[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

This is solved. Two things happened: one involved not putting the CORRECT docker container on the customer network, and the second involved removing the "directions" in the conf file and removing any authentication methods.

 

Hello, 

 

Yes, I'm late to the party on this and I've kinda hit a wall going from forum to forum so I apologize in advance for re-opening this can of worms...

I am having some configuration trouble with getting radarr or ombi, or any docker on the docker proxy network to show up when I use my domain. I just get "can't reach this page," but when I use the IP:port everything is fine. I'm using duckdns which shouldn't be an issue unless I didn't look at the right thing...And as I far as I understand I should be able to go to myservernameradarr.duckdns.org (where the domain is active) and I should see radarr. Again, if I'm approaching this in the most ass-backwards way possible...then have a laugh at my expense and throw me some links to set me on the right path. :)

 

Swag is up and running as I do see "Server Ready" in the logs. I've modified the proxy-configs as they should per the various documents and videos I've seen and I think that is where my problem is, or at least I think... If anyone can point me in the right direction I will be very grateful. Here is where I stand with the configs (domains names are different, but the same as how I have them.) I also left the instructions in there as I didn't feel like I needed to remove them (see having a laugh at my expense)?
 

# make sure that your dns has a cname set for radarr and that your radarr container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name MYSERVERradarr.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

   

location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app binhex-radarr;
        set $upstream_port 7878;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location ~ (/radarr)?/api {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app binhex-radarr;
        set $upstream_port 7878;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

It may be obvious to you what the error is, but not to me so be gentle :)

Edited by 2nu2storage
Link to comment

Hey all,

 

I'm trying to access Home Assistant Core via the lets encrypt docker, have updated the proxy.conf sample they have for Home Assistant with the new container name, as well as the port I mapped in.  I can access the page via my subdomain I set up (shows the HA user name and password prompt), but when I attempt to login, it just shows the HA symbol and the "refresh" button.

 

Here's the proxy.conf:

# make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name ha.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app Home-Assistant-Core;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

 

Is there something I"m doing wrong? I also set the external URL in the Home Assistant .yaml, but no dice.

 

Edit: I always seem to find the solution right after I post in this thread.  For future reference, if anyone needs the config for this, you need to add a section for /api.  Here's the updated (working) config:

 

# make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name ha.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app Home-Assistant-Core;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
	location /api/ {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app Home-Assistant-Core;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
}
	
}

 

Edited by Coolsaber57
Link to comment

Hello,

 

I have just followed these two guides;

 

https://technicalramblings.com/blog/cloudflare-fail2ban-integration-with-automated-set_real_ip_from-in-nginx/

 

&

 

https://technicalramblings.com/blog/blocking-countries-with-geolite2-using-the-letsencrypt-docker-container/

 

Almost everything seems to be going fine, with no errors that I haven't been able to fix with all the support on this forum. I say almost, as when I try a VPN and connect to my server via another country, I'm still able to get through, I'm not blocked and the access is reported as the same as my "non-VPN" attempts in the logs?

 

I've registered with MAXMIND, entered the key and downloaded the GeoLite2.mmdb file, ensuring that it is saved in the right location. On a side note, sendmail-whois.local still needs some amendment by me, however I wanted to focus on actually securing my site before I continued attempts with notification. 

 

I've attached four screenshots below of the amendments I've made to the various config files within SWAG, in the hopes someone can point out what I'm doing wrong.

 

Excellent work by the way on this container, its impressive how much work has gone in to it, including the SWAG support page.

 

In the meantime I'll continue to read through this forum for tips, I'm up to page 19 so far. 

 

Regards. 

 

20200916_111118.jpg

 

20200916_111253.jpg

 

20200916_111502.jpg

 

20200916_111518.jpg

 

Here is the current reported state of my jail list (if it helps);

 

20200916_144114.jpg

 

***Edit - Whilst I'm trying to get to the bottom of my above problem I wanted to ask yourselves (@linuxserver.io @saarg @aptalca @CHBMB) a question as you clearly know what you are talking about (I'm up to page 72 of this thread, so much useful information!) What router would you recommend that works best with SWAG in a home setting? Pfsense or Ubiquiti? Apologies if this should be on its own thread, I just thought I would tag it on to my question above as my number one requirement of a new router will be that it fully supports and compliments SWAG. 

 

Edited by LoneTraveler
  • Like 1
Link to comment
On 9/16/2020 at 12:27 PM, LoneTraveler said:

Hello,

 

I have just followed these two guides;

 

https://technicalramblings.com/blog/cloudflare-fail2ban-integration-with-automated-set_real_ip_from-in-nginx/

 

&

 

https://technicalramblings.com/blog/blocking-countries-with-geolite2-using-the-letsencrypt-docker-container/

 

Almost everything seems to be going fine, with no errors that I haven't been able to fix with all the support on this forum. I say almost, as when I try a VPN and connect to my server via another country, I'm still able to get through, I'm not blocked and the access is reported as the same as my "non-VPN" attempts in the logs?

 

I've registered with MAXMIND, entered the key and downloaded the GeoLite2.mmdb file, ensuring that it is saved in the right location. On a side note, sendmail-whois.local still needs some amendment by me, however I wanted to focus on actually securing my site before I continued attempts with notification. 

 

I've attached four screenshots below of the amendments I've made to the various config files within SWAG, in the hopes someone can point out what I'm doing wrong.

 

Excellent work by the way on this container, its impressive how much work has gone in to it, including the SWAG support page.

 

In the meantime I'll continue to read through this forum for tips, I'm up to page 19 so far. 

 

Regards. 

 

20200916_111118.jpg

 

20200916_111253.jpg

 

20200916_111502.jpg

 

20200916_111518.jpg

 

Here is the current reported state of my jail list (if it helps);

 

20200916_144114.jpg

 

***Edit - Whilst I'm trying to get to the bottom of my above problem I wanted to ask yourselves (@linuxserver.io @saarg @aptalca @CHBMB) a question as you clearly know what you are talking about (I'm up to page 72 of this thread, so much useful information!) What router would you recommend that works best with SWAG in a home setting? Pfsense or Ubiquiti? Apologies if this should be on its own thread, I just thought I would tag it on to my question above as my number one requirement of a new router will be that it fully supports and compliments SWAG. 

 

All routers work with swag as long as it support port forwarding. If you want to use the domain inside the home network the router should support hairpin NAT/split DNS.

Both ubiquiti and pfsense works.

Edited by saarg
  • Thanks 1
Link to comment
11 minutes ago, saarg said:

All routers work with swag as long as it support port forwarding. If you want to use the domain inside the home network the router should support hairpin NAT/split DNS.

Both ubiquiti and pfsense works.

Many thanks for your advice.

 

Could I be forward and ask what router you use? It would be interesting to see what routers the "elders of the Internet - IT Crowd" use. 😁

Link to comment
2 hours ago, LoneTraveler said:

Many thanks for your advice.

 

Could I be forward and ask what router you use? It would be interesting to see what routers the "elders of the Internet - IT Crowd" use. 😁

Pfsense on an embedded celeron mobo with 4gb ram, an intel dual gigabit nic (pci-e), cheapest, smallest ssd in the cheapest case with a built in psu.

  • Thanks 1
Link to comment
3 hours ago, LoneTraveler said:

Many thanks for your advice.

 

Could I be forward and ask what router you use? It would be interesting to see what routers the "elders of the Internet - IT Crowd" use. 😁

Pfsense in an in a 1u supermicro rack server with an 8-core Xeon, 32GB ram and an SSD.

Just a little bit overkill.

Will probably install proxmox or something similar at one point to be able to test other firewalls.

  • Like 1
  • Thanks 1
Link to comment
Pfsense in an in a 1u supermicro rack server with an 8-core Xeon, 32GB ram and an SSD.
Just a little bit overkill.
Will probably install proxmox or something similar at one point to be able to test other firewalls.

I want to try Untangle and Sophos here, too, one day.

At any rate, have pfSense running on a Protectli box here and a spare instance going on a r720 in XCP.
  • Thanks 1
Link to comment

Hi,

 

I want to use the onlyoffice documentserver for nextcloud behind the proxy but as subfolder. aptalca posted a solution here which is working fine, but not for subfolder. onlyoffice described a proxy-to-virtual-path here but I could not get it to work. Iam not so experienced with nginx.

 

Any Ideas how a subfolder solution have to look like?

 

Thanks in advance.

 

Link to comment
1 hour ago, blaine07 said:

If i change template name from letsencrypt to SWAG what issues is that going to cause me?

None.  A name is a name is a name.  I respond to Andrew, Squid, (and my wife's favourite: Asshole).  Doesn't change who I am. 

 

The whole point is to change the repository from linuxserver/letsencrypt to linuxserver/swag.  

 

The only place this would cause an issue is if you're routing your traffic from other containers through "Letsencrypt" vs "Swag".  Which you're probably not.  (You tend to only do that with containers that connect to a VPN ie:Binhex, and not this one which simply forwards requests to a different port)

  • Like 2
Link to comment
None.  A name is a name is a name.  I respond to Andrew, Squid, (and my wife's favourite: Asshole).  Doesn't change who I am. 
 
The whole point is to change the repository from linuxserver/letsencrypt to linuxserver/swag.  
 
The only place this would cause an issue is if you're routing your traffic from other containers through "Letsencrypt" vs "Swag".  Which you're probably not.  (You tend to only do that with containers that connect to a VPN ie:Binhex, and not this one which simply forwards requests to a different port)

Thank you for the thorough response! (I won’t call you asshole BUT ironically that’s my wife’s favorite for me, too).
Link to comment
22 minutes ago, blaine07 said:


Thank you for the thorough response! (I won’t call you asshole BUT ironically that’s my wife’s favorite for me, tooemoji1787.png).

Sounds like we all have the same first name 😅

 

The only potential issue I'm aware of is in nextcloud's config.php where you allow a proxy. You'd have to change that to swag if you change the container name (and if you reverse proxy nextcloud)

Link to comment
Sounds like we all have the same first name
 
The only potential issue I'm aware of is in nextcloud's config.php where you allow a proxy. You'd have to change that to swag if you change the container name (and if you reverse proxy nextcloud)

e3e083691e1d248ae45873b238d3ea94.jpg


Excuse my rudimentary pic but I’m assume first line? Shutdown NC, change letsencrypt name to swag(&let it boot up), change NC config.php, then boot Nextcloud back up?
Link to comment

Hey guys, I could use a little guidance....I'm not a computer guy by any stretch of the imagination so setting up Nextcloud with ReverseProxy is WAY over my head.....I'm just following SI video instructions and have no idea what everything is actually doing.

 

Anyway, in the video when setting up Letsencrypt/SWAG he used the duckdns.org and his duckdns subdomains. I registered my own personal domains and created Cnames...BUT they forward to a duckdns url.  So in the field asking for the Domain Name....do I use my main URL I purchased or the DuckDNS.org that everything is forwarding too?

 

Additionally, at the bottom of SWAG it has a field for a DuckDNS token, that was not in the old app that SI was using.....Do I need to include that?

 

Currently I used my newly purchased Domain Name in the domain field, added the sub's, then dont have anything in the field asking for a DuckDNS tocken.....but I'm not wanting to move past this screen unless I know its correct because if all this doesnt work at the end, I will have NO idea where to look. So I REALLLLY want to get it right as I go though all of this.

 

ALSO, do I need to make subdomains for EVERYTHING like SAB, NZBget, PLEX and other things like that which are on my server but go out onto the net?

 

Thanks for any guidance you can give....greatly appreciated!

Edited by SPOautos
Link to comment

UPDATE to my last post - I went ahead and "applied" those settings I mentioned above.....

"Currently I used my newly purchased Domain Name in the domain field, added the sub's, then dont have anything in the field asking for a DuckDNS tocken.....but I'm not wanting to move past this screen unless I know its correct because if all this doesnt work at the end, I will have NO idea where to look. So I REALLLLY want to get it right as I go though all of this."

 

BUT in the logs all of the challanges failed. It seems like it was looking for a A record where I created CNames....is that why? With the A record though you have to point it to a IP address, it wont let me point it to a Duckdns address.

 

Could this be because I just purchased the domain and created the Cnames about 2-3 hours ago? Does it need more time? Or do I just have the settings wrong?

 

Here is the SWAG log.....

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/Chicago
URL=s2white.com
SUBDOMAINS=server,sonarr,radarr,lidarr,nextcloud
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
VALIDATION=http
DNSPLUGIN=
[email protected]
STAGING=false

SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are: -d server.s2white.com -d sonarr.s2white.com -d radarr.s2white.com -d lidarr.s2white.com -d nextcloud.s2white.com
E-mail address entered: [email protected]
http validation is selected
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for lidarr.s2white.com
http-01 challenge for nextcloud.s2white.com
http-01 challenge for radarr.s2white.com
http-01 challenge for s2white.com
http-01 challenge for server.s2white.com
http-01 challenge for sonarr.s2white.com
Waiting for verification...
Challenge failed for domain lidarr.s2white.com
Challenge failed for domain nextcloud.s2white.com
Challenge failed for domain radarr.s2white.com
Challenge failed for domain s2white.com
Challenge failed for domain server.s2white.com
Challenge failed for domain sonarr.s2white.com
http-01 challenge for lidarr.s2white.com
http-01 challenge for nextcloud.s2white.com
http-01 challenge for radarr.s2white.com
http-01 challenge for s2white.com
http-01 challenge for server.s2white.com
http-01 challenge for sonarr.s2white.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: lidarr.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for lidarr.s2white.com -
check that a DNS record exists for this domain

Domain: nextcloud.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
nextcloud.s2white.com - check that a DNS record exists for this



Domain: radarr.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for radarr.s2white.com -
check that a DNS record exists for this domain

Domain: server.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for server.s2white.com -
check that a DNS record exists for this domain

Domain: sonarr.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for sonarr.s2white.com -
check that a DNS record exists for this domain
- The following errors were reported by the server:

Domain: s2white.com
Type: unauthorized
Detail: Invalid response from
http://s2white.com/.well-known/acme-challenge/II7qAGyVqDFhBJ7WLQg2obnFCDxtWDqCxANhUwOgLVM
[34.102.136.180]: "<!doctype html><html lang=\"en\"><head><meta
http-equiv=\"content-type\"
content=\"text/html;charset=utf-8\"><meta name=\"viewport\" con"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Edited by SPOautos
Link to comment
15 minutes ago, SPOautos said:

UPDATE to my last post - I went ahead and "applied" those settings I mentioned above.....

"Currently I used my newly purchased Domain Name in the domain field, added the sub's, then dont have anything in the field asking for a DuckDNS tocken.....but I'm not wanting to move past this screen unless I know its correct because if all this doesnt work at the end, I will have NO idea where to look. So I REALLLLY want to get it right as I go though all of this."

 

BUT in the logs all of the challanges failed. It seems like it was looking for a A record where I created CNames....is that why? With the A record though you have to point it to a IP address, it wont let me point it to a Duckdns address.

 

Could this be because I just purchased the domain and created the Cnames about 2-3 hours ago? Does it need more time? Or do I just have the settings wrong?

 

Here is the SWAG log.....

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/Chicago
URL=s2white.com
SUBDOMAINS=server,sonarr,radarr,lidarr,nextcloud
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
VALIDATION=http
DNSPLUGIN=
[email protected]
STAGING=false

SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are: -d server.s2white.com -d sonarr.s2white.com -d radarr.s2white.com -d lidarr.s2white.com -d nextcloud.s2white.com
E-mail address entered: [email protected]
http validation is selected
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for lidarr.s2white.com
http-01 challenge for nextcloud.s2white.com
http-01 challenge for radarr.s2white.com
http-01 challenge for s2white.com
http-01 challenge for server.s2white.com
http-01 challenge for sonarr.s2white.com
Waiting for verification...
Challenge failed for domain lidarr.s2white.com
Challenge failed for domain nextcloud.s2white.com
Challenge failed for domain radarr.s2white.com
Challenge failed for domain s2white.com
Challenge failed for domain server.s2white.com
Challenge failed for domain sonarr.s2white.com
http-01 challenge for lidarr.s2white.com
http-01 challenge for nextcloud.s2white.com
http-01 challenge for radarr.s2white.com
http-01 challenge for s2white.com
http-01 challenge for server.s2white.com
http-01 challenge for sonarr.s2white.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: lidarr.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for lidarr.s2white.com -
check that a DNS record exists for this domain

Domain: nextcloud.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
nextcloud.s2white.com - check that a DNS record exists for this



Domain: radarr.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for radarr.s2white.com -
check that a DNS record exists for this domain

Domain: server.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for server.s2white.com -
check that a DNS record exists for this domain

Domain: sonarr.s2white.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for sonarr.s2white.com -
check that a DNS record exists for this domain
- The following errors were reported by the server:

Domain: s2white.com
Type: unauthorized
Detail: Invalid response from
http://s2white.com/.well-known/acme-challenge/II7qAGyVqDFhBJ7WLQg2obnFCDxtWDqCxANhUwOgLVM
[34.102.136.180]: "<!doctype html><html lang=\"en\"><head><meta
http-equiv=\"content-type\"
content=\"text/html;charset=utf-8\"><meta name=\"viewport\" con"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

This needs to return an ip address: https://dnschecker.org/#A/sonarr.s2white.com

 

See here for details setup info: https://docs.linuxserver.io/general/swag

Link to comment
1 hour ago, aptalca said:

This needs to return an ip address: https://dnschecker.org/#A/sonarr.s2white.com

 

See here for details setup info: https://docs.linuxserver.io/general/swag

 

Does that mean something is wrong with the CNAME?  I made the Host Name sonarr.s2white.com and the points to value is a duckdns.org address that points to my server IP

 

In the linuxserver link you shared (thank you for that).....I see where it says this....

 

"Nextcloud is a bit trickier because the app has various security measures built-in, forcing us to configure certain options manually.

As with the other examples, let's make sure that we have a CNAME for nextcloud set up on our dns provider (a wildcard CNAME * will also cover this) and it is pointing to our A record that points to our server IP. If we are using the docker cli method, we also need to create the user defined bridge network (here named lsio) as described above. For DuckDNS, we do not need to create CNAMES, as all sub-subdomains automatically point to the same IP as our custom subdomain, but we need to make sure that it is the correct IP address for our server. We also need to make sure that port 443 on our router is forwarded to the correct port on our server."

 

To be honest I'm not sure what all that means to what I have already done.  Have things changed since the SI video where I should now use a A record instead of a Cname and point it directly to my server ip address instead of a duckdns address?

 

So is this saying that instead of doing it the way SI shows, I now need to make a single Cname like Nextcloud.mydomain.com that points to a A record that I also create at Godaddy which in turn points to my servers IP address, then basically dont do anything with DuckDNS?  I do have my router set to reserve the IP address so I think that means it will always keep that domain so I dont really NEED DuckDNS I dont THINK....but I'm not positive about how all that works.

Edited by SPOautos
Link to comment
1 hour ago, SPOautos said:

 

Does that mean something is wrong with the CNAME?  I made the Host Name sonarr.s2white.com and the points to value is a duckdns.org address that points to my server IP

 

In the linuxserver link you shared (thank you for that).....I see where it says this....

 

"Nextcloud is a bit trickier because the app has various security measures built-in, forcing us to configure certain options manually.

As with the other examples, let's make sure that we have a CNAME for nextcloud set up on our dns provider (a wildcard CNAME * will also cover this) and it is pointing to our A record that points to our server IP. If we are using the docker cli method, we also need to create the user defined bridge network (here named lsio) as described above. For DuckDNS, we do not need to create CNAMES, as all sub-subdomains automatically point to the same IP as our custom subdomain, but we need to make sure that it is the correct IP address for our server. We also need to make sure that port 443 on our router is forwarded to the correct port on our server."

 

To be honest I'm not sure what all that means to what I have already done.  Have things changed since the SI video where I should now use a A record instead of a Cname and point it directly to my server ip address instead of a duckdns address?

 

So is this saying that instead of doing it the way SI shows, I now need to make a single Cname like Nextcloud.mydomain.com that points to a A record that I also create at Godaddy which in turn points to my servers IP address, then basically dont do anything with DuckDNS?  I do have my router set to reserve the IP address so I think that means it will always keep that domain so I dont really NEED DuckDNS I dont THINK....but I'm not positive about how all that works.

I'm not the author of that video and am not familiar with it. You'll have to contact the author.

All the info we publish is in the github/docker hub readme (linked in the first post) and the docs article I linked above.

 

Typically, if you already own your own domain name, you don't need duckdns. Duckdns is a free alternative to owning a domain name.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.