saarg Posted January 9, 2021 Share Posted January 9, 2021 3 hours ago, mika91 said: Just for curiosity: Is there any plan to extend swag container with native authelia and ldap server. It would be an all-in-one easy solution for unraid with global users management and reverse proxy authentication. I tried to achieve such a solution with swag + authelia + openldap + phpldapadmin, without success right now 😅 No it will not be an all in one. Quote Link to comment
carnivorebrah Posted January 9, 2021 Share Posted January 9, 2021 (edited) Hello all, I have gone through the entire setup to the point where accessing my domain "overseerr.mydomain.com" results in just the SWAG welcome page displaying, instead of launching the Overseerr login page. Any idea what steps I may have missed? Log file for docker included. EDIT: per the norm, I misinterpreted a step, and figured out what I was doing wrong. I was missing the "conf" files that I thought I only needed to modify if changes were required. Edited January 9, 2021 by carnivorebrah Quote Link to comment
semicole Posted January 10, 2021 Share Posted January 10, 2021 Hi, I am having an error getting SWAG to work following Spaceinvader's video. I am trying to get HTTP working so that I can access nextcloud, sonarr, etc outside of my network. I have port forwarded my router ports 80 and 443 to 180 and 1443 respectively and listed those reports in Unraid for SWAG, but I get the following error when I try to create the certs. When I check whocanseeme.org, however, I am seeing a blocked port 80 and 443. I have already called my ISP and confirmed that they are not blocking the ports, so I'm not sure how to proceed. I am fairly new to this and have dome some research and was curious if it matters if my router's IP is the same as my public IP or not and how this relates to NAT. Currently my router's IP does not match my public IP when I look it up using whatsmyip, etc. Domain: mydomain.com Type: unauthorized Detail: Invalid response from http://mydomain.com/.well-known/acme-challenge/0OAvQT7bR4EqZoWAqvATD1_N6LTEeCUWQ1rpOsfhfiM [199.188.201.227]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
saarg Posted January 10, 2021 Share Posted January 10, 2021 7 minutes ago, semicole said: Hi, I am having an error getting SWAG to work following Spaceinvader's video. I am trying to get HTTP working so that I can access nextcloud, sonarr, etc outside of my network. I have port forwarded my router ports 80 and 443 to 180 and 1443 respectively and listed those reports in Unraid for SWAG, but I get the following error when I try to create the certs. When I check whocanseeme.org, however, I am seeing a blocked port 80 and 443. I have already called my ISP and confirmed that they are not blocking the ports, so I'm not sure how to proceed. I am fairly new to this and have dome some research and was curious if it matters if my router's IP is the same as my public IP or not and how this relates to NAT. Currently my router's IP does not match my public IP when I look it up using whatsmyip, etc. Domain: mydomain.com Type: unauthorized Detail: Invalid response from http://mydomain.com/.well-known/acme-challenge/0OAvQT7bR4EqZoWAqvATD1_N6LTEeCUWQ1rpOsfhfiM [199.188.201.227]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container The IP in the screenshot is the LAN adress. You have to find the WAN adress and compare it to the one provided by the webpage. If those two are not the same, then you are behind CGNAT. Hard to say if your port forward is correct as we don't see the description of the port forward table and we also don't have the docker run command of swag to see the validation method you have set up. It looks like you have not port forwarded to 80 to 180, but to 80. Quote Link to comment
semicole Posted January 10, 2021 Share Posted January 10, 2021 Just now, saarg said: The IP in the screenshot is the LAN adress. You have to find the WAN adress and compare it to the one provided by the webpage. If those two are not the same, then you are behind CGNAT. Hard to say if your port forward is correct as we don't see the description of the port forward table and we also don't have the docker run command of swag to see the validation method you have set up. It looks like you have not port forwarded to 80 to 180, but to 80. When I check what’s my IP, I get my external IP address or WAN IP address. I’m struggling to figure out where my WAN is listed on my router page, is there another way to figure that out that may be easier. I can post a better photo of the port forwarding, but yes I had changed 180 to 80 to try to troubleshoot, it’s correct now at 180, so my external ports are 80 and 443 and my internals are 180 and 1443 and going to the correct IP address of my server. Quote Link to comment
semicole Posted January 10, 2021 Share Posted January 10, 2021 9 minutes ago, saarg said: The IP in the screenshot is the LAN adress. You have to find the WAN adress and compare it to the one provided by the webpage. If those two are not the same, then you are behind CGNAT. Hard to say if your port forward is correct as we don't see the description of the port forward table and we also don't have the docker run command of swag to see the validation method you have set up. It looks like you have not port forwarded to 80 to 180, but to 80. Scratch that, I was able to find my WAN address of my router and it does match my public IP, so I think I’m good there and I have the correct ports forwarded and have verified from my ISP that they do not block ports 80 and 443, so what should my next steps be? Quote Link to comment
saarg Posted January 10, 2021 Share Posted January 10, 2021 12 hours ago, semicole said: Scratch that, I was able to find my WAN address of my router and it does match my public IP, so I think I’m good there and I have the correct ports forwarded and have verified from my ISP that they do not block ports 80 and 443, so what should my next steps be? Post the screenshot so we can see that your port forwards are correct and also the other info missing. Quote Link to comment
jademonkee Posted January 10, 2021 Share Posted January 10, 2021 I setup swag for the first time last week, and successfully pointed my domain to my nextcloud instance, and have been able to access it remotely all week. Today I changed my Edgerouter X for a Unifi Security Gateway (USG) so that I could manage everything from the one Unifi Controller interface (I already had two of their APs, so thought this would be neat). After having a heck of a time today getting it up and adopted, I do now have a Quote Link to comment
jademonkee Posted January 10, 2021 Share Posted January 10, 2021 (edited) I setup swag for the first time last week, and successfully pointed my domain to my nextcloud instance, and have been able to access it remotely all week via nextcloud.MYDOMAIN.COM*). I also set up a holding page (a single HTML file with an image) for my domain (without a subdomain). Today I changed my Edgerouter X for a Unifi Security Gateway (USG) so that I could manage everything from the one Unifi Controller interface (I already had two of their APs, so thought this would be neat). After having a heck of a time today getting it up and adopted, I do now have a running USG in my Unifi Controller. I have also added my old DHCP reservation and Port Forwards. But now to my problem relating to swag: However, I just checked my domain via my phone (not connected to WiFi), and when I navigate to nextcloud.MYDOMAIN.COM it shows a cert error that it's self-signed. If I hit proceed, it takes me to a Unifi page that I believe is coming from my USG saying "Fatal error. There was an error handling your request. Please try again later." WORSE YET though, is if I navigate to MYDOMAIN.COM it presents me (and anyone else on the internet) with my Unraid login screen! I disabled the port forwards in USG, but the login screen remained, so I've shutdown swag, and it now doesn't appear when I navigate to that page. Does anyone have ANY idea what's going on, and how I can fix it? *not my actual domain for reasons that should be obvious with the problem I'm currently facing OMG 🤦♂️ I just realised that when I set up the port frowarding on the USG, I accidentally had 80 > Unraid:80, and 443 to Unraid:443, rather than 80 > Unraid:180 and 443 > Unraid:1443. Classic. All seems to be working as it should now. Nevermind! Edited January 10, 2021 by jademonkee Realising the error of my ways Quote Link to comment
BelgarionNL Posted January 16, 2021 Share Posted January 16, 2021 (edited) cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=duckdns.org SUBDOMAINS=CHANGED EXTRA_DOMAINS= ONLY_SUBDOMAINS=true VALIDATION=http CERTPROVIDER= DNSPLUGIN= [email protected] STAGING=false Using Let's Encrypt as the cert provider SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d CHANGED.duckdns.org E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Requesting a certificate for CHANGED.duckdns.org Performing the following challenges: http-01 challenge for CHANGED.duckdns.org Waiting for verification... Challenge failed for domain CHANGED.duckdns.org http-01 challenge for CHANGED.duckdns.org Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: CHANGED.duckdns.org Type: connection Detail: Fetching http://CHANGED.duckdns.org/.well-known/acme-challenge/wkC33SQDnnXlUZuzXOIm63eO2kVOV1QUvw5tmZahyA0: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container I used an nginx container with the same ports and its shows the default nginx page so its not pfsense. Welcome to our server The website is currently being setup under this address. For help and support, please contact: [email protected] I have been mucking about with changing from proxynet to host in swag itself. Is there a limit on how many times you can do this regarding getting new certs? ow and everything has been running great this week since I installed it on monday. I am just asking if there is limitation ,DDOS protection or I dunno. something that would explain why now its not working any help is appreciated greatly. its been a frustrating 6 hours so its time for bed. Edited January 16, 2021 by BelgarionNL Quote Link to comment
strike Posted January 16, 2021 Share Posted January 16, 2021 40 minutes ago, BelgarionNL said: Is there a limit on how many times you can do this regarding getting new certs? Yes, I don't remember what the limit is but for testing you should enable staging then the limit will be much higher. Quote Link to comment
BelgarionNL Posted January 16, 2021 Share Posted January 16, 2021 (edited) 5 minutes ago, strike said: Yes, I don't remember what the limit is but for testing you should enable staging then the limit will be much higher. I hope someone can say if this connection refused is regarding me hitting that limit or if its something else. but I appreciate you telling me that there is at least a limit! this is helpful. ow and I tried staging. it gave me the same or similar error. but then with an not signed cert or something. Edited January 16, 2021 by BelgarionNL Quote Link to comment
strike Posted January 16, 2021 Share Posted January 16, 2021 (edited) 10 minutes ago, BelgarionNL said: I hope someone can actually say if this connection refused is regarding me hitting that limit or if its something else. If it was working before and you have not changed the port forwarding it's probably because you're hitting the limit. Here you can see what the limits is: https://letsencrypt.org/docs/rate-limits/ Edit: Maybe check the let's encrypt log if it has any more info. Edited January 16, 2021 by strike Quote Link to comment
BelgarionNL Posted January 16, 2021 Share Posted January 16, 2021 dont think so since I am not getting this message: too many certificates already issued plus I have only changed it like 10 times max. not hitting the 50 as of yet Quote Link to comment
strike Posted January 16, 2021 Share Posted January 16, 2021 3 minutes ago, BelgarionNL said: dont think so since I am not getting this message: too many certificates already issued plus I have only changed it like 10 times max. not hitting the 50 as of yet What does the letsencrypt log say? it's located in your appdata folder letsencrypt/log/letsencrypt Quote There is a Failed Validation limit of 5 failures per account, per hostname, per hour. This limit is higher on our staging environment, so you can use that environment to debug connectivity problems. Exceeding the Failed Validations limit is reported with the error message too many failed authorizations recently. Quote Link to comment
strike Posted January 16, 2021 Share Posted January 16, 2021 Can you ping the your duckdns domain and it comes back with your IP? Quote Link to comment
BelgarionNL Posted January 16, 2021 Share Posted January 16, 2021 (edited) 8 hours ago, strike said: What does the letsencrypt log say? it's located in your appdata folder letsencrypt/log/letsencrypt there is no log? And yes I can ping my duckdns domain and it shows my ip. could it be a permissions thing? it made a couple folders as root: Edited January 16, 2021 by BelgarionNL Quote Link to comment
saarg Posted January 16, 2021 Share Posted January 16, 2021 13 hours ago, BelgarionNL said: cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=duckdns.org SUBDOMAINS=CHANGED EXTRA_DOMAINS= ONLY_SUBDOMAINS=true VALIDATION=http CERTPROVIDER= DNSPLUGIN= [email protected] STAGING=false Using Let's Encrypt as the cert provider SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d CHANGED.duckdns.org E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Requesting a certificate for CHANGED.duckdns.org Performing the following challenges: http-01 challenge for CHANGED.duckdns.org Waiting for verification... Challenge failed for domain CHANGED.duckdns.org http-01 challenge for CHANGED.duckdns.org Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: CHANGED.duckdns.org Type: connection Detail: Fetching http://CHANGED.duckdns.org/.well-known/acme-challenge/wkC33SQDnnXlUZuzXOIm63eO2kVOV1QUvw5tmZahyA0: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container I used an nginx container with the same ports and its shows the default nginx page so its not pfsense. Welcome to our server The website is currently being setup under this address. For help and support, please contact: [email protected] I have been mucking about with changing from proxynet to host in swag itself. Is there a limit on how many times you can do this regarding getting new certs? ow and everything has been running great this week since I installed it on monday. I am just asking if there is limitation ,DDOS protection or I dunno. something that would explain why now its not working any help is appreciated greatly. its been a frustrating 6 hours so its time for bed. Your URL is not duckdns.org, it's your_user.duckdns.org. You don't own duckdns.org. Quote Link to comment
BTPBen Posted January 16, 2021 Share Posted January 16, 2021 Hey, I just converted my UnRaid server from letsencrypt to SWAG. For some reason when I left click and select the WebUI for SWAG I get "this site can't be reached". Everything was working until I installed the SWAG docker. Now I can't get to the WebUI and I am failing the check to get a certificate. I am unable to access https://<serverIP>:<sslport> Quote Link to comment
BelgarionNL Posted January 17, 2021 Share Posted January 17, 2021 (edited) 19 hours ago, saarg said: Your URL is not duckdns.org, it's your_user.duckdns.org. You don't own duckdns.org. domain1 being my subdomain I created on the duckdns.org website. I followed the video: Edited January 17, 2021 by BelgarionNL Quote Link to comment
saarg Posted January 17, 2021 Share Posted January 17, 2021 1 hour ago, BelgarionNL said: domain1 being my subdomain I created on the duckdns.org website. I followed the video: It's still not correct even though you followed a guide. You do not own duckdns.org. you "own" blahblahblah.duckdns.org, so add that to domain name. Subdomains will be subdomain.blahblahblah.duckdns.org. Quote Link to comment
saarg Posted January 17, 2021 Share Posted January 17, 2021 12 hours ago, BTPBen said: Hey, I just converted my UnRaid server from letsencrypt to SWAG. For some reason when I left click and select the WebUI for SWAG I get "this site can't be reached". Everything was working until I installed the SWAG docker. Now I can't get to the WebUI and I am failing the check to get a certificate. I am unable to access https://<serverIP>:<sslport> If it's trying to get a new cert, you have not managed to use the same appdata folder as you did for letsencrypt. Quote Link to comment
BelgarionNL Posted January 17, 2021 Share Posted January 17, 2021 (edited) 2 hours ago, saarg said: It's still not correct even though you followed a guide. You do not own duckdns.org. you "own" blahblahblah.duckdns.org, so add that to domain name. Subdomains will be subdomain.blahblahblah.duckdns.org. except with duckdns its blahblahblah.duckdns.org and subdomain.duckdns.org. anyhow I got fed up so got my own domain + cloudflare dns verification and now it works. I still think it was my ISP blocking something after I was messing around with it too long. thanks for all the help! Edited January 17, 2021 by BelgarionNL Quote Link to comment
saarg Posted January 17, 2021 Share Posted January 17, 2021 47 minutes ago, BelgarionNL said: except with duckdns its blahblahblah.duckdns.org and subdomain.duckdns.org. anyhow I got fed up so got my own domain + cloudflare dns verification and now it works. I still think it was my ISP blocking something after I was messing around with it too long. thanks for all the help! No it's not. Quote Link to comment
BTPBen Posted January 17, 2021 Share Posted January 17, 2021 3 hours ago, saarg said: If it's trying to get a new cert, you have not managed to use the same appdata folder as you did for letsencrypt. but shouldn't I be about to access https://abc.def.ghi.jkl:xx443 even if the cert isn't any good? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.