adminmat Posted March 19, 2021 Share Posted March 19, 2021 20 minutes ago, saarg said: You can click the padlock in the browser when you are on a page hosted on your domain and check when it expires. Thanks. Mine still says it's expiring in a few days. Any idea how to force the renewal or check when the chron job is set to run? Quote Link to comment
saarg Posted March 20, 2021 Share Posted March 20, 2021 14 hours ago, adminmat said: Thanks. Mine still says it's expiring in a few days. Any idea how to force the renewal or check when the chron job is set to run? The Cron job runs every night at about 2. You have to check the logs for why it's not renewing the certs. I think the log is named letsencrypt. Also restart the container and post the log. Be sure to redact domain and personal info. 1 Quote Link to comment
Roma4593 Posted March 20, 2021 Share Posted March 20, 2021 (edited) Hello friends, I am looking for some help- I am very new to networking so apologies for dumb questions. I had my private domain up and running flawlessly with a reverse proxy on my unraid server via swag and cloudflareddns. All of my intended subdomain/hosts were accessible over WAN which was incredible. I unfortunately had a disk failure and had to shutdown my array to rebuild. I have the following script to run whenever I restart the array in order to rebuild my docker networks -> otherwise I lose custom br0 for all my containers. rm /var/lib/docker/network/files/local-kv.db /etc/rc.d/rc.docker restart I subsequently recreated my proxy network via cmd as I had previously done. docker network create ****** I started up cloudflareddns and swag without any noticeable log errors but unfortunately now I am getting ERROR 521 when trying to connect over WAN in the browser. Ive turned off all the proxys in cloudflare and purged the chache in cloudflare. When I make A names directly to my WAN IP I get "This site can't be reached". I've done everything short of just shutting down the array/rebooting the server. Not sure where along restarting my array things broke. There's unfortunatley not a lot of information regarding error 521 and the one or two threads addressing this error seem to thing its on cloudflare's end? I am going to hard reset the server once my drive is rebuilt. I sincerely appreciate anyones input/help on the matter. James halo-diagnostics-20210320-1246.zip Edited March 21, 2021 by Roma4593 Quote Link to comment
adminmat Posted March 20, 2021 Share Posted March 20, 2021 (edited) 5 hours ago, saarg said: The Cron job runs every night at about 2. You have to check the logs for why it's not renewing the certs. I think the log is named letsencrypt. Also restart the container and post the log. Be sure to redact domain and personal info. I found in the log that it was not resolving the DNS for server.mydomain.com (example). I didnt have "server" added as a Cname. Only Nextcloud. I assume it needs this for the cert renewal. I So I added this within the Namecheap DNS section. (sorry I don't know the proper terminology here) Now is there a way to manually renew or I just wat for the chron job at 2AM again? I confirmed that restarting the Swag container does not renew the cert. Edited March 20, 2021 by adminmat Quote Link to comment
strike Posted March 20, 2021 Share Posted March 20, 2021 20 minutes ago, adminmat said: Now is there a way to manually renew or I just wat for the chron job at 2AM again? You can add or remove a subdomain to trigger the renewal process. If it fails again be sure to set the staging variable to "true", this will increase the rate limiting so you don't hit the limit when testing. Set it back to false when you have it working. 1 Quote Link to comment
adminmat Posted March 20, 2021 Share Posted March 20, 2021 3 hours ago, strike said: You can add or remove a subdomain to trigger the renewal process. If it fails again be sure to set the staging variable to "true", this will increase the rate limiting so you don't hit the limit when testing. Set it back to false when you have it working. ok, looks like it issued the new cert. I just removed the "server" domain and changed to True. Applied. Then re-added "server" changed back to false and applied. Thanks Quote Link to comment
Asgart Posted March 20, 2021 Share Posted March 20, 2021 On 3/19/2021 at 5:44 PM, SimplePete said: Hi there. I have an issue with using the reverse proxy set up for nextcloud. In the nextcloud.subfolder.config it says: ## Version 2020/12/09 # Assuming this container is called "swag", edit your nextcloud container's config # located at /config/www/nextcloud/config/config.php and add the following lines before the ");": # 'trusted_proxies' => ['swag'], # 'overwritewebroot' => '/nextcloud', # 'overwrite.cli.url' => 'https://your-domain.com/nextcloud', # # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: # array ( # 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. # 1 => 'your-domain.com', # ), When I try to do this for my docker container of nextcloud, if the line 'overwritewebroot' => '/nextcloud', is inserted it prevents me from accessing nextcloud locallay - it says that "The page isn't redirecting properly". And when trying to access remotely SWAG displays "502 Bad Gateway". My nextcloud config.php is as follows: <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'xxxxx', 'passwordsalt' => 'xxxxx', 'secret' => 'xxxxx', 'trusted_domains' => array ( 0 => '192.168.1.123:12345', 1 => 'MYSITE.duckdns.org', ), 'dbtype' => 'mysql', 'version' => '21.0.0.18', 'overwrite.cli.url' => 'https://192.168.1.123:12345', 'dbname' => 'nextcloud', 'dbhost' => '192.168.1.123', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => 'xxxxx', 'installed' => true, 'trusted_proxies' => ['swag'], 'overwritewebroot' => '/nextcloud', 'overwrite.cli.url' => 'https://MYSITE.duckdns.org/nextcloud', ); If you could give me some advice as to what I am doing wrong I would be really greateful. I'm having the exact same problem! SWAG is working for me with the emby and plex docker, but I can't get nextcloud to work. I'm always getting a "502 Bad Gateway" error. I tried it on different computers and on mobile, so it shouldn't be my router or browser causing this.. Does anyone have an idea how to fix this? Quote Link to comment
saarg Posted March 21, 2021 Share Posted March 21, 2021 11 hours ago, Asgart said: I'm having the exact same problem! SWAG is working for me with the emby and plex docker, but I can't get nextcloud to work. I'm always getting a "502 Bad Gateway" error. I tried it on different computers and on mobile, so it shouldn't be my router or browser causing this.. Does anyone have an idea how to fix this? Swag can't connect to nextcloud, so it's probably not on the same custom bridge. Quote Link to comment
Asgart Posted March 21, 2021 Share Posted March 21, 2021 35 minutes ago, saarg said: Swag can't connect to nextcloud, so it's probably not on the same custom bridge. Hi, that's not it. I created a custom bridge where swag, emby, plex and nextcloud are running on. The other dockers are working fine, just nextcloud just isn't working. It definitely is on the same custom bridge. Quote Link to comment
saarg Posted March 21, 2021 Share Posted March 21, 2021 23 minutes ago, Asgart said: Hi, that's not it. I created a custom bridge where swag, emby, plex and nextcloud are running on. The other dockers are working fine, just nextcloud just isn't working. It definitely is on the same custom bridge. Have you modified the proxy conf or changed the container name? Quote Link to comment
Asgart Posted March 21, 2021 Share Posted March 21, 2021 3 hours ago, saarg said: Have you modified the proxy conf or changed the container name? Yes, basically what I did, was changing the container name of the 'swag' container to 'JulianSeidel'. I'm just gonna post a few screenshots here.. These are my 'swag' container settings: This is my 'nextcloud' container: Then I went into the appdata\swag\nginx\proxy-confs folder to edit the nextcloud.subdomain.conf file (while erasing the .sample to make it a .conf file): # make sure that your dns has a cname set for nextcloud # assuming this container is called "swag", edit your nextcloud container's config # located at /config/www/nextcloud/config/config.php and add the following lines before the ");": # 'trusted_proxies' => ['swag'], # 'overwrite.cli.url' => 'https://nextcloud.your-domain.com/', # 'overwritehost' => 'nextcloud.your-domain.com', # 'overwriteprotocol' => 'https', # # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: # array ( # 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. # 1 => 'nextcloud.your-domain.com', # ), server { listen 443 ssl; listen [::]:443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app nextcloud; set $upstream_port 444; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_max_temp_file_size 2048m; } } I also went into the appdata\nextcloud\www\nextcloud\config folder to edit the config.php file (I changed my personal data to xxx for this showcase): <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oc82pfr3kbbl', 'passwordsalt' => 'jlLdTzjYNONZ3/pf6skVd7YiwRTW/Z', 'secret' => 'D32AynuD7qIf5+CBT/KrckjYiiPICbVog96kxzQ8SJjnnhJo', 'trusted_domains' => array ( 0 => '192.168.178.46:444', 1 => 'nextcloud.xxx.net', ), 'dbtype' => 'mysql', 'version' => '21.0.0.18', 'trusted_proxies' => array ( 0 => 'JulianSeidel', ), 'overwrite.cli.url' => 'https://nextcloud.xxx.net/', 'overwritehost' => 'nextcloud.xxx.net', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => '192.168.178.46:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => 'xxx', 'installed' => true, ); The subdomain is pingable, so I think that should not be the problem. The plex and emby docker are working fine with their own subdomains, but if I try to reach nextcloud, I'm always getting a "502 Bad Gateway nginx/1.18.0" error message.. I'm really at a loss here Quote Link to comment
saarg Posted March 21, 2021 Share Posted March 21, 2021 (edited) 4 hours ago, Asgart said: Yes, basically what I did, was changing the container name of the 'swag' container to 'JulianSeidel'. I'm just gonna post a few screenshots here.. These are my 'swag' container settings: This is my 'nextcloud' container: Then I went into the appdata\swag\nginx\proxy-confs folder to edit the nextcloud.subdomain.conf file (while erasing the .sample to make it a .conf file): # make sure that your dns has a cname set for nextcloud # assuming this container is called "swag", edit your nextcloud container's config # located at /config/www/nextcloud/config/config.php and add the following lines before the ");": # 'trusted_proxies' => ['swag'], # 'overwrite.cli.url' => 'https://nextcloud.your-domain.com/', # 'overwritehost' => 'nextcloud.your-domain.com', # 'overwriteprotocol' => 'https', # # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: # array ( # 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. # 1 => 'nextcloud.your-domain.com', # ), server { listen 443 ssl; listen [::]:443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app nextcloud; set $upstream_port 444; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_max_temp_file_size 2048m; } } I also went into the appdata\nextcloud\www\nextcloud\config folder to edit the config.php file (I changed my personal data to xxx for this showcase): <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oc82pfr3kbbl', 'passwordsalt' => 'jlLdTzjYNONZ3/pf6skVd7YiwRTW/Z', 'secret' => 'D32AynuD7qIf5+CBT/KrckjYiiPICbVog96kxzQ8SJjnnhJo', 'trusted_domains' => array ( 0 => '192.168.178.46:444', 1 => 'nextcloud.xxx.net', ), 'dbtype' => 'mysql', 'version' => '21.0.0.18', 'trusted_proxies' => array ( 0 => 'JulianSeidel', ), 'overwrite.cli.url' => 'https://nextcloud.xxx.net/', 'overwritehost' => 'nextcloud.xxx.net', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => '192.168.178.46:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => 'xxx', 'installed' => true, ); The subdomain is pingable, so I think that should not be the problem. The plex and emby docker are working fine with their own subdomains, but if I try to reach nextcloud, I'm always getting a "502 Bad Gateway nginx/1.18.0" error message.. I'm really at a loss here You are changing things you should not change. Change the port back to 443 and protocol to https in the proxy conf. Edited March 21, 2021 by saarg Quote Link to comment
Jokerigno Posted March 21, 2021 Share Posted March 21, 2021 Hi, I had issue with my unraid server (lost docker image). I restored all my containers but I don't know why swag become problematic (more than other). Looking at the logs I see this: Quote Requesting a certificate for *.xxxxxxxxxxx.it An unexpected error occurred: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: *.xxxxxxxxxxxx.it: see https://letsencrypt.org/docs/rate-limits/ Please see the logfiles in /var/log/letsencrypt for more details. ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file. It seems that I've been temporary banned and I have to wait a week to rehave a working certificate (doh!). But I was wondering if this has consequencies for nginx because I cannot longer login from outside world to my services. Can someone confirm or disconfirm? There's some workaround for this? I "need" access to some services (nextcloud for example) and waiting a week can be problematic. Thank you all in advance! Quote Link to comment
saarg Posted March 21, 2021 Share Posted March 21, 2021 27 minutes ago, Jokerigno said: Hi, I had issue with my unraid server (lost docker image). I restored all my containers but I don't know why swag become problematic (more than other). Looking at the logs I see this: It seems that I've been temporary banned and I have to wait a week to rehave a working certificate (doh!). But I was wondering if this has consequencies for nginx because I cannot longer login from outside world to my services. Can someone confirm or disconfirm? There's some workaround for this? I "need" access to some services (nextcloud for example) and waiting a week can be problematic. Thank you all in advance! There is no workaround. You have exceeded the limit because you have tried too many times. You should have enabled staging to test getting the certs. You could use a duckdns domain until your domain is not banned anymore. Quote Link to comment
Jokerigno Posted March 21, 2021 Share Posted March 21, 2021 (edited) 37 minutes ago, saarg said: There is no workaround. You have exceeded the limit because you have tried too many times. You should have enabled staging to test getting the certs. You could use a duckdns domain until your domain is not banned anymore. Hi, well I didn't know that restoring a container with same appdata could lead to this. Just for anyone who can be interested in this using staging true and setting cloudflare Full SSL instead of Full SSL (Strict) allow nginx to start and services become available again. I will remember to revert staging and SSL in a week. Edited March 21, 2021 by Jokerigno Quote Link to comment
casperse Posted March 22, 2021 Share Posted March 22, 2021 Hi All Not sure this is possible using SWAG but here it goes... I have installed the MineOS docker for Minecraft servers and on one of these servers I have a webserver running "Dynmap" rendering a full map of the Minecraft server (Since this is just a view I would like this accessible on the web) But when I point to the "MineOS" which also have a webser UI !! I cant connect to the Dynmap on port 25568 Any way to use swag without pointing to a specific docker? So far I have used this conf for my sub domian map.domain.com and I can see in the log that the cert. is OK server { listen 443 ssl; listen [::]:443 ssl; server_name map.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app MineOS-node; set $upstream_port 25568; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; } } Quote Link to comment
saarg Posted March 22, 2021 Share Posted March 22, 2021 21 hours ago, Jokerigno said: Hi, well I didn't know that restoring a container with same appdata could lead to this. Just for anyone who can be interested in this using staging true and setting cloudflare Full SSL instead of Full SSL (Strict) allow nginx to start and services become available again. I will remember to revert staging and SSL in a week. Simply restoring the appdata should not lead to this. But with the limited info you supplied, it's hard to say what happened. Quote Link to comment
saarg Posted March 22, 2021 Share Posted March 22, 2021 7 hours ago, casperse said: Hi All Not sure this is possible using SWAG but here it goes... I have installed the MineOS docker for Minecraft servers and on one of these servers I have a webserver running "Dynmap" rendering a full map of the Minecraft server (Since this is just a view I would like this accessible on the web) But when I point to the "MineOS" which also have a webser UI !! I cant connect to the Dynmap on port 25568 Any way to use swag without pointing to a specific docker? So far I have used this conf for my sub domian map.domain.com and I can see in the log that the cert. is OK server { listen 443 ssl; listen [::]:443 ssl; server_name map.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app MineOS-node; set $upstream_port 25568; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; } } You have to point it to something, or else nginx doesn't know where to send the traffic. Quote Link to comment
casperse Posted March 23, 2021 Share Posted March 23, 2021 20 hours ago, saarg said: You have to point it to something, or else nginx doesn't know where to send the traffic. Looking into the logs it dosent even seem like it is reading the file? I have updated it to this: server { listen 443 ssl; listen [::]:443 ssl; server_name map.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app MineOS-node; set $upstream_port 25568; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location ~ (/MineOS-node)?/api { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app MineOS-node; set $upstream_port 25568; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } Should the location ~ (/MineOS-node)?/api { Be replaced with the local IP:PORT? sorry I have 8 different dockers working with SWAG but this one eludes me Quote Link to comment
SimplePete Posted March 23, 2021 Share Posted March 23, 2021 On 3/21/2021 at 10:33 AM, saarg said: Swag can't connect to nextcloud, so it's probably not on the same custom bridge. Thank you! I changed the bridge in the docker for the nextcloud container and upon restart it worked. I can now access it remotely, however I cannot seem to get it to work locally however. When I go the corect IP in firefox it tells me "The page isn't redirecting properly". I have changed in the config to add to the array the IP: '192.168.1.*' but still no luck. Do you have any suggestions as to what is causing this? Quote Link to comment
saarg Posted March 23, 2021 Share Posted March 23, 2021 2 hours ago, casperse said: Looking into the logs it dosent even seem like it is reading the file? I have updated it to this: server { listen 443 ssl; listen [::]:443 ssl; server_name map.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app MineOS-node; set $upstream_port 25568; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location ~ (/MineOS-node)?/api { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app MineOS-node; set $upstream_port 25568; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } Should the location ~ (/MineOS-node)?/api { Be replaced with the local IP:PORT? sorry I have 8 different dockers working with SWAG but this one eludes me upstream_app needs to be all lowercase, so you need to change the container name. I have no idea about the location part as I'm no nginx wizard. Quote Link to comment
saarg Posted March 23, 2021 Share Posted March 23, 2021 1 hour ago, SimplePete said: Thank you! I changed the bridge in the docker for the nextcloud container and upon restart it worked. I can now access it remotely, however I cannot seem to get it to work locally however. When I go the corect IP in firefox it tells me "The page isn't redirecting properly". I have changed in the config to add to the array the IP: '192.168.1.*' but still no luck. Do you have any suggestions as to what is causing this? I don't know why. Quote Link to comment
Gragorg Posted March 23, 2021 Share Posted March 23, 2021 (edited) I have been testing SWAG and saw in the notes that Zerossl may be better to use for certs. In the Zerossl site it says a free account entitles you to unlimited acme certs vs 5 a week for Letsencrypt. I assume that Swag uses acme certs exclusively? During testing SWAG and different setups I hit the 5 cert limit for Letsencrypt. If I switch to Zerossl this should not be an issue? So I have to get a free zerossl cert account and change the certprovider in the docker setup to zerossl. I am not at home currently but assume the email from my zerossl account has to be entered in the docker setup as well. Does anything in the proxy.conf files need to be changed to use Zerossl? UPDATE: Up and running with ZeroSSL. So far so good. Edited March 24, 2021 by Gragorg Quote Link to comment
casperse Posted March 24, 2021 Share Posted March 24, 2021 (edited) 13 hours ago, saarg said: upstream_app needs to be all lowercase, so you need to change the container name. I have no idea about the location part as I'm no nginx wizard. Thanks @saarg totally forgot about the capitol letters (The name came from the Docker pull) But still seems like I am missing a connection (If anyone have any input to what I am missing then please give me a shout) Swag is working for all other dockers (And I am getting cert. on all domains and sub domains) The webserver is running and working 192.168.0.6:25568 (This port is also listed below on the docker) The mineos docker creates a minecraft folder in the appdata (Not a mineos folder) don't know if this makes any difference My config file is now: server { listen 443 ssl; listen [::]:443 ssl; server_name map.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app mineos-node; set $upstream_port 25568; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location ~ (/mineos-node)?/api { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app mineos-node; set $upstream_port 25568; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } Keep getting: Kind of stuck here have tried allot of different things but end up breaking Swag for all other containers 😞 UPdate found this: https://gist.github.com/DmitryRendov/1efb672a0733aca5314dc3332d9823ac But this seems to overcomplicate a simple link to port 25568 (In the above example the default port is 8123) OK this works! server { listen 443 ssl; listen [::]:443 ssl; server_name map.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; location / { proxy_pass http://192.168.0.6:25568; proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /api/websocket { proxy_pass http://192.168.0.6:25568/api/websocket; proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } Edited March 24, 2021 by casperse Quote Link to comment
Caldorian Posted March 25, 2021 Share Posted March 25, 2021 So I have one container setup to generate a wildcard cert for my domain, using dns validation on cloudflare. I was using the Global API key before, but I'm trying to convert over to an API token instead. I updated my cloudflare.ini file, removing the dns_cloudflare_email and dns_cloudflare_api_key values, and instead inserting a dns_cloudflare_api_token value. However, since my cert is currently valid, I'm not seeing in the logs it attempting to regenerate the cert and use the new api token. Is there an easy way I can force the certificate to regenerate to test my configuration change? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.