aptalca Posted July 24, 2020 Share Posted July 24, 2020 9 minutes ago, DeathByDentures said: Is there a way to edit a perf-conf file to direct traffic to an external machine? Basically I had this setup and working with my tautulli and Letsencrypt in dockers on my server. I've moved my tautulli installation to an external machine for better tracking and notifications. However, I'd like to forward the traffic that was going to my old docker via tautulli.mydomain.com to my new one on the network. I've got my ports opened up, I tried some basic changes to the tautulli.subdomain.conf, but no luck. I'm not even certain this is possible. But I figured I'd ask! Thanks! Post your setup details and post what you tried and we'll take a look. If you redact sensitive info, keep the structure, don't redact the whole thing ie. https://redacted.com/blah:444 Quote Link to comment
RaoulMoulebitte Posted July 26, 2020 Share Posted July 26, 2020 Hi guys, I hope you are alright. I had to shut down my reverse proxy because of some unusual activities (this si a docker container following SpaceInvader One tutorial). Just checking the nginx access log I have noticed this : 72.173.251.17 - - [25/Jul/2020:18:13:04 +0100] "POST / HTTP/1.1" 405 559 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; BRI/2)" 72.173.251.17 - - [25/Jul/2020:18:15:06 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 72.173.251.17 - - [25/Jul/2020:18:17:08 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 72.173.251.17 - - [25/Jul/2020:18:19:10 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 72.173.251.17 - - [25/Jul/2020:18:21:13 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 72.173.251.17 - - [25/Jul/2020:18:23:15 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 72.173.251.17 - - [25/Jul/2020:18:25:16 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" 72.173.251.17 - - [25/Jul/2020:18:58:58 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" .... and it carries on for a long time... Would you consider this weird ? The unusual activity I mentioned was my Bitwarden container (Still SpaceInvader) getting constant requests from my local gateway (PfSense VM; I know...). Every second it was knocking on its door but from a different port everytime. From PFSense logs and network tools I could see a lot of activity from 127.0.0.1 trying to reach what I guess is some DNS stuff (Sorry not a pro here), ports 53/853/953. I had to shut down my reverse proxy and block all traffic from my local gateway to the Bitwarden container port. Even when the Internet was shut down it kept trying to reach that container so I changed the container port. I disabled the port forwarding for external access to the container as well. Everything seems "normal" now. Where would you guys look to try and determine what happened ? Sorry if the post is all over the place but it mirrors my state of mind... Don't have much networking experience so I bascally kept opening everything that looked like a log and trying to make sense out of it... So I welcome any tips ! Quote Link to comment
tailgate Posted July 26, 2020 Share Posted July 26, 2020 (edited) I’ve had bitwarded, nextcloud, and Ombi all working perfect with Lets Encrypt for months thanks to Spaceinvaderone’s great videos. For some reason, not sure when, they’re not working outside my next work anymore. I’ve gone through Spaceinvaderone’s videos multiple times and I’m stumped. It seems that I’m not getting my certificates. The only clues that I have is that within the log file of Lets Encrypt I see that it is not performing the HTTP-01 challenges that I see in the videos and I also see that there is a system message that reads "nginx: [alert] detected a LuaJIT version which is not OpenResty's… ". I've attached my log file. Any help would be greatly appreciated. tmp LetsEncrypt log file.txt Edited July 26, 2020 by tailgate Quote Link to comment
KoNeko Posted July 28, 2020 Share Posted July 28, 2020 (edited) I have a problem with fail2ban it does not seems to ban anything that i try. When i got to mydomain.com/doesnotexcist and i keep changing it it does not ban the IP after X amount of tries. Before it didnt even give a error when i go to a url that does not excist. That i got Fixed by commenting this out. # location / { # try_files $uri $uri/ /index.html /index.php?$args=404; # } # # location ~ \.php$ { # fastcgi_split_path_info ^(.+\.php)(/.+)$; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # include /etc/nginx/fastcgi_params; # } Now when i go to a url that does not excist i get a 404 Not Found nginx/1.18.0 error. i also see the line in the error.log. root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='br0' --ip='192.168.1.15' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'TCP_PORT_80'='' -e 'TCP_PORT_443'='443' -e 'EMAIL'='' -e 'URL'='' -e 'SUBDOMAINS'='www,' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='4096' -e 'VALIDATION'='dns' -e 'DNSPLUGIN'='transip' -e 'PUID'='99' -e 'PGID'='100' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/letsencrypt' 3628795c34f972e77adddacacedbfab0df03244672aa54a1563b2daf1b5d55e4 The command finished successfully! When i create the docker i added also the "--cap-add=NET_ADMIN" at Extra Parameters: not sure if it needs to be there or somewhere else. but still it isnt blocking any ip's When i check on unraid terminal and i type the following commands Docker exec -it letsencrypt fail2ban-client status nginx-deny Status for the jail: nginx-deny |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /config/log/nginx/error.log `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list: root@tower:~# docker exec -it letsencrypt fail2ban-client status Status |- Number of jail: 4 `- Jail list: nginx-badbots, nginx-botsearch, nginx-deny, nginx-http-auth it seems to be working, But when i do. docker exec -it letsencrypt /bin/bash Iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT Non of the rules/ports etc are there. Edited July 28, 2020 by KoNeko added some info Quote Link to comment
aptalca Posted July 28, 2020 Share Posted July 28, 2020 12 hours ago, KoNeko said: I have a problem with fail2ban it does not seems to ban anything that i try. When i got to mydomain.com/doesnotexcist and i keep changing it it does not ban the IP after X amount of tries. Before it didnt even give a error when i go to a url that does not excist. That i got Fixed by commenting this out. # location / { # try_files $uri $uri/ /index.html /index.php?$args=404; # } # # location ~ \.php$ { # fastcgi_split_path_info ^(.+\.php)(/.+)$; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # include /etc/nginx/fastcgi_params; # } Now when i go to a url that does not excist i get a 404 Not Found nginx/1.18.0 error. i also see the line in the error.log. root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='br0' --ip='192.168.1.15' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'TCP_PORT_80'='' -e 'TCP_PORT_443'='443' -e 'EMAIL'='' -e 'URL'='' -e 'SUBDOMAINS'='www,' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='4096' -e 'VALIDATION'='dns' -e 'DNSPLUGIN'='transip' -e 'PUID'='99' -e 'PGID'='100' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/letsencrypt' 3628795c34f972e77adddacacedbfab0df03244672aa54a1563b2daf1b5d55e4 The command finished successfully! When i create the docker i added also the "--cap-add=NET_ADMIN" at Extra Parameters: not sure if it needs to be there or somewhere else. but still it isnt blocking any ip's When i check on unraid terminal and i type the following commands Docker exec -it letsencrypt fail2ban-client status nginx-deny Status for the jail: nginx-deny |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /config/log/nginx/error.log `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list: root@tower:~# docker exec -it letsencrypt fail2ban-client status Status |- Number of jail: 4 `- Jail list: nginx-badbots, nginx-botsearch, nginx-deny, nginx-http-auth it seems to be working, But when i do. docker exec -it letsencrypt /bin/bash Iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT Non of the rules/ports etc are there. Easiest way to test is, turn http auth on for some service, enter the password wrong a few times. Boom, banned. Quote Link to comment
Danuel Posted August 3, 2020 Share Posted August 3, 2020 Hi, does anyone have minio.subdomain.conf.sample , if not can anyone please help me with that Quote Link to comment
Wong Posted August 6, 2020 Share Posted August 6, 2020 Guys, I need help on how to configurate the nextcloud.subdomain.conf? I followed the SpaceInvader video but it is still stuck in the Let's Encrypt webpage. Quote Link to comment
ytddewqf Posted August 6, 2020 Share Posted August 6, 2020 (edited) 11 minutes ago, Wong said: Guys, I need help on how to configurate the nextcloud.subdomain.conf? I followed the SpaceInvader video but it is still stuck in the Let's Encrypt webpage. Hi, As long as you are using the Linuxserver Nextcloud docker image, you shouldn't have to make any changes other than removing "sample" from the end of the filename. For reference, here is my config file; Have you added a CNAME to your domain to correctly forward to your hosted Nextcloud instance? Edited August 6, 2020 by LoneTraveler Quote Link to comment
Wong Posted August 6, 2020 Share Posted August 6, 2020 (edited) @LoneTraveler I did not use CNAME. Instead, I used CloudflareDDNS docker by oznu to track my public IP. It generate an A record for me. Here the thing, I port forward to my NextCloud port number and it would work just fine. I have setup all the admin accounts until i realised it did not pass through the Let's Encrypt. What could be the issue that Let's Encrypt is not directing me to NextCloud? Edited August 7, 2020 by Wong Quote Link to comment
Danuel Posted August 6, 2020 Share Posted August 6, 2020 @LoneTraveler I did not use CNAME. Instead, I used CloudflareDDNS docker by oznu to track my public IP. It generate an A record for me. Here the thing, I port forward to my NextCloud port number and it would work just fine. I have setup all the admin accounts until i released it did not pass through the Let's Encrypt. What could be the issue that Let's Encrypt is not directing me to NextCloud? What do you see in letsencrypts logs ? Quote Link to comment
Wong Posted August 6, 2020 Share Posted August 6, 2020 (edited) @Danuel [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] waiting for services. s6-svwait: fatal: supervisor died [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io ------------------------------------- To support the app dev(s) visit: Certbot: https://supporters.eff.org/donate/support-work-on-certbot To support LSIO projects visit: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=************ URL=protech.my SUBDOMAINS=wildcard EXTRA_DOMAINS= ONLY_SUBDOMAINS=false VALIDATION=dns DNSPLUGIN=cloudflare EMAIL=*******@gmail.com STAGING= SUBDOMAINS entered, processing Wildcard cert for protech.my will be requested E-mail address entered: ********@gmail.com dns validation via cloudflare plugin is selected Certificate exists; parameters unchanged; starting nginx Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind, and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key. [cont-init.d] 50-config: exited 0. [cont-init.d] 60-renew: executing... The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [cont-init.d] 60-renew: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) Server ready Edited August 6, 2020 by Wong Quote Link to comment
Wong Posted August 7, 2020 Share Posted August 7, 2020 Can anyone show how you did the configuration for the nextcloud configuration file. I attached nextcloud conf. file for reference if anyone could tell me if I did any mistake. <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => '*********************', 'passwordsalt' => '********************************', 'secret' => '*****************************', 'trusted_domains' => array ( 0 => '192.168.0.16:444', 1 => 'nextcloud.protech.my', ), 'dbtype' => 'mysql', 'version' => '19.0.1.1', 'trusted_proxies' => array ( 0 => 'letsencrypt', ), 'overwrite.cli.url' => 'https://nextcloud.protech.my/', 'overwritehost' => 'nextcloud.protech.my', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => '192.168.0.16:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => '***************', 'installed' => true, 'maintenance' => false, ); Quote Link to comment
Danuel Posted August 7, 2020 Share Posted August 7, 2020 (edited) 2 hours ago, Wong said: Can anyone show how you did the configuration for the nextcloud configuration file. I attached nextcloud conf. file for reference if anyone could tell me if I did any mistake. <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => '*********************', 'passwordsalt' => '********************************', 'secret' => '*****************************', 'trusted_domains' => array ( 0 => '192.168.0.16:444', 1 => 'nextcloud.protech.my', ), 'dbtype' => 'mysql', 'version' => '19.0.1.1', 'trusted_proxies' => array ( 0 => 'letsencrypt', ), 'overwrite.cli.url' => 'https://nextcloud.protech.my/', 'overwritehost' => 'nextcloud.protech.my', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => '192.168.0.16:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => '***************', 'installed' => true, 'maintenance' => false, ); ignore mu post, i just wake up, did not read properly remove / 'overwrite.cli.url' => 'https://nextcloud.protech.my/', should be => 'https://nextcloud.protech.my', Edited August 7, 2020 by Danuel Quote Link to comment
casperse Posted August 7, 2020 Share Posted August 7, 2020 Hi All I have letsencrypt working with different domains and subdomains and it works great. Problem is that I set this up some time ago and forgot some things... So I just wanted to add the youtube-dl-server to a subdomain and I found the template: # Works with this youtube-dl Fork: https://github.com/nbr23/youtube-dl-server location /youtube-dl { return 301 $scheme://$host/youtube-dl/; } location ^~ /youtube-dl/ { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app youtube-dl-server; set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_redirect off; rewrite /youtube-dl(.*) $1 break; proxy_set_header Referer ''; proxy_set_header Host $upstream_app:8080; } But in the other templates I could define the server name "path" and in this I cant specify the "sub.domain.com" If I use the above and the ports are correct (Defaults) mapped 8080 - 8080 then I get the OMBI app that I have on another main domain? I also looked at the Ombi conf. and that works but doesn't have any server name defined either? # In order to use this location block you need to edit the default file one folder up and comment out the / location location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app ombi; set $upstream_port 3579; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; And I just found that my old setup might have some "errors" Domain_1.com and sub.domain_2.com both point to the Ombi webpage? Br Casperse Quote Link to comment
Wong Posted August 7, 2020 Share Posted August 7, 2020 1 hour ago, Danuel said: ignore mu post, i just wake up, did not read properly remove / 'overwrite.cli.url' => 'https://nextcloud.protech.my/', should be => 'https://nextcloud.protech.my', @Danuel Alright. I tried your method but it is still stuck at the Let's Encrypt Web UI. I have try to remove let's encrypt docker and reinstall it. And the outcome still remain the same. I think I can concluded is not the let's encrypt issue. Do you think I should reinstall NextCloud docker? I hope it won't lost all the setting I made in the NextCloud. If so, it doesn't really matter, there is nothing important. Quote Link to comment
casperse Posted August 7, 2020 Share Posted August 7, 2020 2 hours ago, casperse said: EDIT: Create a subdomain template for youtube-dl-server? Ok so I found the example for a subfolder and normally I would use the template for "adguard.subdomain.conf.sample" to create the subdomain for this? But I just cant get it working? The subfolder template: # Works with this youtube-dl Fork: https://github.com/nbr23/youtube-dl-server location /youtube-dl { return 301 $scheme://$host/youtube-dl/; } location ^~ /youtube-dl/ { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app youtube-dl-server; set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_redirect off; rewrite /youtube-dl(.*) $1 break; proxy_set_header Referer ''; proxy_set_header Host $upstream_app:8080; } and my efforts: # make sure that your dns has a cname set for adguard and that your adguard container is named adguard server { listen 443 ssl; listen [::]:443 ssl; server_name youtube.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; # enable for Authelia #include /config/nginx/authelia-server.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /ldaplogin; # enable for Authelia #include /config/nginx/authelia-location.conf; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app youtube-dl-server; set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location /control { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app youtube-dl-server; set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } I know I am missing some small thing? (Log shows that cert. and all domains are okay and they work for my other dockers?) I can see that the default path is: "/youtube-dl" and that the subfolder take that into account Quote Link to comment
casperse Posted August 7, 2020 Share Posted August 7, 2020 Ok I just need to know how to add the /youtube-dl into the proxy-confs for this to work If I write the https://sub1.domain.com/youtube-dl it works but I get a cert. error Tried adding ~ /youtube-dl/ but that didn't work either Quote Link to comment
Shobo Posted August 7, 2020 Share Posted August 7, 2020 I'm not quite sure if this is the appropriate place to post this, but thought it was as good as any to start. I'm trying to get this docker to work alongside a privoxyvpn docker. I'm able to get everything working fine separately. Letsencrypt reverse proxy to a docker works great. Setting the docker's network to the privoxyvpn container works great. However when I put them together I can only get 502 Bad Gateway errors when accessing the reverse proxy (accessing through the local IP still works). Not sure what I'm missing. I've tried googling all over the place and have found posts from users saying they got it working, but they never explain what they did to get it to work. Any obvious steps I may have missed? Quote Link to comment
hotdog218 Posted August 8, 2020 Share Posted August 8, 2020 I'm trying to use letsencrypt with OpenEats, and for the most part everything works okay, but when I enable http auth it breaks everything. Here is how it is supposed to look. Here is how it looks with http auth enabled. In addition to not displaying the pixelated blue blob called test, it won't let me save recipes or users or do anything permanent. Any advice would be appreciated. Attached is my .conf file. openeats.subdomain.conf Quote Link to comment
Energen Posted August 8, 2020 Share Posted August 8, 2020 On 8/7/2020 at 5:33 AM, casperse said: I know I am missing some small thing? (Log shows that cert. and all domains are okay and they work for my other dockers?) I can see that the default path is: "/youtube-dl" and that the subfolder take that into account I've been playing around with this for a while now and only had various levels of success... using what you have now if you change the line to this: proxy_pass $upstream_proto://$upstream_app:$upstream_port/youtube-dl; I can get the page to load, but it doesn't load all the graphics, and I don't know if it would actually work either. I'm not sure if the problem is that the youtube-dl-server container runs on http and letsencrypt makes everything https. In one configuration I was trying my nginx error log had a certificate handshake failed because youtube-dl-server had no ssl. But however ngixproxymanager works apparently some other guys got a subdomain to work properly Quote Link to comment
Energen Posted August 8, 2020 Share Posted August 8, 2020 (edited) 10 hours ago, hotdog218 said: I'm trying to use letsencrypt with OpenEats, and for the most part everything works okay, but when I enable http auth it breaks everything. Here is how it is supposed to look. Here is how it looks with http auth enabled. In addition to not displaying the pixelated blue blob called test, it won't let me save recipes or users or do anything permanent. Any advice would be appreciated. Attached is my .conf file. openeats.subdomain.conf 915 B · 1 download How did you configure your .htaccess file? That's likely where your problem is. You have to allow it to load resources from subfolders (such as css, graphics, etc). Edited August 8, 2020 by Energen Quote Link to comment
casperse Posted August 8, 2020 Share Posted August 8, 2020 4 minutes ago, Energen said: I've been playing around with this for a while now and only had various levels of success... using what you have now if you change the line to this: proxy_pass $upstream_proto://$upstream_app:$upstream_port/youtube-dl; I can get the page to load, but it doesn't load all the graphics, and I don't know if it would actually work either. I'm not sure if the problem is that the youtube-dl-server container runs on http and letsencrypt makes everything https. In one configuration I was trying my nginx error log had a certificate handshake failed because youtube-dl-server had no ssl. But however ngixproxymanager works apparently some other guys got a subdomain to work properly Thanks @Energen much appreciated have been trying so many things... (http is not a problem have other dockers with subdomain and they work fine!) Using this and with your added line (didn't make any difference): I still have to write the : https://youtube.domain.com/youtube-dl and then it works but get a cert. error My conf file is now like this: # make sure that your dns has a cname set for youtube-dl-server and that your youtube-dl-server container is named youtube-dl-server server { listen 443 ssl; listen [::]:443 ssl; server_name youtube.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app youtube-dl-server; set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; } location ~ (/youtube-dl/)?/socket { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app youtube-dl-server; set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port/youtube-dl; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } } The link you shared is to use another docker? Quote Link to comment
Energen Posted August 8, 2020 Share Posted August 8, 2020 1 hour ago, casperse said: I still have to write the : https://youtube.domain.com/youtube-dl and then it works but get a cert. error The link you shared is to use another docker? You do have youtube as a subdomain in the letsencrypt docker right? That might be the cause of the cert error. And yes, the link is for another docker. I've never used it but it seems to make nginx proxy confs easier. Quote Link to comment
hotdog218 Posted August 8, 2020 Share Posted August 8, 2020 4 hours ago, Energen said: How did you configure your .htaccess file? That's likely where your problem is. You have to allow it to load resources from subfolders (such as css, graphics, etc). I configured it based on the support post, and based on my other conf files that were premade by linuxserver that work. Do you have any examples on how I would allow resource loading from subfolders? Quote Link to comment
casperse Posted August 8, 2020 Share Posted August 8, 2020 3 hours ago, Energen said: You do have youtube as a subdomain in the letsencrypt docker right? That might be the cause of the cert error. And yes, the link is for another docker. I've never used it but it seems to make nginx proxy confs easier. Yes youtube. is the subdomain :-) I get the feeling this is simple if I know how to substitute the path to https://youtube.domain/youtube-dl Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.