CiaoCiao Posted May 10, 2020 Share Posted May 10, 2020 It's me again! So now everything is working fine with the reverse proxy. Yet there is one more thing I would like it to do. I have an Ubuntu VM I would like the reverse proxy to forward the traffic when people access a certain subdomain. I have allocated the Ubuntu VM a static local IP and I would like to redirect anyone accessing the specific subdomain to this VM's local IP on a certain port. I'm pretty sure this is possible but I have not found how. Quote Link to comment
Fredrick Posted May 12, 2020 Share Posted May 12, 2020 Hey, I've got this docker setup and running with Organizr as the frontend, it has been working great! Now I'm developing a .php page that I want to try while coding it. Is there an easy solution to use this docker to serve the .php without messing with the rest of my setup? For now I'd like to just have it served locally Quote Link to comment
bombz Posted May 12, 2020 Share Posted May 12, 2020 (edited) I am having the same concern: Error getting validation data I have read a few pages of the thread, and cannot seem to gather why this is happening. Ping urls with no issue port forwarding is enabled. firewall to access ports accordingly. Error Waiting for verification... Challenge failed for domain http-01 challenge for Error getting validation data Has there been any fix to allow this container to work? Would the default config help, I installed this docker fresh, opened my FW wide open to make sure nothing was blocking and not having any success. Edited May 13, 2020 by bombz Quote Link to comment
Marshalleq Posted May 13, 2020 Share Posted May 13, 2020 On 5/10/2020 at 11:55 AM, aptalca said: I believe there is sendmail in there I was more thinking along these lines: https://www.nginx.com/resources/wiki/start/topics/examples/imapproxyexample/ Apparently nginx needs to be compiled with special support for the mail directive. Quote Link to comment
saarg Posted May 13, 2020 Share Posted May 13, 2020 7 hours ago, bombz said: I am having the same concern: Error getting validation data I have read a few pages of the thread, and cannot seem to gather why this is happening. Ping urls with no issue port forwarding is enabled. firewall to access ports accordingly. Error Waiting for verification... Challenge failed for domain http-01 challenge for Error getting validation data Has there been any fix to allow this container to work? Would the default config help, I installed this docker fresh, opened my FW wide open to make sure nothing was blocking and not having any success. You can start with this. https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Quote Link to comment
bombz Posted May 13, 2020 Share Posted May 13, 2020 (edited) 5 hours ago, saarg said: You can start with this. https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/ Thank you, Yes I saw this a few posts back, went over it. Everything seems to be good on that front. I also followed 'Spaceinvader' video tutorial as well Edited May 13, 2020 by bombz Quote Link to comment
aptalca Posted May 13, 2020 Share Posted May 13, 2020 54 minutes ago, bombz said: Thank you, Yes I saw this a few posts back, went over it. Everything seems to be good on that front. I also followed 'Spaceinvader' video tutorial as well Follow those steps exactly Quote Link to comment
aptalca Posted May 13, 2020 Share Posted May 13, 2020 8 hours ago, Marshalleq said: I was more thinking along these lines: https://www.nginx.com/resources/wiki/start/topics/examples/imapproxyexample/ Apparently nginx needs to be compiled with special support for the mail directive. That's imap proxy, completely different. But in any case, nginx is already compiled with mail in our image Quote Link to comment
gRuNdLeKrEiSt Posted May 13, 2020 Share Posted May 13, 2020 How would I got about using the letsencrypt docker to generate a CSR. I have an SSL Cert available through my DNS provider and I would like to use it. I've been looking on Google and in this topic and have not found any answers. Quote Link to comment
aptalca Posted May 13, 2020 Share Posted May 13, 2020 5 hours ago, gRuNdLeKrEiSt said: How would I got about using the letsencrypt docker to generate a CSR. I have an SSL Cert available through my DNS provider and I would like to use it. I've been looking on Google and in this topic and have not found any answers. Quote Link to comment
gRuNdLeKrEiSt Posted May 13, 2020 Share Posted May 13, 2020 1 hour ago, aptalca said: Why not? Quote Link to comment
bombz Posted May 13, 2020 Share Posted May 13, 2020 (edited) 10 hours ago, aptalca said: Follow those steps exactly Yes I followed them. I have also completely removed the docker and the files in appdata to start a fresh install. Have the ports and fw rules set, can ping the domain successfully, I can hit the domain service on the direct port with a port forward rule directly to the service. I have rebooted modem and gateway etc. can't seem to get the docker app to talk Still have: http-01 challenge for domainnamehere Cleaning up challenges Some challenges have failed Domain: domiannamehere Type: connection Detail: Fetching http://domainnamehere/.well-known/acme-challenge/long string of data (I do not see this folder anywhere under the letsencrypt folder via SSH) Error getting validation data I have added the default config from letsencrypt/nginx/site-confs/ not sure if this will help there are also no logs being created on /var/logs/letsencrypt - as stated in the error window Edited May 13, 2020 by bombz Quote Link to comment
aptalca Posted May 14, 2020 Share Posted May 14, 2020 2 hours ago, bombz said: Yes I followed them. I have also completely removed the docker and the files in appdata to start a fresh install. Have the ports and fw rules set, can ping the domain successfully, I can hit the domain service on the direct port with a port forward rule directly to the service. I have rebooted modem and gateway etc. can't seem to get the docker app to talk Still have: http-01 challenge for domainnamehere Cleaning up challenges Some challenges have failed Domain: domiannamehere Type: connection Detail: Fetching http://domainnamehere/.well-known/acme-challenge/long string of data (I do not see this folder anywhere under the letsencrypt folder via SSH) Error getting validation data I have added the default config from letsencrypt/nginx/site-confs/ not sure if this will help there are also no logs being created on /var/logs/letsencrypt - as stated in the error window Did you set up nginx with the same port mappings as letsencrypt and can see the welcome page when you connect to your domain on http port 80 via cell phone with wifi disabled? Quote Link to comment
bombz Posted May 14, 2020 Share Posted May 14, 2020 (edited) 34 minutes ago, aptalca said: Did you set up nginx with the same port mappings as letsencrypt and can see the welcome page when you connect to your domain on http port 80 via cell phone with wifi disabled? I have setup port forwarding for 80 and 443 -> custom port for letsencrypt letsencrypt is using using a different network 'proxy' Perhaps I am confused and not understanding as I am learning this. Following the video guide nginx was not referenced. reading the troubleshooting guide I was reading about nginx and thought letsencrypt handled what nginx did or does. nginx container needs to run alongside letsencrypt? I will feel terrible if that's the case this is new to me. Also I have been fiddling with letsencrypt restarts too many times that I am now at a standstill as I have received from letencrypt "too many failed authorizations recently" as far as I know I am required to wait up to 1 week before I can try again 😞 binhex nginx is installed 80 > 8080 443 > 8443 Cannot hit nginx from outside the network Edited May 14, 2020 by bombz Quote Link to comment
halorrr Posted May 14, 2020 Share Posted May 14, 2020 Hey team! Wondering if anyone might have an advice on how to fix my proxy config for the stash app. I followed some of the other conf files as examples when creating it: # make sure that your dns has a cname set for stash server { listen 443 ssl; listen [::]:443 ssl; server_name stash.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app stash; set $upstream_port 9999; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } It works for the most part with a very small exception, when I access the app through the reverse proxy I get these errors in the logs: Wondering if anyone might have advice on how I can alter my conf file to support the calls being blocked there. Thanks! Quote Link to comment
Marshalleq Posted May 14, 2020 Share Posted May 14, 2020 (edited) 12 hours ago, aptalca said: That's imap proxy, completely different. But in any case, nginx is already compiled with mail in our image Thanks - yeah in my original it says Imap - but recognise easy to overlook, you have a huge job responding to all these requests! Many thanks for the info, will check it out! Marshalleq Edited May 14, 2020 by Marshalleq 1 Quote Link to comment
Ccheese4 Posted May 14, 2020 Share Posted May 14, 2020 (edited) I'm following the SpaceInvaderOne video on setting up a Reverse Proxy with LetsEncrypt and I've run into a permissions issue. At around 20:00 in the video, he's editing the configuration files in the appdata/letsencrypt/nginx/proxy-confs folder. He saves the file directly into the proxy-confs folder, but I'm unable to do that. I get "Destination Folder Access Denied. You need permission to perform this action." whenever I try to save a file, or rename a file in that folder. I'm accessing it through Windows Explorer. I do have read/write access to the nginx folder right above this one. I can't figure out how to get permissions to this folder. Has anyone had this issue setting this up? How do I get permissions to this folder? Edited May 14, 2020 by Ccheese4 Quote Link to comment
aptalca Posted May 14, 2020 Share Posted May 14, 2020 2 hours ago, bombz said: I have setup port forwarding for 80 and 443 -> custom port for letsencrypt letsencrypt is using using a different network 'proxy' Perhaps I am confused and not understanding as I am learning this. Following the video guide nginx was not referenced. reading the troubleshooting guide I was reading about nginx and thought letsencrypt handled what nginx did or does. nginx container needs to run alongside letsencrypt? I will feel terrible if that's the case this is new to me. Also I have been fiddling with letsencrypt restarts too many times that I am now at a standstill as I have received from letencrypt "too many failed authorizations recently" as far as I know I am required to wait up to 1 week before I can try again 😞 binhex nginx is installed 80 > 8080 443 > 8443 Cannot hit nginx from outside the network Smh. You see the linuxserver version and the binhex version side by side in your screenshot and you still select the binhex version. Why? Not that there is anything wrong with that version, but I'm asking you to follow the simple steps outlined in the troubleshooting article. We put a lot of time into it and it gets frustrating when users still don't follow them even when we spell them out step by step. The whole point of the troubleshooting article is so you can make sure that your ports are properly mapped and forwarded and that the container is accessible from the internet. Only then, you should try to set up letsencrypt. Otherwise there are too many reasons why it can fail and as you experienced, if it fails a bunch of times, you're throttled. So read the directions carefully. Quote Link to comment
aptalca Posted May 14, 2020 Share Posted May 14, 2020 12 minutes ago, Ccheese4 said: I'm following the SpaceInvaderOne video on setting up a Reverse Proxy with LetsEncrypt and I've run into a permissions issue. At around 20:00 in the video, he's editing the configuration files in the appdata/letsencrypt/nginx/proxy-confs folder. He saves the file directly into the proxy-confs folder, but I'm unable to do that. I get "Destination Folder Access Denied. You need permission to perform this action." whenever I try to save a file, or rename a file in that folder. I'm accessing it through Windows Explorer. I do have read/write access to the nginx folder right above this one. I can't figure out how to get permissions to this folder. Has anyone had this issue setting this up? How do I get permissions to this folder? I recommend unraid console for those operations. Simple "cp sourcefilename targetfilename" will do what you want. And use "nano filename" to edit files Quote Link to comment
aptalca Posted May 14, 2020 Share Posted May 14, 2020 (edited) 1 hour ago, Marshalleq said: Thanks - yeah in my original it says Imap - but recognise easy to overlook, you have a huge job responding to all these requests! Many thanks for the info, will check it out! Marshalleq Oh yeah I did overlook on mobile 😄 I thought you were trying to send emails from within the container. That's exactly what you want for proxy. The nginx.conf I believe has a very basic sample in there which you can enable and modify: https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/nginx.conf#L85 Edited May 14, 2020 by aptalca Quote Link to comment
Marshalleq Posted May 14, 2020 Share Posted May 14, 2020 All good and thanks so much! I'm so tired of cloud mail. Finally realised how to get around the lack of PTR on home ISP's. Amazing what happens when you sit down and actually work stuff out! Marshalleq Quote Link to comment
bombz Posted May 14, 2020 Share Posted May 14, 2020 2 hours ago, aptalca said: Smh. You see the linuxserver version and the binhex version side by side in your screenshot and you still select the binhex version. Why? Not that there is anything wrong with that version, but I'm asking you to follow the simple steps outlined in the troubleshooting article. We put a lot of time into it and it gets frustrating when users still don't follow them even when we spell them out step by step. The whole point of the troubleshooting article is so you can make sure that your ports are properly mapped and forwarded and that the container is accessible from the internet. Only then, you should try to set up letsencrypt. Otherwise there are too many reasons why it can fail and as you experienced, if it fails a bunch of times, you're throttled. So read the directions carefully. Thank you for your assistance. I attempted linuxserver version (2015) first and it prompted a server error when I attempted to start it the binhex did not. I can understand the frustration, I knew as soon as I responded the 'smh' was understandable. Copy that on the troubleshooting steps and outlook. Its been a long few days on this. Long story short I made some successful progress tonight, but good things came of it. Continue some more tomorrow. Quote Link to comment
Ccheese4 Posted May 14, 2020 Share Posted May 14, 2020 9 hours ago, aptalca said: I recommend unraid console for those operations. Simple "cp sourcefilename targetfilename" will do what you want. And use "nano filename" to edit files worked like a charm. Thanks! Quote Link to comment
KJThaDon Posted May 16, 2020 Share Posted May 16, 2020 (edited) Anyone know where I can change the default error file locations? I've tried adding something like this to one of my .conf Nevermind. I fixed it below. Didn't have correct volume mapping path. error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html; location = /error.html { ssi on; internal; auth_basic off; root /config/www; } Edited May 16, 2020 by KJThaDon Quote Link to comment
izarkhin Posted May 16, 2020 Share Posted May 16, 2020 (edited) HI guys, My certificate fails to renew. I have a free DuckDNS account that worked just fine before. I verified that the account is valid and has the correct IP address. What could be the problem? The config and the log files are attached. Thanks! [removed].duckdns.org.conf letsencrypt.log Edited May 16, 2020 by izarkhin Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.