_token; proxy_set_header X-Plex-Version $http_x_plex_version; proxy_set_header X-Plex-Nocache $http_x_plex_nocache; proxy_set_header X-Plex-Provides $http_x_plex_provides; proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; proxy_set_header X-Plex-Model $http_x_plex_model; } } Now, considering that I'm installing PlexMediaServer form the plexinc/pms-docker repo, what should be my move? Do I simply name the container "plex" when adding it from the community apps plugin, and then just edit the server_name <plexsubdomain>.*? Or is better to try the second option, leaving the network to host? In that case the <HOSTIP> is the regular localurl:32400 of the webgui, or is some other ip? Quote Link to comment
aptalca Posted April 2, 2020 Share Posted April 2, 2020 1 hour ago, anongum said: Ok, i reinstalled everything and looks like letsencrypt works fine now, I get the "website currently being setup under this address" that confirms me that the reverseproxy is working (I guess), and managed to make it work for nextcloud. Now I'm trying to install plex. The plex conf file says: # if plex is running in bridge mode and the container is named "plex", the below config should work as is # if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;" # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of plex # in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443") server { listen 443 ssl; listen [::]:443 ssl; server_name plex.*; include /config/nginx/ssl.conf; client_max_body_size 0; proxy_redirect off; proxy_buffering off; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app plex; set $upstream_port 32400; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; proxy_set_header X-Plex-Device $http_x_plex_device; proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; proxy_set_header X-Plex-Platform $http_x_plex_platform; proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; proxy_set_header X-Plex-Product $http_x_plex_product; proxy_set_header X-Plex-Token $http_x_plex_token; proxy_set_header X-Plex-Version $http_x_plex_version; proxy_set_header X-Plex-Nocache $http_x_plex_nocache; proxy_set_header X-Plex-Provides $http_x_plex_provides; proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; proxy_set_header X-Plex-Model $http_x_plex_model; } } Now, considering that I'm installing PlexMediaServer form the plexinc/pms-docker repo, what should be my move? Do I simply name the container "plex" when adding it from the community apps plugin, and then just edit the server_name <plexsubdomain>.*? Or is better to try the second option, leaving the network to host? In that case the <HOSTIP> is the regular localurl:32400 of the webgui, or is some other ip? You don't have to change the server name. That sets your subdomain. Leave it as plex.* Change the container name to plex so you don't have to modify the proxy conf. Follow the rest of the steps outlined at the top of the proxy conf Quote Link to comment
puncho Posted April 3, 2020 Share Posted April 3, 2020 Doesn't seem like my certs are renewing for some reason...thanks in advance for any insight. User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=America/Los_Angeles URL=mydomain.duckdns.org SUBDOMAINS=nextcloud,home,heimdall EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d nextcloud.mydomain.duckdns.org -d home.mydomain.duckdns.org -d heimdall.mydomain.duckdns.org E-mail address entered: [email protected] http validation is selected Certificate exists; parameters unchanged; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] 60-renew: executing... The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes. <-------------------------------------------------> <-------------------------------------------------> cronjob running on Thu Apr 2 22:27:57 PDT 2020 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/mydomain.duckdns.org.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 63, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/usr/lib/python3.8/site-packages/certbot/_internal/storage.py", line 445, in __init__ raise errors.CertStorageError( certbot.errors.CertStorageError: renewal config file {} is missing a required file reference Renewal configuration file /etc/letsencrypt/renewal/mydomain.duckdns.org.conf is broken. Skipping. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - No renewals were attempted. No hooks were run. Additionally, the following renewal configurations were invalid: /etc/letsencrypt/renewal/mydomain.duckdns.org.conf (parsefail) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 0 renew failure(s), 1 parse failure(s) [cont-init.d] 60-renew: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') Server ready Quote Link to comment
aptalca Posted April 4, 2020 Share Posted April 4, 2020 13 hours ago, puncho said: Doesn't seem like my certs are renewing for some reason...thanks in advance for any insight. User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=America/Los_Angeles URL=mydomain.duckdns.org SUBDOMAINS=nextcloud,home,heimdall EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d nextcloud.mydomain.duckdns.org -d home.mydomain.duckdns.org -d heimdall.mydomain.duckdns.org E-mail address entered: [email protected] http validation is selected Certificate exists; parameters unchanged; starting nginx [cont-init.d] 50-config: exited 0. [cont-init.d] 60-renew: executing... The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes. <-------------------------------------------------> <-------------------------------------------------> cronjob running on Thu Apr 2 22:27:57 PDT 2020 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/mydomain.duckdns.org.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 63, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/usr/lib/python3.8/site-packages/certbot/_internal/storage.py", line 445, in __init__ raise errors.CertStorageError( certbot.errors.CertStorageError: renewal config file {} is missing a required file reference Renewal configuration file /etc/letsencrypt/renewal/mydomain.duckdns.org.conf is broken. Skipping. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - No renewals were attempted. No hooks were run. Additionally, the following renewal configurations were invalid: /etc/letsencrypt/renewal/mydomain.duckdns.org.conf (parsefail) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 0 renew failure(s), 1 parse failure(s) [cont-init.d] 60-renew: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: no field package.preload['resty.core'] no file './resty/core.lua' no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core.lua' no file '/usr/local/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/5.1/resty/core.lua' no file '/usr/share/lua/5.1/resty/core/init.lua' no file '/usr/share/lua/common/resty/core.lua' no file '/usr/share/lua/common/resty/core/init.lua' no file './resty/core.so' no file '/usr/local/lib/lua/5.1/resty/core.so' no file '/usr/lib/lua/5.1/resty/core.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file './resty.so' no file '/usr/local/lib/lua/5.1/resty.so' no file '/usr/lib/lua/5.1/resty.so' no file '/usr/local/lib/lua/5.1/loadall.so') Server ready Your renewal conf file is broken for some reason. Perhaps a bad backup/restore. Change the parameters and recreate to force a renewal Quote Link to comment
BomB191 Posted April 4, 2020 Share Posted April 4, 2020 Ive been banging my head on this all day. I have my domains DNS linked up with cloudflare and cloudflare pointing to duckdns pointing to me. Lets encrypt got its cert all fine and happy as. I'm currently only trying to get ombi and nextcloud sorted out and have followed space invaders videos on lets encrypt and dns certs What else do you guys need to help? it should just work but i only get 522 errors I feel ipv6 might be screwing things up but i have ipv4 and 6 forwarded. I'm at a complete loss Quote Link to comment
aptalca Posted April 4, 2020 Share Posted April 4, 2020 10 hours ago, BomB191 said: Ive been banging my head on this all day. I have my domains DNS linked up with cloudflare and cloudflare pointing to duckdns pointing to me. Lets encrypt got its cert all fine and happy as. I'm currently only trying to get ombi and nextcloud sorted out and have followed space invaders videos on lets encrypt and dns certs What else do you guys need to help? it should just work but i only get 522 errors I feel ipv6 might be screwing things up but i have ipv4 and 6 forwarded. I'm at a complete loss Did you Google error 522? It tells you exactly what the problem is. Cloudflare can't reach your server. Check your port forwarding https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ 1 Quote Link to comment
BomB191 Posted April 4, 2020 Share Posted April 4, 2020 5 hours ago, aptalca said: Did you Google error 522? It tells you exactly what the problem is. Cloudflare can't reach your server. Check your port forwarding https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ OMFG! ok so i shouldn't do stuff on 3 hours sleep. I was under the impression I could use port 180 and 1443 externally But couldn't figure out how it was mapped. forwarding port 80 and 443 works. I am an idiot. Thanks for the assistance Makes me wonder though can one change the external port used to not be 80 or 443? or is that something embedded withing the protocol? Quote Link to comment
aptalca Posted April 5, 2020 Share Posted April 5, 2020 5 hours ago, BomB191 said: OMFG! ok so i shouldn't do stuff on 3 hours sleep. I was under the impression I could use port 180 and 1443 externally But couldn't figure out how it was mapped. forwarding port 80 and 443 works. I am an idiot. Thanks for the assistance Makes me wonder though can one change the external port used to not be 80 or 443? or is that something embedded withing the protocol? Https default is 443. If you use a different port, you'll have to define it to browse it like https://domain.com:1443 Quote Link to comment
BomB191 Posted April 5, 2020 Share Posted April 5, 2020 8 minutes ago, aptalca said: Https default is 443. If you use a different port, you'll have to define it to browse it like https://domain.com:1443 Ah OK so basically the same I had before. good to know, thank you. Quote Link to comment
drsparks68 Posted April 7, 2020 Share Posted April 7, 2020 Hello all, I am trying to configure f2b for permanent bans. I have started the container with "--cap-add=NET_ADMIN" and have set the bantime to "-1" for each jail (as noted under "Jail Options" at https://www.fail2ban.org/wiki/index.php/MANUAL_0_8). I am able to see IP's being detected: 2020-03-30 22:04:20,572 fail2ban.filter [392]: INFO [nginx-botsearch] Found 148.72.207.250 - 2020-03-30 22:04:20 2020-03-31 06:46:10,028 fail2ban.filter [386]: INFO [nginx-botsearch] Found 34.76.172.157 - 2020-03-31 06:46:09 2020-03-31 09:29:25,455 fail2ban.filter [386]: INFO [nginx-botsearch] Found 128.199.254.23 - 2020-03-31 09:29:25 2020-03-31 11:38:48,885 fail2ban.filter [386]: INFO [nginx-botsearch] Found 103.5.150.16 - 2020-03-31 11:38:48 But I'm not seeing those in the persistent DB (fail2ban.sqlite3): Curious if I'm missing something that is preventing this from working. Thanks in advance, D Quote Link to comment
casperse Posted April 8, 2020 Share Posted April 8, 2020 (edited) Ok I got it all working with my own subdomain and a A record pointing to my new fixed IP :-) But, can I change the subdomain to the main domain? (I have enabled it in the docker to false, and I can see that it pulls the certificate) But all the conf.samples are for a subdomain where and how can I setup the main domain? Strange I can only find support for reverse proxy using subdomains? (But my old Synology could do both subdomains and main domain?) Edited April 8, 2020 by casperse Quote Link to comment
aptalca Posted April 9, 2020 Share Posted April 9, 2020 6 hours ago, casperse said: Ok I got it all working with my own subdomain and a A record pointing to my new fixed IP 🙂 But, can I change the subdomain to the main domain? (I have enabled it in the docker to false, and I can see that it pulls the certificate) But all the conf.samples are for a subdomain where and how can I setup the main domain? Strange I can only find support for reverse proxy using subdomains? (But my old Synology could do both subdomains and main domain?) Check out the heimdall subfolder conf sample and you'll see how Quote Link to comment
njdowdy Posted April 9, 2020 Share Posted April 9, 2020 Hey aptalca, Thanks for your help with setting up pgadmin4. My users now want to access postgres via subdomain directly, rather than through pgadmin4. I think I might have the ports messed up again, because my attempt at setting it up failed. I can access via local network on port 5432, but the subdomain functionality doesn't work yet. Here's my custom postgres.subdomain.conf (which I want to give access to my postgres docker using postgres.mydomain.com): server { listen 443 ssl; listen [::]:443 ssl; server_name postgres.*; include /config/nginx/ssl.conf; proxy_redirect off; proxy_buffering off; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_postgres myPostgresDocker; proxy_pass http://$upstream_postgres:5432; } } My error before was using the incorrect port, but I thought postgres used port 5432. I believe I have the docker ports set up correctly as: 172.18.0.8:5432/TCP <-> mylocalhost:5432 Thanks so much in advance! Quote Link to comment
casperse Posted April 9, 2020 Share Posted April 9, 2020 9 hours ago, aptalca said: Check out the heimdall subfolder conf sample and you'll see how Thanks! So this sample for subfolder would allow me to use the main domain? Just updating the app naming to another docker? I wanted to use the main domain on "Ombi" and I can see that there is a template for using it but again it's for a sub.domain (The docker is auth. by Plex service so I would not need the .htpasswd) # In order to use this location block you need to edit the default file one folder up and comment out the / location location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app heimdall; <----- "Replace with alternative Docker name" set $upstream_port 443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } 1000 Thanks I have googled this for hours but didnt find anything...... Quote Link to comment
aptalca Posted April 9, 2020 Share Posted April 9, 2020 3 hours ago, casperse said: Thanks! So this sample for subfolder would allow me to use the main domain? Just updating the app naming to another docker? I wanted to use the main domain on "Ombi" and I can see that there is a template for using it but again it's for a sub.domain (The docker is auth. by Plex service so I would not need the .htpasswd) # In order to use this location block you need to edit the default file one folder up and comment out the / location location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app heimdall; <----- "Replace with alternative Docker name" set $upstream_port 443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } 1000 Thanks I have googled this for hours but didnt find anything...... Correct. Don't forget to follow the directions at the top otherwise nginx won't start due to duplicate location blocks Quote Link to comment
aptalca Posted April 9, 2020 Share Posted April 9, 2020 6 hours ago, njdowdy said: Hey aptalca, Thanks for your help with setting up pgadmin4. My users now want to access postgres via subdomain directly, rather than through pgadmin4. I think I might have the ports messed up again, because my attempt at setting it up failed. I can access via local network on port 5432, but the subdomain functionality doesn't work yet. Here's my custom postgres.subdomain.conf (which I want to give access to my postgres docker using postgres.mydomain.com): server { listen 443 ssl; listen [::]:443 ssl; server_name postgres.*; include /config/nginx/ssl.conf; proxy_redirect off; proxy_buffering off; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_postgres myPostgresDocker; proxy_pass http://$upstream_postgres:5432; } } My error before was using the incorrect port, but I thought postgres used port 5432. I believe I have the docker ports set up correctly as: 172.18.0.8:5432/TCP <-> mylocalhost:5432 Thanks so much in advance! Isn't that a remote access port for postgre? There is no webserver there, is there? The conf you have is only for proxying http (web servers), not regular tcp traffic. For that you'd need to use the stream plugin Quote Link to comment
njdowdy Posted April 9, 2020 Share Posted April 9, 2020 3 hours ago, aptalca said: Isn't that a remote access port for postgre? There is no webserver there, is there? The conf you have is only for proxying http (web servers), not regular tcp traffic. For that you'd need to use the stream plugin Ah, well that would make sense then. I wasn't aware of this. Two questions: 1. How would one determine when a docker does and does not come with a webserver? (in case I run into this again in the future) 2. Would you mind posting or linking some info on setting up the stream plugin/module and/or a .conf for these types of dockers? I did some forum searches, but it wasn't clear to me what the correct steps are. I saw you post on the subject elsewhere but I don't think I have interpreted your instruction correctly. Thanks so much, yet again! Quote Link to comment
casperse Posted April 9, 2020 Share Posted April 9, 2020 4 hours ago, aptalca said: Correct. Don't forget to follow the directions at the top otherwise nginx won't start due to duplicate location blocks Oh didnt see that thanks! Would I still be able to use subdomain for other Dockers? under this top-domain? The current version supports multiple domains like: domain1, domain2 Adding any subdomain to this in the configuration would then create cert. for these subdomain under both domains correct? Is it problematic to also change Nextcloud to its own domain instead of using a subdomain? (Have read many post in this thread about Nextcloud and that Subdomain is the way to get it working, not one about using a main domain) Again thanks for your help! much appreciated Quote Link to comment
STEFAN1987 Posted April 9, 2020 Share Posted April 9, 2020 (edited) Hi can anyone help me figure out how to get pass this error? [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=America/Los_Angeles URL=serverjohn.com SUBDOMAINS=deluge,duplicati,grafana,jacket,lidarr,netdata,nextcloud,ombi,plex,radarr,sonarr,tautulli,unraid,www EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=4096 VALIDATION=http DNSPLUGIN= [email protected] STAGING= DH parameters bit setting changed. Deleting old dhparams file. Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed Generating DH parameters, 4096 bit long safe prime, generator 2 This is going to take a long time .......................................................................................................................+.....................................................................................................................................................................................................................................................+...................................................................................................................................................................................................................................................................................................................................................................................................................................................................+....................+.......+.....................................................................+........................................................................................................................................................................+...........................................................................................................................................................+.............................................................................................................................................................................+........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+..............................................................................................................................................................+.....................................................................................................................................................................................................................+........................................................................................................................................................................................................................................................................................................................................................................................................................+.......................................................................................................................................................................................................................................................................................................+....................+..........................................................................+..................................................................................................................................................................................................................................................+..........................................................................................................................................................................................................................................................................................................................+................................................................+.....................................................................................................................................................................................................................................................................+...........................................................................................................+...................................................................................................+......................................................................................................................................+.........................................................................................................+...................................................................................................................................................................................................................................................................................................................................................................................................................................................+..........................................................................+............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+.......................................+.......................................+.............................................................................................................+.....................................................................................................................................................................................................................................................++*++*++* DH parameters successfully created - 4096 bits SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d deluge.serverjohn.com -d duplicati.serverjohn.com -d grafana.serverjohn.com -d jacket.serverjohn.com -d lidarr.serverjohn.com -d netdata.serverjohn.com -d nextcloud.serverjohn.com -d ombi.serverjohn.com -d plex.serverjohn.com -d radarr.serverjohn.com -d sonarr.serverjohn.com -d tautulli.serverjohn.com -d unraid.serverjohn.com -d www.serverjohn.com E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for deluge.serverjohn.com http-01 challenge for duplicati.serverjohn.com http-01 challenge for grafana.serverjohn.com http-01 challenge for jacket.serverjohn.com http-01 challenge for lidarr.serverjohn.com http-01 challenge for netdata.serverjohn.com http-01 challenge for nextcloud.serverjohn.com http-01 challenge for ombi.serverjohn.com http-01 challenge for plex.serverjohn.com http-01 challenge for radarr.serverjohn.com http-01 challenge for serverjohn.com http-01 challenge for sonarr.serverjohn.com http-01 challenge for tautulli.serverjohn.com http-01 challenge for unraid.serverjohn.com http-01 challenge for www.serverjohn.com Waiting for verification... Challenge failed for domain deluge.serverjohn.com Challenge failed for domain duplicati.serverjohn.com Challenge failed for domain grafana.serverjohn.com Challenge failed for domain jacket.serverjohn.com Challenge failed for domain lidarr.serverjohn.com Challenge failed for domain netdata.serverjohn.com Challenge failed for domain nextcloud.serverjohn.com Challenge failed for domain ombi.serverjohn.com Challenge failed for domain plex.serverjohn.com Challenge failed for domain radarr.serverjohn.com Challenge failed for domain serverjohn.com Challenge failed for domain sonarr.serverjohn.com Challenge failed for domain tautulli.serverjohn.com Challenge failed for domain unraid.serverjohn.com Challenge failed for domain www.serverjohn.com http-01 challenge for deluge.serverjohn.com http-01 challenge for duplicati.serverjohn.com http-01 challenge for grafana.serverjohn.com http-01 challenge for jacket.serverjohn.com http-01 challenge for lidarr.serverjohn.com http-01 challenge for netdata.serverjohn.com http-01 challenge for nextcloud.serverjohn.com http-01 challenge for ombi.serverjohn.com http-01 challenge for plex.serverjohn.com http-01 challenge for radarr.serverjohn.com http-01 challenge for serverjohn.com http-01 challenge for sonarr.serverjohn.com http-01 challenge for tautulli.serverjohn.com http-01 challenge for unraid.serverjohn.com http-01 challenge for www.serverjohn.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: deluge.serverjohn.com Type: unauthorized Detail: Invalid response from http://deluge.serverjohn.com/.well-known/acme-challenge/8E4H5IDuYFjxlRZ7FL86Xdzaf_Vk-3Up0zTw1CyTDS8 [2606:4700:3035::681c:1611]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: duplicati.serverjohn.com Type: unauthorized Detail: Invalid response from http://duplicati.serverjohn.com/.well-known/acme-challenge/lQLmdIzX8m3WM0tx24HXfVKGORWtOlBMVmB93ncP61g [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: grafana.serverjohn.com Type: unauthorized Detail: Invalid response from http://grafana.serverjohn.com/.well-known/acme-challenge/CcXRaYWrjNHyPlleeYmJM1rtVNhg1czIZH6O4bQiXDg [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: jacket.serverjohn.com Type: unauthorized Detail: Invalid response from http://jacket.serverjohn.com/.well-known/acme-challenge/2H2wGqtkdmkSZErQ5SUDJH3OA0K2EJUMYKKC9L45VkA [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: lidarr.serverjohn.com Type: unauthorized Detail: Invalid response from http://lidarr.serverjohn.com/.well-known/acme-challenge/xBL_PgEnSbp9XrFS5mJKP3IEn2eUp96uMaXk8RnkykM [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: netdata.serverjohn.com Type: unauthorized Detail: Invalid response from http://netdata.serverjohn.com/.well-known/acme-challenge/6EOzYpleuHVzQ7LrXNOMn6aN_KrOa_3butIiwsfWDd0 [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: nextcloud.serverjohn.com Type: unauthorized Detail: Invalid response from http://nextcloud.serverjohn.com/.well-known/acme-challenge/ik2SU9PAfQtcfvBqUByD14HQQ4skGLmB_7_MDFuY6-A [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: ombi.serverjohn.com Type: unauthorized Detail: Invalid response from http://ombi.serverjohn.com/.well-known/acme-challenge/rtjrqFCDHlOXNfjmLQo1QlTERbeNTFHkLhqTlREsEA0 [2606:4700:3035::681c:1611]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: plex.serverjohn.com Type: unauthorized Detail: Invalid response from http://plex.serverjohn.com/.well-known/acme-challenge/BID2vNE7WmlcDwO3JwQ0PNhhWjDWrMBUSxXhEUTD9EY [2606:4700:3035::681c:1611]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: radarr.serverjohn.com Type: unauthorized Detail: Invalid response from http://radarr.serverjohn.com/.well-known/acme-challenge/c4iFeq_CYWokLiWtGofA292kDGu5HrgyliJEBOH3V9o [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: serverjohn.com Type: unauthorized Detail: Invalid response from http://serverjohn.com/.well-known/acme-challenge/_J2wAH3GZxcEfrC3GlE7fk1pHxXYLgDOOfNYUYpY7jg [2606:4700:3035::681c:1611]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: sonarr.serverjohn.com Type: unauthorized Detail: Invalid response from http://sonarr.serverjohn.com/.well-known/acme-challenge/v3mVCVA_UJ5avFqcpSVIGRLhzMt_uGyuhRcV2m-srkA [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: tautulli.serverjohn.com Type: unauthorized Detail: Invalid response from http://tautulli.serverjohn.com/.well-known/acme-challenge/A1xvnyKmyR9_x76KwOR3zWOnE6Hhdrvevq5IK0HUMW4 [2606:4700:3035::681c:1611]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: unraid.serverjohn.com Type: unauthorized Detail: Invalid response from http://unraid.serverjohn.com/.well-known/acme-challenge/UrtTqcVJ0QpFaaPTytbLU6OBRyQZ4VUFkbn2Ijlx7Pw [2606:4700:3035::681c:1611]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: www.serverjohn.com Type: unauthorized Detail: Invalid response from http://www.serverjohn.com/.well-known/acme-challenge/VBomGHuZb9CQGQpDMKkYlqChznPbdsnbh4yJ0OT_b2U [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Edited April 9, 2020 by STEFAN1987 added picture Quote Link to comment
drsparks68 Posted April 10, 2020 Share Posted April 10, 2020 On 4/7/2020 at 12:08 PM, drsparks68 said: Hello all, I am trying to configure f2b for permanent bans. I have started the container with "--cap-add=NET_ADMIN" and have set the bantime to "-1" for each jail (as noted under "Jail Options" at https://www.fail2ban.org/wiki/index.php/MANUAL_0_8). I am able to see IP's being detected: 2020-03-30 22:04:20,572 fail2ban.filter [392]: INFO [nginx-botsearch] Found 148.72.207.250 - 2020-03-30 22:04:20 2020-03-31 06:46:10,028 fail2ban.filter [386]: INFO [nginx-botsearch] Found 34.76.172.157 - 2020-03-31 06:46:09 2020-03-31 09:29:25,455 fail2ban.filter [386]: INFO [nginx-botsearch] Found 128.199.254.23 - 2020-03-31 09:29:25 2020-03-31 11:38:48,885 fail2ban.filter [386]: INFO [nginx-botsearch] Found 103.5.150.16 - 2020-03-31 11:38:48 But I'm not seeing those in the persistent DB (fail2ban.sqlite3): Curious if I'm missing something that is preventing this from working. Thanks in advance, D Now it seems that Fail2Ban isn't working at all...or at least none of the default jails flagged this traffic and banned the source IP (and there were over 600 lines of it in the NGINX access.log): Quote Link to comment
aptalca Posted April 10, 2020 Share Posted April 10, 2020 5 hours ago, STEFAN1987 said: Hi can anyone help me figure out how to get pass this error? [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=America/Los_Angeles URL=serverjohn.com SUBDOMAINS=deluge,duplicati,grafana,jacket,lidarr,netdata,nextcloud,ombi,plex,radarr,sonarr,tautulli,unraid,www EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=4096 VALIDATION=http DNSPLUGIN= [email protected] STAGING= DH parameters bit setting changed. Deleting old dhparams file. Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed Generating DH parameters, 4096 bit long safe prime, generator 2 This is going to take a long time .......................................................................................................................+.....................................................................................................................................................................................................................................................+...................................................................................................................................................................................................................................................................................................................................................................................................................................................................+....................+.......+.....................................................................+........................................................................................................................................................................+...........................................................................................................................................................+.............................................................................................................................................................................+........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+..............................................................................................................................................................+.....................................................................................................................................................................................................................+........................................................................................................................................................................................................................................................................................................................................................................................................................+.......................................................................................................................................................................................................................................................................................................+....................+..........................................................................+..................................................................................................................................................................................................................................................+..........................................................................................................................................................................................................................................................................................................................+................................................................+.....................................................................................................................................................................................................................................................................+...........................................................................................................+...................................................................................................+......................................................................................................................................+.........................................................................................................+...................................................................................................................................................................................................................................................................................................................................................................................................................................................+..........................................................................+............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+.......................................+.......................................+.............................................................................................................+.....................................................................................................................................................................................................................................................++*++*++* DH parameters successfully created - 4096 bits SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d deluge.serverjohn.com -d duplicati.serverjohn.com -d grafana.serverjohn.com -d jacket.serverjohn.com -d lidarr.serverjohn.com -d netdata.serverjohn.com -d nextcloud.serverjohn.com -d ombi.serverjohn.com -d plex.serverjohn.com -d radarr.serverjohn.com -d sonarr.serverjohn.com -d tautulli.serverjohn.com -d unraid.serverjohn.com -d www.serverjohn.com E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for deluge.serverjohn.com http-01 challenge for duplicati.serverjohn.com http-01 challenge for grafana.serverjohn.com http-01 challenge for jacket.serverjohn.com http-01 challenge for lidarr.serverjohn.com http-01 challenge for netdata.serverjohn.com http-01 challenge for nextcloud.serverjohn.com http-01 challenge for ombi.serverjohn.com http-01 challenge for plex.serverjohn.com http-01 challenge for radarr.serverjohn.com http-01 challenge for serverjohn.com http-01 challenge for sonarr.serverjohn.com http-01 challenge for tautulli.serverjohn.com http-01 challenge for unraid.serverjohn.com http-01 challenge for www.serverjohn.com Waiting for verification... Challenge failed for domain deluge.serverjohn.com Challenge failed for domain duplicati.serverjohn.com Challenge failed for domain grafana.serverjohn.com Challenge failed for domain jacket.serverjohn.com Challenge failed for domain lidarr.serverjohn.com Challenge failed for domain netdata.serverjohn.com Challenge failed for domain nextcloud.serverjohn.com Challenge failed for domain ombi.serverjohn.com Challenge failed for domain plex.serverjohn.com Challenge failed for domain radarr.serverjohn.com Challenge failed for domain serverjohn.com Challenge failed for domain sonarr.serverjohn.com Challenge failed for domain tautulli.serverjohn.com Challenge failed for domain unraid.serverjohn.com Challenge failed for domain www.serverjohn.com http-01 challenge for deluge.serverjohn.com http-01 challenge for duplicati.serverjohn.com http-01 challenge for grafana.serverjohn.com http-01 challenge for jacket.serverjohn.com http-01 challenge for lidarr.serverjohn.com http-01 challenge for netdata.serverjohn.com http-01 challenge for nextcloud.serverjohn.com http-01 challenge for ombi.serverjohn.com http-01 challenge for plex.serverjohn.com http-01 challenge for radarr.serverjohn.com http-01 challenge for serverjohn.com http-01 challenge for sonarr.serverjohn.com http-01 challenge for tautulli.serverjohn.com http-01 challenge for unraid.serverjohn.com http-01 challenge for www.serverjohn.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: deluge.serverjohn.com Type: unauthorized Detail: Invalid response from http://deluge.serverjohn.com/.well-known/acme-challenge/8E4H5IDuYFjxlRZ7FL86Xdzaf_Vk-3Up0zTw1CyTDS8 [2606:4700:3035::681c:1611]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: duplicati.serverjohn.com Type: unauthorized Detail: Invalid response from http://duplicati.serverjohn.com/.well-known/acme-challenge/lQLmdIzX8m3WM0tx24HXfVKGORWtOlBMVmB93ncP61g [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: grafana.serverjohn.com Type: unauthorized Detail: Invalid response from http://grafana.serverjohn.com/.well-known/acme-challenge/CcXRaYWrjNHyPlleeYmJM1rtVNhg1czIZH6O4bQiXDg [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: jacket.serverjohn.com Type: unauthorized Detail: Invalid response from http://jacket.serverjohn.com/.well-known/acme-challenge/2H2wGqtkdmkSZErQ5SUDJH3OA0K2EJUMYKKC9L45VkA [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: lidarr.serverjohn.com Type: unauthorized Detail: Invalid response from http://lidarr.serverjohn.com/.well-known/acme-challenge/xBL_PgEnSbp9XrFS5mJKP3IEn2eUp96uMaXk8RnkykM [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: netdata.serverjohn.com Type: unauthorized Detail: Invalid response from http://netdata.serverjohn.com/.well-known/acme-challenge/6EOzYpleuHVzQ7LrXNOMn6aN_KrOa_3butIiwsfWDd0 [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: nextcloud.serverjohn.com Type: unauthorized Detail: Invalid response from http://nextcloud.serverjohn.com/.well-known/acme-challenge/ik2SU9PAfQtcfvBqUByD14HQQ4skGLmB_7_MDFuY6-A [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: ombi.serverjohn.com Type: unauthorized Detail: Invalid response from http://ombi.serverjohn.com/.well-known/acme-challenge/rtjrqFCDHlOXNfjmLQo1QlTERbeNTFHkLhqTlREsEA0 [2606:4700:3035::681c:1611]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: plex.serverjohn.com Type: unauthorized Detail: Invalid response from http://plex.serverjohn.com/.well-known/acme-challenge/BID2vNE7WmlcDwO3JwQ0PNhhWjDWrMBUSxXhEUTD9EY [2606:4700:3035::681c:1611]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: radarr.serverjohn.com Type: unauthorized Detail: Invalid response from http://radarr.serverjohn.com/.well-known/acme-challenge/c4iFeq_CYWokLiWtGofA292kDGu5HrgyliJEBOH3V9o [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: serverjohn.com Type: unauthorized Detail: Invalid response from http://serverjohn.com/.well-known/acme-challenge/_J2wAH3GZxcEfrC3GlE7fk1pHxXYLgDOOfNYUYpY7jg [2606:4700:3035::681c:1611]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: sonarr.serverjohn.com Type: unauthorized Detail: Invalid response from http://sonarr.serverjohn.com/.well-known/acme-challenge/v3mVCVA_UJ5avFqcpSVIGRLhzMt_uGyuhRcV2m-srkA [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: tautulli.serverjohn.com Type: unauthorized Detail: Invalid response from http://tautulli.serverjohn.com/.well-known/acme-challenge/A1xvnyKmyR9_x76KwOR3zWOnE6Hhdrvevq5IK0HUMW4 [2606:4700:3035::681c:1611]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: unraid.serverjohn.com Type: unauthorized Detail: Invalid response from http://unraid.serverjohn.com/.well-known/acme-challenge/UrtTqcVJ0QpFaaPTytbLU6OBRyQZ4VUFkbn2Ijlx7Pw [2606:4700:3035::681c:1611]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" Domain: www.serverjohn.com Type: unauthorized Detail: Invalid response from http://www.serverjohn.com/.well-known/acme-challenge/VBomGHuZb9CQGQpDMKkYlqChznPbdsnbh4yJ0OT_b2U [2606:4700:3037::681c:1711]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Port forwarding issue Quote Link to comment
aptalca Posted April 10, 2020 Share Posted April 10, 2020 6 hours ago, casperse said: Oh didnt see that thanks! Would I still be able to use subdomain for other Dockers? under this top-domain? The current version supports multiple domains like: domain1, domain2 Adding any subdomain to this in the configuration would then create cert. for these subdomain under both domains correct? Is it problematic to also change Nextcloud to its own domain instead of using a subdomain? (Have read many post in this thread about Nextcloud and that Subdomain is the way to get it working, not one about using a main domain) Again thanks for your help! much appreciated Sure you can. But you gotta read up and understand nginx configs. Server blocks are for matching and defining domains and subdomains, and location blocks are for uri (subfolder and rest). Quote Link to comment
casperse Posted April 10, 2020 Share Posted April 10, 2020 (edited) 17 hours ago, aptalca said: Sure you can. But you gotta read up and understand nginx configs. Server blocks are for matching and defining domains and subdomains, and location blocks are for uri (subfolder and rest). I have been reading! And thanks to you and this very long thread I am almost there Exercise "Setup Ombi with main domain": 0) Confirm in the log that Letsencrypt gets certificates for everything 1) Change Docker to use custom Proxynet (Networktype) 2) Use template heimdall.subfolder.conf.sample and add your docker name (This case: ombi) rename it "ombi.subfolder.conf" \rootshare\appdata\letsencrypt\nginx\proxy-confs\ombi.subfolder.conf location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app ombi; set $upstream_port 443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } 3) Comment out location / in: appdata\letsencrypt\nginx\site-confs\default # main server block server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; root /config/www; index index.html index.htm index.php; server_name _; <--- Add my domains here? # enable subfolder method reverse proxy confs include /config/nginx/proxy-confs/*.subfolder.conf; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; # enable for ldap auth #include /config/nginx/ldap.conf; client_max_body_size 0; # location / { # try_files $uri $uri/ /index.html /index.php?$args =404; # } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } 4) Port setup on docker its the proxy that forwards the port 443 -> Dockers And it look like it gets the port from the docker itself "proxy_pass $upstream_proto://$upstream_app:$upstream_port;" So not sure if I need to specify the Ombi port:3579 somewhere But where do I specify which main domain"1" should be used for Ombi? This should be in the # main server block in the default file above right? server_name domain1; server_name domain2; 5) I also found this "Add your domain name to the trusted domains array?" (Don't know what that's about) I apologize for not figuring this out myself - I have spent a lot of time on trial & error Most on Google use linux and command lines not these very nice configuration files Edited April 10, 2020 by casperse Quote Link to comment
aptalca Posted April 10, 2020 Share Posted April 10, 2020 1 hour ago, casperse said: I have been reading! And thanks to you and this very long thread I am almost there Exercise "Setup Ombi with main domain": 0) Confirm in the log that Letsencrypt gets certificates for everything 1) Change Docker to use custom Proxynet (Networktype) 2) Use template heimdall.subfolder.conf.sample and add your docker name (This case: ombi) rename it "ombi.subfolder.conf" \rootshare\appdata\letsencrypt\nginx\proxy-confs\ombi.subfolder.conf location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app ombi; set $upstream_port 443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } 3) Comment out location / in: appdata\letsencrypt\nginx\site-confs\default # main server block server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; root /config/www; index index.html index.htm index.php; server_name _; <--- Add my domains here? # enable subfolder method reverse proxy confs include /config/nginx/proxy-confs/*.subfolder.conf; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; # enable for ldap auth #include /config/nginx/ldap.conf; client_max_body_size 0; # location / { # try_files $uri $uri/ /index.html /index.php?$args =404; # } # # location ~ \.php$ { # fastcgi_split_path_info ^(.+\.php)(/.+)$; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # include /etc/nginx/fastcgi_params; # } 4) Port setup on docker its the proxy that forwards the port 443 -> Dockers And it look like it gets the port from the docker itself "proxy_pass $upstream_proto://$upstream_app:$upstream_port;" So not sure if I need to specify the Ombi port:3579 somewhere But where do I specify which main domain"1" should be used for Ombi? This should be in the # main server block in the default file above right? server_name domain1; server_name domain2; 5) I also found this "Add your domain name to the trusted domains array?" (Don't know what that's about) I apologize for not figuring this out myself - I have spent a lot of time on trial & error Most on Google use linux and command lines not these very nice configuration files $upstream_port is defined two lines above Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.