[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

20 hours ago, vurt said:

Thanks for suggesting that, I never knew there's a sample in there.

 

But I'm still getting the same 502 Bad Gateway error. I'm beginning to suspect it might be Calibre-Web. Someone on Reddit is also getting the same error when his/her reverse proxy worked fine before.

 

This is what I just tried based on the conf included in swag:

 


location /calibre {
    return 301 $scheme://$host/calibre/;
}

location ^~ /calibre/ {
    # enable the next two lines for http auth
    auth_basic "Restricted";
    auth_basic_user_file /config/nginx/.htpasswd;

    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
    #auth_request /auth;
    #error_page 401 =200 /ldaplogin;

    # enable for Authelia, also enable authelia-server.conf in the default site config
    #include /config/nginx/authelia-location.conf;

    resolver 192.168.1.252 valid=30s;
    set $upstream_app calibre;
    set $upstream_port 8083;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    proxy_set_header Host $http_host;
    proxy_set_header X-Scheme $scheme;
    proxy_set_header X-Script-Name /calibre;
}

 

That's for calibre, not calibre-web

Link to comment
3 minutes ago, aptalca said:

That's for calibre, not calibre-web

Do you mean the /calibre? I renamed it because I want to access it via domain.net/calibre instead of domain.net/calibre-web.

 

This hadn't been a problem previously. I literally have not touched anything besides updating calibre-web and switched letsencrypt to swag.

Link to comment
10 minutes ago, vurt said:

Do you mean the /calibre? I renamed it because I want to access it via domain.net/calibre instead of domain.net/calibre-web.

 

This hadn't been a problem previously. I literally have not touched anything besides updating calibre-web and switched letsencrypt to swag.

You have added the IP in the wrong place in the proxy-conf. Don't change the resolver, change the upstream app variable to the IP.

 

If you would have used a custom docker bridge this would have been avoided. Then there are minimal things you need to change.

Link to comment
2 hours ago, saarg said:

You have added the IP in the wrong place in the proxy-conf. Don't change the resolver, change the upstream app variable to the IP.

 

If you would have used a custom docker bridge this would have been avoided. Then there are minimal things you need to change.

 

That fixed it!! Thank you. I still don't understand why it worked previously though.

 

By "custom docker bridge", do you mean the custom network?

 

I just looked this up: https://docs.docker.com/network/bridge/

 

After running the command

$ docker network create my-net

Do I then use the unRAID GUI to edit all my dockers' config to point Network Type to "my–net" instead of "bridge"? Would that be it or are there other stuff I need to do?

 

My Emby is currently set to "Host", will that stay that way?

Edited by vurt
Link to comment
2 hours ago, vurt said:

 

That fixed it!! Thank you. I still don't understand why it worked previously though.

 

By "custom docker bridge", do you mean the custom network?

 

I just looked this up: https://docs.docker.com/network/bridge/

 

After running the command


$ docker network create my-net

Do I then use the unRAID GUI to edit all my dockers' config to point Network Type to "my–net" instead of "bridge"? Would that be it or are there other stuff I need to do?

 

My Emby is currently set to "Host", will that stay that way?

Yes on my-net

 

Emby can stay on host, in which case you have to put the ip in the upstream app variable. Or you can switch to my-net and keep the proxy conf as is.

Link to comment

Beside the HTTP header bug that noone else has (but thanks alot for the effort saarg 🙂 ), I have another question.

 

Whats the best way to backup Nextcloud? I have read about tar and sql dump but shouldn't it be enough to just copy the config volumes somewhere else?

Or is the dump and the tar process only to save disk space but both options would work?

Link to comment
9 hours ago, DockX said:

Beside the HTTP header bug that noone else has (but thanks alot for the effort saarg 🙂 ), I have another question.

 

Whats the best way to backup Nextcloud? I have read about tar and sql dump but shouldn't it be enough to just copy the config volumes somewhere else?

Or is the dump and the tar process only to save disk space but both options would work?

Both would work, but simply copying the mapped folders is sufficient (don't forget mariadb data if you're using that)

Link to comment
On 4/29/2020 at 10:02 PM, Heciruam said:

Is there an ngix .config.sample file for Mattermost? I just installed it and was wandering on how to get public access.
 

Edit:
Ok I figured it out. I found a guide on how to do it here

Do you have it up and running?

Tried to use the documentation but never managed to get it working properly.

Link to comment
On 11/27/2019 at 10:20 AM, dandiodati said:

Still have not been able to get letsencrypt to reverse proxy for unms. MothyTim sent me his configuration on a previous post but still did not work. 

The regular login redirects me fine just the websocket does not work therefore unms device discovery etc dont work correctly.

 

Anyone else have luch with unms ? 

 

I'm using the nico640/docker-unms docker container which starts find and works correctly (websockets included) when I connect directly to it.

I attached my letsencrypt nginx/proxy-confs/unms.subdomain.conf configuration. 

I have a custom network bridge step up for the letsencypt container and unms (also have nextcloud in there which works correctly).

My DNS is setup correct at cloudflare with A name for main ip address and C names for unms and nextcloud pointing to it.

 

Any ideas or help for solving this issue ? Been fighting with it for a long time with no solution.

 

Dan

 

 

unms.subdomain.conf 1.42 kB · 0 downloads

Has anyone else gotten unms working behind swag ? Still have issues with the websocket failing to passthrough.

I tried again using the pages https://help.ui.com/hc/en-us/articles/115015690207-UNMS-Reverse-Proxy and testing with https://help.ui.com/hc/en-us/articles/115015690147 but no luck. The external curl with websockets just causes swag to show its default web page instead of forward to the unms container.

 

 

Link to comment
On 9/24/2020 at 2:53 PM, Mihle said:

How I switched to swag that seemed to work:

  1. Create an folder named swag in appdata
  2. Copy all content from letsencrypt folder to swag
    (could also rename it but I did not want to change letscencrypt stuff before I knew swag worked fine)
  3. Install swag template and change settings
  4. Stop letsencrypt docker and start swag
  5. Change letsencrypt to swag in nextcloud config
  6. Done.

Good call here
I followed the same instructions 

01. crated a new folder appdata/swag
02. copied content from appdata/letsencrypt/ to appdata/swag
03. located swag docker in app store and used the same settings from appdata/letsencrypt/
04. Applied settings
** note: if you have letsencrypt running and you copy settings the docker will download BUT not start as the same ports for letsencrypt are allocated **
05. stop letsencrypt docker
06. start swag docker
07. tested container 
08. successful

Edited by bombz
Link to comment
On 10/2/2020 at 11:54 AM, xxDeadbolt said:

Hey - trying to move over from Letsencrypt but keep getting an error when trying to edit the proxy-config files. Error states I don't have permission to save in that location. I could edit the Letsencrypt ones though, not sure why I can't with this container 😕

So, once again proving my noob status: I wasn't using Krusader, I was trying to do it within Windows/File Explorer on my gaming rig... oops! All done, pretty much same steps as above!

Link to comment

Hello all, 

 

New to Unraid and new to dockers in general. I am trying to figure out how to get SWAG working with multiple domains. After searching through this topic I've found people asking similar questions and being referred to the GitHub readme. I have looked through the readme and have seen where to add extra domains in the docker settings and have done so. My question is where do I put the actual webpage files for the extra domains, I don't see that covered anywhere in the readme. If I've missed it please point me in the right direction or if anyone knows where I am supposed to put the webpage files for my other domains that would be greatly appreciated as well. Or if SWAG does not support having multiple domains run off of one docker in the sense that I am thinking please let me know.

 

Thanks in advance for any help!

Link to comment
3 hours ago, SamuraiMarv said:

Hello all, 

 

New to Unraid and new to dockers in general. I am trying to figure out how to get SWAG working with multiple domains. After searching through this topic I've found people asking similar questions and being referred to the GitHub readme. I have looked through the readme and have seen where to add extra domains in the docker settings and have done so. My question is where do I put the actual webpage files for the extra domains, I don't see that covered anywhere in the readme. If I've missed it please point me in the right direction or if anyone knows where I am supposed to put the webpage files for my other domains that would be greatly appreciated as well. Or if SWAG does not support having multiple domains run off of one docker in the sense that I am thinking please let me know.

 

Thanks in advance for any help!

You can put them wherever you want as long as you reference it in the nginx config files. If you don't know how to do that, you need to do some more research into nginx.

Link to comment
15 hours ago, SamuraiMarv said:

Roger that, thanks for the quick response. I will do some studying on Nginx!

Some of these guys are just so helpful.  If you just want to host static content locally, copy one of the example confs and put this in your server {} section and set the server_name appropriately.  Make sure that path is available by editing the container, go to the bottom, click + Add another Path, Port, Variable, Label or Device and map a path there.  I think what I did was made a share called wwwroot which makes a dir /mnr/user/wwwroot and then I mapped that to /wwwroot in the container.  Then you could host each domain below that like this.

 

    location / {
        root /wwwroot/marv1;
    }

 

It sounds like maybe you did this other part already, but if not:  make sure to support extra domains by editing the container, going to advanced view and adding them to Extra Parameters like -e EXTRA_DOMAINS=marvsamurai.com,samuraimarv.com

Link to comment

Hey Folks!

I recently installed the new Swag Container to replace my old Let's Encrypt Container. Everything is working fine, but for some reason I do have the old Icon showing up although I do have the correct image-url in my settings available ....

 

2.jpg.4ddcd06bbcff87d4b165e3fb50adb16a.jpg

 

1.thumb.jpg.c7bc97a86fa1e0fd8ad2d0187d3ee69c.jpg

 

This Icon-URL is saved in my Settings:

https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver-ls-logo.png

 

I stopped the container saved multiple times the correct image, but it is still the wrong image. I also removed the old container and cleaned everythig from it with the Cleanup Appdate Plugin

 

Any Ideas for this?

Link to comment

So I recently migrated my Letsencrypt instance to Swag, and all of my proxy confs seem to be working except for the Ombi one. I changed nothing in the subdomain conf file from what ws in place with Letsencrypt, but now the container wont start, and I get an Execution Error Code 403.

 

Anyone overcome a similar problem?

Link to comment

Hello all, 

 

Just finished the house move, well physically moving everything anyway, and thought I would start with setting up the essentials, water, heating, Unraid. 

 

Everything is going well except that I'm unable to access any of my five proxied services (bitwarden, nextcloud, emby, radarr or sonarr) locally if I type in their public address. I can access them via their local port numbers, however if I enter eg bitwarden.mydomain.uk I receive back;

 

This site can’t be reached

The web page at https://bitwarden.mydomain.uk/ might be temporarily down or it may have moved permanently to a new web address.

ERR_HTTP2_PROTOCOL_ERROR

 

If I use my mobile, the pages can be accessed fine, just locally is the issue. 

 

The only difference from the other house is that I have moved from BT to Vodafone. I recall when I was initially setting Letsencrypt up, some people had an issue with "double NAT / hairpinning" which I'm wondering may be my issue. 

 

Before I set about replacing the supplied Vodafone router however, I wanted to double check with yourselves that I'm not missing something obvious (which wouldn't be the first time). 😂

 

The only changes I have made to the router are;

*Updated the port forwarding rules for 80 & 443,

*Disabled UPnP, 

*Ensured that my Unraid servers local address (192.168.1.149) was given an exception in the routers firewall. 

 

I have looked online for similar issues however people seem to have the opposite problem (unable to access externally). 

 

Any advice would be greatly appreciated as I'm up the wall with everything else going on and this would certainly help me out getting it to work. 

 

 

20201007_173012.jpg

20201007_173040.jpg

 

 

20201007_173244.jpg

Edited by LoneTraveler
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.