Energen Posted August 8, 2020 Share Posted August 8, 2020 1 hour ago, hotdog218 said: I configured it based on the support post, and based on my other conf files that were premade by linuxserver that work. Do you have any examples on how I would allow resource loading from subfolders? Unfortunately I don't. Not very familiar with htaccess.. only ever used it once for a basic website. Way, way long ago. You may be able figure something else by anyone else that had the same problem. I googled ".htaccess load resources" and came up with the resource problem. You may find some stuff here that's useful, all about the htaccess file... especially the SSI includes section.. that might be relevant. https://www.whoishostingthis.com/resources/htaccess/ And not sure if this is useful at all, https://www.htaccessredirect.net/ Quote Link to comment
aptalca Posted August 9, 2020 Share Posted August 9, 2020 8 hours ago, Energen said: Unfortunately I don't. Not very familiar with htaccess.. only ever used it once for a basic website. Way, way long ago. You may be able figure something else by anyone else that had the same problem. I googled ".htaccess load resources" and came up with the resource problem. You may find some stuff here that's useful, all about the htaccess file... especially the SSI includes section.. that might be relevant. https://www.whoishostingthis.com/resources/htaccess/ And not sure if this is useful at all, https://www.htaccessredirect.net/ .htaccess is an apache thing. What you need to look into is .htpasswd Quote Link to comment
Virtual Posted August 10, 2020 Share Posted August 10, 2020 It works but i get this in the log, whats wrong ? Quote Link to comment
Stubbs Posted August 10, 2020 Share Posted August 10, 2020 If I wanted to start a new domain alongside my current one, would I have to make another Letsencrypt container? Or is there another way? Quote Link to comment
aptalca Posted August 10, 2020 Share Posted August 10, 2020 3 hours ago, Virtual said: It works but i get this in the log, whats wrong ? That's harmless Quote Link to comment
aptalca Posted August 10, 2020 Share Posted August 10, 2020 3 hours ago, Stubbs said: If I wanted to start a new domain alongside my current one, would I have to make another Letsencrypt container? Or is there another way? There is an extra domains variable. No need for another instance Quote Link to comment
Stubbs Posted August 10, 2020 Share Posted August 10, 2020 (edited) 9 hours ago, aptalca said: There is an extra domains variable. No need for another instance [edit] I assume it's as simple as adding a new variable with the key EXTRA_PARAMETERS? How does it work with subdomains? Does it share the same subdomains parameter above? How does the docker container tell which subdomains belong to the first URL, and which ones belong to the extra parameter URL? Also are there any extra steps needed with cloudflare DNS? Edited August 10, 2020 by Stubbs Quote Link to comment
aptalca Posted August 11, 2020 Share Posted August 11, 2020 9 hours ago, Stubbs said: [edit] I assume it's as simple as adding a new variable with the key EXTRA_PARAMETERS? How does it work with subdomains? Does it share the same subdomains parameter above? How does the docker container tell which subdomains belong to the first URL, and which ones belong to the extra parameter URL? Also are there any extra steps needed with cloudflare DNS? The readme explains it in detail. It has nothing to do with subdomains. You need to define full urls (fqdn) in that variable Quote Link to comment
alicecantsleep Posted August 11, 2020 Share Posted August 11, 2020 (edited) Hiya! I'm having an issue with a subdomain.conf file for my docker 'speedtest'. Since there was no template I copied one of the more basic ones and modified it to try and get it to work. Unfortunately that endeavor has failed and here I am. speedtest.subdomain.conf - https://codeshare.io/aJXrME The speedtest docker is the new Openspeedtest docker. Setup with standard config: On custom docker network for letsencrypt. WebUI available at :3001. That's why I put 3001 in the subdomain.conf as I had seen other dockers set similarly in their subdomain.conf files. Thanks for any and all help! EDIT: I was able to resolve my issue with the following speedtest.subdomain.conf file: server { listen 443 ssl; listen [::]:443 ssl; server_name speedtest.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app speedtest; set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } Edited August 11, 2020 by DeathByDentures Issue Resolved Quote Link to comment
Michael Hacker Posted August 11, 2020 Share Posted August 11, 2020 I am using the letsencrypt container to run an ssl reverse proxy that is only accessible from within the VPN. For example, everything is setup as {service-name}.mydomain.net which resolves to a local IP. Everything (HAAS, unifi controller, most of Unraid Web GUI) seems to be working except for the main syslog in the Unraid Web GUI (it just won't load). The docker container logs load fine. My sites file is below. Does anyone have experience with getting this last bit to work through a reverse proxy? Any help is appreciated. server { listen 443 ssl; listen [::]:443 ssl; server_name tower.mydomain.net; # all ssl related config moved to ssl.conf #include /config/nginx/ssl.conf; location / { #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header Host $host; #proxy_pass https://localip:port/; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_pass https://localIP:port; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Ssl on; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } } Quote Link to comment
Michael Hacker Posted August 11, 2020 Share Posted August 11, 2020 6 hours ago, Michael Hacker said: I am using the letsencrypt container to run an ssl reverse proxy that is only accessible from within the VPN. For example, everything is setup as {service-name}.mydomain.net which resolves to a local IP. Everything (HAAS, unifi controller, most of Unraid Web GUI) seems to be working except for the main syslog in the Unraid Web GUI (it just won't load). The docker container logs load fine. My sites file is below. Does anyone have experience with getting this last bit to work through a reverse proxy? Any help is appreciated. Issue resolved at this post. Add to nginx config for the unraid proxy server. proxy_buffering off; Quote Link to comment
KoNeko Posted August 12, 2020 Share Posted August 12, 2020 (edited) i have setup the letsencrypt docker (soon to be a other name i was reading) with the fail2ban i got bitwarden running. i added some filters etc. but when open a terminal session on the letsencrypt docker and type iptables -L i get this error iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. and seeing there isnt a Sudo. in the fail2ban log 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- exec: iptables -w -N f2b-bitwarden iptables -w -A f2b-bitwarden -j RETURN iptables -w -I INPUT -p tcp -j f2b-bitwarden 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)" 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.' 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)" 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.' 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)" 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.' 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- returned 3 2020-08-12 21:14:50,009 fail2ban.actions [388]: ERROR Failed to execute ban jail 'bitwarden' action 'iptables-allports' info 'ActionInfo({'ip': 'ip.ip.ip.ip', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x147d392323a0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x147d39232a60>})': Error starting action Jail('bitwarden')/iptables-allports: 'Script error' Edited August 12, 2020 by KoNeko added fail2ban log Quote Link to comment
aptalca Posted August 13, 2020 Share Posted August 13, 2020 7 hours ago, KoNeko said: i have setup the letsencrypt docker (soon to be a other name i was reading) with the fail2ban i got bitwarden running. i added some filters etc. but when open a terminal session on the letsencrypt docker and type iptables -L i get this error iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. and seeing there isnt a Sudo. in the fail2ban log 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- exec: iptables -w -N f2b-bitwarden iptables -w -A f2b-bitwarden -j RETURN iptables -w -I INPUT -p tcp -j f2b-bitwarden 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)" 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.' 2020-08-12 21:14:50,008 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)" 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.' 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: "iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)" 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- stderr: 'Perhaps iptables or your kernel needs to be upgraded.' 2020-08-12 21:14:50,009 fail2ban.utils [388]: ERROR 147d3985c450 -- returned 3 2020-08-12 21:14:50,009 fail2ban.actions [388]: ERROR Failed to execute ban jail 'bitwarden' action 'iptables-allports' info 'ActionInfo({'ip': 'ip.ip.ip.ip', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x147d392323a0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x147d39232a60>})': Error starting action Jail('bitwarden')/iptables-allports: 'Script error' Post your docker run Quote Link to comment
KoNeko Posted August 13, 2020 Share Posted August 13, 2020 (edited) 15 hours ago, aptalca said: Post your docker run /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='br0' --ip='192.168.1.15' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'TCP_PORT_80'='' -e 'TCP_PORT_443'='443' -e 'EMAIL'='@gmail.com' -e 'URL'='.nl' -e 'SUBDOMAINS'='www,bitwarden' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='4096' -e 'VALIDATION'='dns' -e 'DNSPLUGIN'='transip' -e 'cap-add'='NET_ADMIN' -e 'PUID'='99' -e 'PGID'='100' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' -v '/mnt/user/appdata/bitwarden/log/':'/log':'rw' 'linuxserver/letsencrypt' 697237b82c1fa9c198a7507d22255f87c991adebc68c08ab615127cfa14e83a2 The command finished successfully! also when i run iptables -S iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. or Iptables -L the passwd files says abc:x:99:100::/config:/bin/false nginx:x:100:100:nginx:/var/lib/nginx:/sbin/nologin for those 2 ids Edited August 13, 2020 by KoNeko added Quote Link to comment
KoNeko Posted August 13, 2020 Share Posted August 13, 2020 (edited) 2 hours ago, KoNeko said: /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='letsencrypt' --net='br0' --ip='192.168.1.15' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'TCP_PORT_80'='' -e 'TCP_PORT_443'='443' -e 'EMAIL'='@gmail.com' -e 'URL'='.nl' -e 'SUBDOMAINS'='www,bitwarden' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='4096' -e 'VALIDATION'='dns' -e 'DNSPLUGIN'='transip' -e 'cap-add'='NET_ADMIN' -e 'PUID'='99' -e 'PGID'='100' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' -v '/mnt/user/appdata/bitwarden/log/':'/log':'rw' 'linuxserver/letsencrypt' 697237b82c1fa9c198a7507d22255f87c991adebc68c08ab615127cfa14e83a2 The command finished successfully! also when i run iptables -S iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. or Iptables -L the passwd files says abc:x:99:100::/config:/bin/false nginx:x:100:100:nginx:/var/lib/nginx:/sbin/nologin for those 2 ids I turned on Privileged and it works for the website and bitwarden. bitwarden only on the login part it still shows the site. Edited August 13, 2020 by KoNeko corrected the text Quote Link to comment
aptalca Posted August 14, 2020 Share Posted August 14, 2020 6 hours ago, KoNeko said: I turned on Privileged and it works for the website and bitwarden. bitwarden only on the login part it still shows the site. That's because cap-add is not an environment variable so you did not set that correctly. You need to pass it in extra parameters Quote Link to comment
xxbigfootxx Posted August 14, 2020 Share Posted August 14, 2020 I'm having an issue with my subdomains that i've configured. All are accessible outside my network with no issues at all, but i can't seem to connect internally. I know there must be some setting that i've done incorrectly, but i can't figure it out. Anyone know what might be causing it? let me know what logs to provide if needed. Quote Link to comment
JonathanM Posted August 14, 2020 Share Posted August 14, 2020 18 minutes ago, xxbigfootxx said: I'm having an issue with my subdomains that i've configured. All are accessible outside my network with no issues at all, but i can't seem to connect internally. I know there must be some setting that i've done incorrectly, but i can't figure it out. Anyone know what might be causing it? let me know what logs to provide if needed. It's not your configuration, it's your router. Google your router model, along with the search terms nat loopback hairpinning reflection Quote Link to comment
xxbigfootxx Posted August 14, 2020 Share Posted August 14, 2020 8 minutes ago, jonathanm said: It's not your configuration, it's your router. Google your router model, along with the search terms nat loopback hairpinning reflection If it's not supported does that mean that i'll have to stick with the local adresses instead of using the subdomain? Quote Link to comment
KoNeko Posted August 14, 2020 Share Posted August 14, 2020 3 hours ago, aptalca said: That's because cap-add is not an environment variable so you did not set that correctly. You need to pass it in extra parameters How do i use it with unraid gui?. With compose i can follow the examples to add it. Quote Link to comment
saarg Posted August 14, 2020 Share Posted August 14, 2020 1 hour ago, KoNeko said: How do i use it with unraid gui?. With compose i can follow the examples to add it. You add it in the extra parameters field. Turn on advanced view in the top right corner to see it. Quote Link to comment
aptalca Posted August 14, 2020 Share Posted August 14, 2020 11 hours ago, xxbigfootxx said: If it's not supported does that mean that i'll have to stick with the local adresses instead of using the subdomain? Then you can do split dns, where your local dns server will tell clients to connect to the local ip when they request the domain. Quote Link to comment
StudiesTheBlade Posted August 14, 2020 Share Posted August 14, 2020 Are there any special settings I need to set to get nested subdomains working? I've got no issues with certificates for my root and first-level subdomains, but the second-level nested aren't getting added to the cert. I'm using cloudflare and dns verification Example A records: A example.com <ip> <-- OK A *.example.com <ip> <-- OK A *.subdomain.example.com <ip> <-- Cert invalid when navigating to site Quote Link to comment
aptalca Posted August 14, 2020 Share Posted August 14, 2020 8 hours ago, StudiesTheBlade said: Are there any special settings I need to set to get nested subdomains working? I've got no issues with certificates for my root and first-level subdomains, but the second-level nested aren't getting added to the cert. I'm using cloudflare and dns verification Example A records: A example.com <ip> <-- OK A *.example.com <ip> <-- OK A *.subdomain.example.com <ip> <-- Cert invalid when navigating to site Set EXTRA_DOMAINS to *.subdomain.example.com 1 Quote Link to comment
StudiesTheBlade Posted August 15, 2020 Share Posted August 15, 2020 1 hour ago, aptalca said: Set EXTRA_DOMAINS to *.subdomain.example.com That worked! It seems obvious now. I should have checked that. Thanks! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.