[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

9 minutes ago, DeathByDentures said:

Is there a way to edit a perf-conf file to direct traffic to an external machine?

Basically I had this setup and working with my tautulli and Letsencrypt in dockers on my server. I've moved my tautulli installation to an external machine for better tracking and notifications. However, I'd like to forward the traffic that was going to my old docker via tautulli.mydomain.com to my new one on the network. I've got my ports opened up, I tried some basic changes to the tautulli.subdomain.conf, but no luck.

I'm not even certain this is possible. But I figured I'd ask! Thanks!

Post your setup details and post what you tried and we'll take a look. If you redact sensitive info, keep the structure, don't redact the whole thing ie. https://redacted.com/blah:444

Link to comment

Hi guys, I hope you are alright.

 

I had to shut down my reverse proxy because of some unusual activities (this si a docker container following SpaceInvader One tutorial).

 

Just checking the nginx access log I have noticed this :

 

72.173.251.17 - - [25/Jul/2020:18:13:04 +0100] "POST / HTTP/1.1" 405 559 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; BRI/2)"
72.173.251.17 - - [25/Jul/2020:18:15:06 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
72.173.251.17 - - [25/Jul/2020:18:17:08 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
72.173.251.17 - - [25/Jul/2020:18:19:10 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
72.173.251.17 - - [25/Jul/2020:18:21:13 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
72.173.251.17 - - [25/Jul/2020:18:23:15 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
72.173.251.17 - - [25/Jul/2020:18:25:16 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
72.173.251.17 - - [25/Jul/2020:18:58:58 +0100] "POST / HTTP/1.1" 405 157 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"

....

and it carries on for a long time...

 

Would you consider this weird ?

 

The unusual activity I mentioned was my Bitwarden container (Still SpaceInvader) getting constant requests from my local gateway (PfSense VM; I know...). Every second it was knocking on its door but from a different port everytime.

From PFSense logs and network tools I could see a lot of activity from 127.0.0.1 trying to reach what I guess is some DNS stuff (Sorry not a pro here), ports 53/853/953.

I had to shut down my reverse proxy and block all traffic from my local gateway to the Bitwarden container port. Even when the Internet was shut down it kept trying to reach that container so I changed the container port. I disabled the port forwarding for external access to the container as well.

Everything seems "normal" now.

 

Where would you guys look to try and determine what happened ?

 

Sorry if the post is all over the place but it mirrors my state of mind... Don't have much networking experience so I bascally kept opening everything that looked like a log and trying to make sense out of it... So I welcome any tips !

 

 

Link to comment

I’ve had bitwarded, nextcloud, and Ombi all working perfect with Lets Encrypt for months thanks to Spaceinvaderone’s great videos.  For some reason, not sure when, they’re not working outside my next work anymore.  I’ve gone through Spaceinvaderone’s videos multiple times and I’m stumped.

 

It seems that I’m not getting my certificates.  The only clues that I have is that within the log file of Lets Encrypt I see that it is not performing the HTTP-01 challenges that I see in the videos and I also see that there is a system message that reads "nginx: [alert] detected a LuaJIT version which is not OpenResty's… ".

 

I've attached my log file.

 

Any help would be greatly appreciated.

tmp LetsEncrypt log file.txt

Edited by tailgate
Link to comment

I have a problem with fail2ban it does not seems to ban anything that i try.

When i got to mydomain.com/doesnotexcist and i keep changing it it does not ban the IP after X amount of tries.

 

Before it didnt even give a error when i go to a url that does not excist.

That i got Fixed by commenting this out.

#	location / {
#		try_files $uri $uri/ /index.html /index.php?$args=404;
#	}
#
#	location ~ \.php$ {
#		fastcgi_split_path_info ^(.+\.php)(/.+)$;
#		fastcgi_pass 127.0.0.1:9000;
#		fastcgi_index index.php;
#		include /etc/nginx/fastcgi_params;
#	}

Now when i go to a url that does not excist i get a

404 Not Found

nginx/1.18.0

error.

 

i also see the line in the error.log.

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='br0' --ip='192.168.1.15' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'TCP_PORT_80'='' -e 'TCP_PORT_443'='443' -e 'EMAIL'='' -e 'URL'='' -e 'SUBDOMAINS'='www,' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='4096' -e 'VALIDATION'='dns' -e 'DNSPLUGIN'='transip' -e 'PUID'='99' -e 'PGID'='100' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/letsencrypt'

3628795c34f972e77adddacacedbfab0df03244672aa54a1563b2daf1b5d55e4

The command finished successfully!

When i create the docker i added also the  "--cap-add=NET_ADMIN" at Extra Parameters:

not sure if it needs to be there or somewhere else.

 

but still it isnt blocking any ip's

 

When i check on unraid terminal and i type the following commands

Docker exec -it letsencrypt fail2ban-client status nginx-deny
Status for the jail: nginx-deny
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- File list:        /config/log/nginx/error.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:
root@tower:~# docker exec -it letsencrypt fail2ban-client status
Status
|- Number of jail:      4
`- Jail list:   nginx-badbots, nginx-botsearch, nginx-deny, nginx-http-auth

it seems to be working, But when i do.

docker exec -it letsencrypt /bin/bash
Iptables -S

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

Non of the rules/ports etc are there.

Edited by KoNeko
added some info
Link to comment
12 hours ago, KoNeko said:

I have a problem with fail2ban it does not seems to ban anything that i try.

When i got to mydomain.com/doesnotexcist and i keep changing it it does not ban the IP after X amount of tries.

 

Before it didnt even give a error when i go to a url that does not excist.

That i got Fixed by commenting this out.


#	location / {
#		try_files $uri $uri/ /index.html /index.php?$args=404;
#	}
#
#	location ~ \.php$ {
#		fastcgi_split_path_info ^(.+\.php)(/.+)$;
#		fastcgi_pass 127.0.0.1:9000;
#		fastcgi_index index.php;
#		include /etc/nginx/fastcgi_params;
#	}

Now when i go to a url that does not excist i get a

404 Not Found

nginx/1.18.0

error.

 

i also see the line in the error.log.

 


root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='br0' --ip='192.168.1.15' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'TCP_PORT_80'='' -e 'TCP_PORT_443'='443' -e 'EMAIL'='' -e 'URL'='' -e 'SUBDOMAINS'='www,' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='4096' -e 'VALIDATION'='dns' -e 'DNSPLUGIN'='transip' -e 'PUID'='99' -e 'PGID'='100' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/letsencrypt'

3628795c34f972e77adddacacedbfab0df03244672aa54a1563b2daf1b5d55e4

The command finished successfully!

When i create the docker i added also the  "--cap-add=NET_ADMIN" at Extra Parameters:

not sure if it needs to be there or somewhere else.

 

but still it isnt blocking any ip's

 

When i check on unraid terminal and i type the following commands


Docker exec -it letsencrypt fail2ban-client status nginx-deny
Status for the jail: nginx-deny
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- File list:        /config/log/nginx/error.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:
root@tower:~# docker exec -it letsencrypt fail2ban-client status
Status
|- Number of jail:      4
`- Jail list:   nginx-badbots, nginx-botsearch, nginx-deny, nginx-http-auth

it seems to be working, But when i do.


docker exec -it letsencrypt /bin/bash
Iptables -S

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

Non of the rules/ports etc are there.

Easiest way to test is, turn http auth on for some service, enter the password wrong a few times. Boom, banned.

Link to comment
11 minutes ago, Wong said:

Guys, I need help on how to configurate the nextcloud.subdomain.conf? I followed the SpaceInvader video but it is still stuck in the Let's Encrypt webpage.

Hi, 

 

As long as you are using the Linuxserver Nextcloud docker image, you shouldn't have to make any changes other than removing "sample" from the end of the filename. 

 

For reference, here is my config file;

 

20200806_213728.jpg

 

Have you added a CNAME to your domain to correctly forward to your hosted Nextcloud instance? 

Edited by LoneTraveler
Link to comment

@LoneTraveler I did not use CNAME. Instead, I used CloudflareDDNS docker by oznu to track my public IP. It generate an A record for me. Here the thing, I port forward to my NextCloud port number and it would work just fine. I have setup all the admin accounts until i realised it did not pass through the Let's Encrypt. What could be the issue that Let's Encrypt is not directing me to NextCloud? 

Edited by Wong
Link to comment
@LoneTraveler I did not use CNAME. Instead, I used CloudflareDDNS docker by oznu to track my public IP. It generate an A record for me. Here the thing, I port forward to my NextCloud port number and it would work just fine. I have setup all the admin accounts until i released it did not pass through the Let's Encrypt. What could be the issue that Let's Encrypt is not directing me to NextCloud? 

What do you see in letsencrypts logs ?
Link to comment

@Danuel

 

[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
s6-svwait: fatal: supervisor died
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...
usermod: no changes

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=************
URL=protech.my
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
VALIDATION=dns
DNSPLUGIN=cloudflare
EMAIL=*******@gmail.com
STAGING=

SUBDOMAINS entered, processing
Wildcard cert for protech.my will be requested
E-mail address entered: ********@gmail.com
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; starting nginx
Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,
and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key.
[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-renew: executing...
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[cont-init.d] 60-renew: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
Server ready

Edited by Wong
Link to comment

Can anyone show how you did the configuration for the nextcloud configuration file. 

 

I attached nextcloud conf. file for reference if anyone could tell me if I did any mistake.

 

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => '*********************',
  'passwordsalt' => '********************************',
  'secret' => '*****************************',
  'trusted_domains' => 
  array (
    0 => '192.168.0.16:444',
    1 => 'nextcloud.protech.my',
  ),
  'dbtype' => 'mysql',
  'version' => '19.0.1.1',
  'trusted_proxies' => 
  array (
    0 => 'letsencrypt',
  ),
  'overwrite.cli.url' => 'https://nextcloud.protech.my/',
  'overwritehost' => 'nextcloud.protech.my',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.0.16:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => '***************',
  'installed' => true,
  'maintenance' => false,
);

Link to comment
2 hours ago, Wong said:

Can anyone show how you did the configuration for the nextcloud configuration file. 

 

I attached nextcloud conf. file for reference if anyone could tell me if I did any mistake.

 

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => '*********************',
  'passwordsalt' => '********************************',
  'secret' => '*****************************',
  'trusted_domains' => 
  array (
    0 => '192.168.0.16:444',
    1 => 'nextcloud.protech.my',
  ),
  'dbtype' => 'mysql',
  'version' => '19.0.1.1',
  'trusted_proxies' => 
  array (
    0 => 'letsencrypt',
  ),
  'overwrite.cli.url' => 'https://nextcloud.protech.my/',
  'overwritehost' => 'nextcloud.protech.my',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.0.16:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => '***************',
  'installed' => true,
  'maintenance' => false,
);

ignore mu post, i just wake up, did not read properly :D

remove /

'overwrite.cli.url' => 'https://nextcloud.protech.my/',

 

should be => 'https://nextcloud.protech.my',

 

Edited by Danuel
Link to comment

Hi All

 

I have letsencrypt working with different domains and subdomains and it works great.

Problem is that I set this up some time ago and forgot some things...

 

So I just wanted to add the youtube-dl-server to a subdomain and I found the template:

 

# Works with this youtube-dl Fork: https://github.com/nbr23/youtube-dl-server

location /youtube-dl {
    return 301 $scheme://$host/youtube-dl/;
}

location ^~ /youtube-dl/ {
    # enable the next two lines for http auth
    #auth_basic "Restricted";
    #auth_basic_user_file /config/nginx/.htpasswd;

    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
    #auth_request /auth;
    #error_page 401 =200 /login;
    
    include /config/nginx/proxy.conf;
    resolver 127.0.0.11 valid=30s;
    set $upstream_app  youtube-dl-server;
    set $upstream_port 8080;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    proxy_redirect  off;
    
    rewrite /youtube-dl(.*) $1 break;
    
    proxy_set_header Referer '';
    proxy_set_header Host $upstream_app:8080;
}

 

But in the other templates I could define the server name "path" and in this I cant specify the "sub.domain.com"

If I use the above and the ports are correct (Defaults) mapped 8080 - 8080 then I get the OMBI app that I have on another main domain?

 

I also looked at the Ombi conf. and that works but doesn't have any server name defined either?

# In order to use this location block you need to edit the default file one folder up and comment out the / location

location / {
    # enable the next two lines for http auth
    #auth_basic "Restricted";
    #auth_basic_user_file /config/nginx/.htpasswd;

    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
    #auth_request /auth;
    #error_page 401 =200 /login;

    include /config/nginx/proxy.conf;
    
    resolver 127.0.0.11 valid=30s;
    set $upstream_app ombi;
    set $upstream_port 3579;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

And I just found that my old setup might have some "errors"

Domain_1.com and sub.domain_2.com both point to the Ombi webpage?

 

Br

Casperse

 

Link to comment
1 hour ago, Danuel said:

ignore mu post, i just wake up, did not read properly :D

remove /

'overwrite.cli.url' => 'https://nextcloud.protech.my/',

 

should be => 'https://nextcloud.protech.my',

@Danuel Alright. I tried your method but it is still stuck at the Let's Encrypt Web UI. I have try to remove let's encrypt docker and reinstall it. And the outcome still remain the same. I think I can concluded is not the let's encrypt issue. Do you think I should reinstall NextCloud docker? I hope it won't lost all the setting I made in the NextCloud. If so, it doesn't really matter, there is nothing important.

Link to comment
2 hours ago, casperse said:

EDIT: Create a subdomain template for youtube-dl-server?

 

Ok so I found the example for a subfolder and normally I would use the template for "adguard.subdomain.conf.sample" to create the subdomain for this?

 

But I just cant get it working?

The subfolder template:

# Works with this youtube-dl Fork: https://github.com/nbr23/youtube-dl-server

location /youtube-dl {
    return 301 $scheme://$host/youtube-dl/;
}

location ^~ /youtube-dl/ {
    # enable the next two lines for http auth
    #auth_basic "Restricted";
    #auth_basic_user_file /config/nginx/.htpasswd;

    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
    #auth_request /auth;
    #error_page 401 =200 /login;
	
    include /config/nginx/proxy.conf;
    resolver 127.0.0.11 valid=30s;
    set $upstream_app  youtube-dl-server;
    set $upstream_port 8080;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    proxy_redirect  off;
	
    rewrite /youtube-dl(.*) $1 break;
	
    proxy_set_header Referer '';
    proxy_set_header Host $upstream_app:8080;
}

and my efforts:

# make sure that your dns has a cname set for adguard and that your adguard container is named adguard

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name youtube.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app youtube-dl-server;
        set $upstream_port 8080;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location /control {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app youtube-dl-server;
        set $upstream_port 8080;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
        
    }
}

I know I am missing some small thing? (Log shows that cert. and all domains are okay and they work for my other dockers?)

I can see that the default path is: "/youtube-dl" and that the subfolder take that into account

Link to comment

I'm not quite sure if this is the appropriate place to post this, but thought it was as good as any to start.

I'm trying to get this docker to work alongside a privoxyvpn docker.

 

I'm able to get everything working fine separately.

Letsencrypt reverse proxy to a docker works great.

Setting the docker's network to the privoxyvpn container works great.

However when I put them together I can only get 502 Bad Gateway errors when accessing the reverse proxy (accessing through the local IP still works).

 

Not sure what I'm missing.

I've tried googling all over the place and have found posts from users saying they got it working, but they never explain what they did to get it to work.

 

Any obvious steps I may have missed?

Link to comment

I'm trying to use letsencrypt with OpenEats, and for the most part everything works okay, but when I enable http auth it breaks everything. Here is how it is supposed to look. Here is how it looks with http auth enabled. In addition to not displaying the pixelated blue blob called test, it won't let me save recipes or users or do anything permanent. 

 

Any advice would be appreciated. Attached is my .conf file.

openeats.subdomain.conf

Link to comment
On 8/7/2020 at 5:33 AM, casperse said:

I know I am missing some small thing? (Log shows that cert. and all domains are okay and they work for my other dockers?)

I can see that the default path is: "/youtube-dl" and that the subfolder take that into account

I've been playing around with this for a while now and only had various levels of success...   using what you have now if you change the line to this:

 

proxy_pass $upstream_proto://$upstream_app:$upstream_port/youtube-dl;

 

I can get the page to load, but it doesn't load all the graphics, and I don't know if it would actually work either.

 

I'm not sure if the problem is that the youtube-dl-server container runs on http and letsencrypt makes everything https.  In one configuration I was trying my nginx error log had a certificate handshake failed because youtube-dl-server had no ssl.

 

But however ngixproxymanager works apparently some other guys got a subdomain to work properly

 

Link to comment
10 hours ago, hotdog218 said:

I'm trying to use letsencrypt with OpenEats, and for the most part everything works okay, but when I enable http auth it breaks everything. Here is how it is supposed to look. Here is how it looks with http auth enabled. In addition to not displaying the pixelated blue blob called test, it won't let me save recipes or users or do anything permanent. 

 

Any advice would be appreciated. Attached is my .conf file.

openeats.subdomain.conf 915 B · 1 download

How did you configure your .htaccess file?

 

That's likely where your problem is.  You have to allow it to load resources from subfolders (such as css, graphics, etc).

Edited by Energen
Link to comment
4 minutes ago, Energen said:

I've been playing around with this for a while now and only had various levels of success...   using what you have now if you change the line to this:

 

proxy_pass $upstream_proto://$upstream_app:$upstream_port/youtube-dl;

 

I can get the page to load, but it doesn't load all the graphics, and I don't know if it would actually work either.

 

I'm not sure if the problem is that the youtube-dl-server container runs on http and letsencrypt makes everything https.  In one configuration I was trying my nginx error log had a certificate handshake failed because youtube-dl-server had no ssl.

 

But however ngixproxymanager works apparently some other guys got a subdomain to work properly

 

Thanks @Energen much appreciated have been trying so many things... (http is not a problem have other dockers with subdomain and they work fine!)

Using this and with your added line (didn't make any difference):

I still have to write the https://youtube.domain.com/youtube-dl and then it works but get a cert. error

My conf file is now like this:

# make sure that your dns has a cname set for youtube-dl-server and that your youtube-dl-server container is named youtube-dl-server

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name youtube.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app youtube-dl-server;
        set $upstream_port 8080;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
    }

    location ~ (/youtube-dl/)?/socket {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app youtube-dl-server;
        set $upstream_port 8080;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port/youtube-dl;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
   }
}

The link you shared is to use another docker?

 

 

Link to comment
1 hour ago, casperse said:

I still have to write the https://youtube.domain.com/youtube-dl and then it works but get a cert. error

 

The link you shared is to use another docker?

You do have youtube as a subdomain in the letsencrypt docker right?  That might be the cause of the cert error.

 

And yes, the link is for another docker.  I've never used it but it seems to make nginx proxy confs easier.

Link to comment
4 hours ago, Energen said:

How did you configure your .htaccess file?

 

That's likely where your problem is.  You have to allow it to load resources from subfolders (such as css, graphics, etc).

I configured it based on the support post, and based on my other conf files that were premade by linuxserver that work.

 

Do you have any examples on how I would allow resource loading from subfolders?

Link to comment
3 hours ago, Energen said:

You do have youtube as a subdomain in the letsencrypt docker right?  That might be the cause of the cert error.

 

And yes, the link is for another docker.  I've never used it but it seems to make nginx proxy confs easier.

Yes youtube. is the subdomain :-)

I get the feeling this is simple if I know how to substitute the path to https://youtube.domain/youtube-dl 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.