aptalca Posted November 8, 2020 Share Posted November 8, 2020 3 hours ago, casperse said: Maybee a stupid Q But is it okay to add multiple subdomains like this? server { listen 443 ssl; listen [::]:443 ssl; server_name photo.doamin.dk; server_name photos.domain.dk; server_name piwigo.domain.dk; And could I just add a piwigo.domain2.dk also? It might work but I dont want to go against the approved structure You can put multiple names in a single server name directive, don't use multiple directives Quote Link to comment
saarg Posted November 8, 2020 Share Posted November 8, 2020 4 hours ago, BurntOC said: Fair observation. I thought about including it originally but if the connectivity is there, it seems like this would be some well-known trick that I don't know about. To that point, your question is a great one to which I believed the answer was "Yes, I've tested it.". But if so I'd have been wrong, as checking right now it is not getting a response. I'm up to 15 other devices that are working just fine across the other 2 situations I included in my initial post on this. Since it is working for other servers in that same domain it would seem like the traffic should have no problems getting from my Unraid server to the firewall headed to the Pi, but clearly I do. Here's my proxy, in any event (I use hassio.mydomain.me and the device is on 192.168.60.4 in this example): server { listen 443 ssl; listen [::]:443 ssl; server_name hassio.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; # enable for Authelia #include /config/nginx/authelia-server.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /ldaplogin; # enable for Authelia #include /config/nginx/authelia-location.conf; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; # set $upstream_app homeassistant; set $upstream_app 192.168.60.4; set $upstream_port 8123; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } If you can't ping 192.168.60.4 it's not the proxy conf that is the issue. Since you have other services working, I would assume your firewall blocks access from the unraid network to your hassio RPI. Quote Link to comment
BurntOC Posted November 8, 2020 Share Posted November 8, 2020 17 minutes ago, saarg said: If you can't ping 192.168.60.4 it's not the proxy conf that is the issue. Since you have other services working, I would assume your firewall blocks access from the unraid network to your hassio RPI. So I verified that I had port isolation enabled on both the Unifi switch port connected to that Unraid network and the port the Pi is connected to. Disabling it on the Pi port allowed swag to ping the Pi, but I am still getting the Nginx gateway error. The isolation observation and the lack of entries in the logs confirms this is transiting port to port without the firewall seeing it, but it's even more puzzling as to why it still isn't working... Quote Link to comment
saarg Posted November 8, 2020 Share Posted November 8, 2020 (edited) 1 hour ago, BurntOC said: So I verified that I had port isolation enabled on both the Unifi switch port connected to that Unraid network and the port the Pi is connected to. Disabling it on the Pi port allowed swag to ping the Pi, but I am still getting the Nginx gateway error. The isolation observation and the lack of entries in the logs confirms this is transiting port to port without the firewall seeing it, but it's even more puzzling as to why it still isn't working... I can't really help with network issues. You are sure you use the correct port and that it is http and not https? Are you accessing the domain from your network or using your phone? Edited November 8, 2020 by saarg 1 Quote Link to comment
BurntOC Posted November 9, 2020 Share Posted November 9, 2020 2 hours ago, saarg said: I can't really help with network issues. You are sure you use the correct port and that it is http and not https? Are you accessing the domain from your network or using your phone? Port was correct, but though I'd tested http vs https earlier with no effect (of course because port isolation was probably blocking it in any case), I just tried switching it to https and it works. I have had Hass pulling a cert with the LetsEncrypt addon and I had it set to access via HTTPS. I'm tempted to leave it for now. As I understand it, I'm doing SSL to Swag, but it's doing HTTP to the proxied hosts in most cases per the template default, right? And there would be some risk of something else on the same subnet trying to sniff the unencrypted traffic, but in this case I'm doing SSL to swag and then also to the proxied server so the full path is encrypted, right? If not, I will leave these other connections be, as I was going to look into usings HTTPS with them as well. Quote Link to comment
saarg Posted November 9, 2020 Share Posted November 9, 2020 (edited) 4 hours ago, BurntOC said: Port was correct, but though I'd tested http vs https earlier with no effect (of course because port isolation was probably blocking it in any case), I just tried switching it to https and it works. I have had Hass pulling a cert with the LetsEncrypt addon and I had it set to access via HTTPS. I'm tempted to leave it for now. As I understand it, I'm doing SSL to Swag, but it's doing HTTP to the proxied hosts in most cases per the template default, right? And there would be some risk of something else on the same subnet trying to sniff the unencrypted traffic, but in this case I'm doing SSL to swag and then also to the proxied server so the full path is encrypted, right? If not, I will leave these other connections be, as I was going to look into usings HTTPS with them as well. If it's within your own network, I would drop SSL and just do http. Edited November 9, 2020 by saarg 1 Quote Link to comment
casperse Posted November 9, 2020 Share Posted November 9, 2020 11 hours ago, aptalca said: You can put multiple names in a single server name directive, don't use multiple directives server { listen 443 ssl; listen [::]:443 ssl; server_name photo.doamin.dk,photos.domain.dk,piwigo.domain.dk,piwigo.domain2.dk; I tried combining them but got a strange error afterwards? nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 64 nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised Quote Link to comment
LifeBasher Posted November 10, 2020 Share Posted November 10, 2020 Hi, im trying to get swag to reverse proxy to my vm in unraid. i used spaceinvader video to set it up at start but now when im trying to send to the vm, the log give me this... any one has any idea? i mean it work great when im using it on docker but i cant get it to send it to my vm Thanks for any help P.S. I actually want to send it to a vm for nextcloud instead of using a docker for it. 2020/11/10 00:45:08 [error] 431#431: *63 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 66.70.148.95, server: myServer.*, request: "GET /favicon.ico HTTP/2.0", upstream: "https://192.168.8.13:443/favicon.ico", host: "myHost", referrer: "https://myHost/" Quote Link to comment
casperse Posted November 10, 2020 Share Posted November 10, 2020 On 11/9/2020 at 10:05 AM, casperse said: server { listen 443 ssl; listen [::]:443 ssl; server_name photo.doamin.dk,photos.domain.dk,piwigo.domain.dk,piwigo.domain2.dk; I tried combining them but got a strange error afterwards? nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 64 nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised Strange only when I list them in sepereate lines it works and I dont get the below error nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 64 nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html) server_name photo.domain1.dk; server_name photos.domain1.dk; server_name piwigo.domain1.dk; It works no errors (Even if the syntax is not right) Quote Link to comment
BoKKeR Posted November 11, 2020 Share Posted November 11, 2020 (edited) I have multiple services running behind a reverse nginx proxy. But I am having issues with home assistant. The UI loads but the calls don't get forwarded and error out Failed to call service homeassistant/turn_off. Unable to find service light/turn_off I am running https://hub.docker.com/r/homeassistant/home-assistant on Unraid. This is the nginx config. The site loads but gives errors when I try to turn on lights. # make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url server { listen 443 ssl; listen [::]:443 ssl; server_name ha.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app homeassistant; set $upstream_port 8123; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location /api/websocket { resolver 127.0.0.11 valid=30s; set $upstream_app homeassistant; set $upstream_port 8123; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } This is the command used to run the container: usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name='HomeAssistant' --net='proxynet' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -p '8123:8123/tcp' --device='/dev/ttyUSB0' 'homeassistant/home-assistant' I am not sure if its more suited for home assistant? Edited November 11, 2020 by BoKKeR Quote Link to comment
saarg Posted November 11, 2020 Share Posted November 11, 2020 3 hours ago, BoKKeR said: I have multiple services running behind a reverse nginx proxy. But I am having issues with home assistant. The UI loads but the calls don't get forwarded and error out Failed to call service homeassistant/turn_off. Unable to find service light/turn_off I am running https://hub.docker.com/r/homeassistant/home-assistant on Unraid. This is the nginx config. The site loads but gives errors when I try to turn on lights. # make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url server { listen 443 ssl; listen [::]:443 ssl; server_name ha.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app homeassistant; set $upstream_port 8123; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location /api/websocket { resolver 127.0.0.11 valid=30s; set $upstream_app homeassistant; set $upstream_port 8123; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } This is the command used to run the container: usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name='HomeAssistant' --net='proxynet' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -p '8123:8123/tcp' --device='/dev/ttyUSB0' 'homeassistant/home-assistant' I am not sure if its more suited for home assistant? You have the name wrong for the container. You have to name it homeassistant with small letters. Quote Link to comment
BoKKeR Posted November 11, 2020 Share Posted November 11, 2020 thanks I tried that also. Same result I can resolve home assistant over nginx, but all the service calls fail. Quote Link to comment
saarg Posted November 11, 2020 Share Posted November 11, 2020 25 minutes ago, BoKKeR said: thanks I tried that also. Same result I can resolve home assistant over nginx, but all the service calls fail. We don't have the /api location in our proxy-conf and I'm not sure why you need it? Quote Link to comment
BoKKeR Posted November 11, 2020 Share Posted November 11, 2020 Removing the block rebooting SWAG, I get even less access. I get to the login page. After login I am greeted with Quote Link to comment
saarg Posted November 12, 2020 Share Posted November 12, 2020 9 hours ago, BoKKeR said: Removing the block rebooting SWAG, I get even less access. I get to the login page. After login I am greeted with Did you set homeassistant to use https om that port? If so, change it back to http. There is a similar problem like this fixed on this page. Quote Link to comment
deanpelton Posted November 12, 2020 Share Posted November 12, 2020 I am wondering if anyone has any idea how to use SWAG with a SQL docker to reverse proxy a MSSQL server for remote access through SSMS? I have spent most of a couple of days looking into it, and I know that I need to use a stream process, however I can't get it to work with the nginx within SWAG docker. Anyone have this working and could give me some guidance on how to setup the subdomain conf file? Quote Link to comment
BoKKeR Posted November 12, 2020 Share Posted November 12, 2020 10 hours ago, saarg said: Did you set homeassistant to use https om that port? If so, change it back to http. There is a similar problem like this fixed on this page. I cant find this option, but to make sure I made a new container with a new config location and adjusted the config in swag, restarted swagger. I get the https login page on the subdomain, upon login I end up with the same error page. Quote Link to comment
saarg Posted November 12, 2020 Share Posted November 12, 2020 7 hours ago, deanpelton said: I am wondering if anyone has any idea how to use SWAG with a SQL docker to reverse proxy a MSSQL server for remote access through SSMS? I have spent most of a couple of days looking into it, and I know that I need to use a stream process, however I can't get it to work with the nginx within SWAG docker. Anyone have this working and could give me some guidance on how to setup the subdomain conf file? You can't as it's not web traffic. Quote Link to comment
alturismo Posted November 13, 2020 Share Posted November 13, 2020 On 11/12/2020 at 2:29 PM, deanpelton said: I am wondering if anyone has any idea how to use SWAG with a SQL docker to reverse proxy a MSSQL server for remote access through SSMS? I have spent most of a couple of days looking into it, and I know that I need to use a stream process, however I can't get it to work with the nginx within SWAG docker. Anyone have this working and could give me some guidance on how to setup the subdomain conf file? On 11/12/2020 at 10:24 PM, saarg said: You can't as it's not web traffic. standard tcp or udp traffic is like mentioned not supported with http server blocks, it works single as stream "passthrough". if there would be this module included we may could play and bind domains to the stream(s), but its not included so ... sadly no. https://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html Quote Link to comment
deanpelton Posted November 14, 2020 Share Posted November 14, 2020 3 hours ago, alturismo said: standard tcp or udp traffic is like mentioned not supported with http server blocks, it works single as stream "passthrough". if there would be this module included we may could play and bind domains to the stream(s), but its not included so ... sadly no. https://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html Thanks alturismo, I saw your previous comments on this topic but I couldn't load the stream module into my swag container. Any other methods of doing this with a IP address whitelisting for safety? Quote Link to comment
alturismo Posted November 14, 2020 Share Posted November 14, 2020 3 hours ago, deanpelton said: Thanks alturismo, I saw your previous comments on this topic but I couldn't load the stream module into my swag container. Any other methods of doing this with a IP address whitelisting for safety? not that im aware off Quote Link to comment
xxbigfootxx Posted November 17, 2020 Share Posted November 17, 2020 I keep getting the error below. I've attached my port forwards. I've updated the DNS of the server to 8.8.8.8 and 1.1.1.1, still nothing. I've recently moved house and using new modem. But it should just work with the same forwards? Quote Link to comment
JonathanM Posted November 17, 2020 Share Posted November 17, 2020 5 hours ago, xxbigfootxx said: But it should just work with the same forwards? The image shows the internal and external ports reversed. Quote Link to comment
xxbigfootxx Posted November 17, 2020 Share Posted November 17, 2020 (edited) On 11/17/2020 at 8:16 PM, jonathanm said: The image shows the internal and external ports reversed. Thanks mate, i figured they were but had tried in the correct setup but was still failing. Turns out i had static DNS that was incorrect on the modem. All working now. EDIT: Literally a few hours later and it all stopped again. Seems to be a DNS issue with the Netcomm modem i'm using. I wasn't having any issues with the Netgear. But i wanted to NAT loopback features of the Netcomm Edited November 18, 2020 by xxbigfootxx Quote Link to comment
surenther Posted November 22, 2020 Share Posted November 22, 2020 Hello All, I have hosted my personal site and couple of dockers via Swag following SpaceInvaderOne video. Everything was working great. Recently, i configured VLAN in unraid. My plan is to host all reverse proxy stuffs in this VLAN. How to setup Swag in VLAN? Thanks Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.