[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

14 hours ago, adminmat said:

Thanks. Mine still says it's expiring in a few days. Any idea how to force the renewal or check when the chron job is set to run? 

The Cron job runs every night at about 2.

You have to check the logs for why it's not renewing the certs. I think the log is named letsencrypt. Also restart the container and post the log. Be sure to redact domain and personal info.

  • Thanks 1
Link to comment

Hello friends,

 

I am looking for some help- I am very new to networking so apologies for dumb questions.

 

I had my private domain up and running flawlessly with a reverse proxy on my unraid server via swag and cloudflareddns. All of my intended subdomain/hosts were accessible over WAN which was incredible.

 

I unfortunately had a disk failure and had to shutdown my array to rebuild. I have the following script to run whenever I restart the array in order to rebuild my docker networks -> otherwise I lose custom br0 for all my containers.

 

rm /var/lib/docker/network/files/local-kv.db
/etc/rc.d/rc.docker restart

 

I subsequently recreated my proxy network via cmd as I had previously done.

 

docker network create ******

 

I started up cloudflareddns and swag without any noticeable log errors but unfortunately now I am getting ERROR 521 when trying to connect over WAN in the browser. Ive turned off all the proxys in cloudflare and purged the chache in cloudflare. When I make A names directly to my WAN IP I get "This site can't be reached".

 

I've done everything short of just shutting down the array/rebooting the server. Not sure where along restarting my array things broke. There's unfortunatley not a lot of information regarding error 521 and the one or two threads addressing this error seem to thing its on cloudflare's end?

 

I am going to hard reset the server once my drive is rebuilt.

 

I sincerely appreciate anyones input/help on the matter.

 

James

 

 

 

halo-diagnostics-20210320-1246.zip

 

Edited by Roma4593
Link to comment
5 hours ago, saarg said:

The Cron job runs every night at about 2.

You have to check the logs for why it's not renewing the certs. I think the log is named letsencrypt. Also restart the container and post the log. Be sure to redact domain and personal info.

 

I found in the log that it was not resolving the DNS for server.mydomain.com (example). I didnt have "server" added as a Cname. Only Nextcloud. I assume it needs this for the cert renewal. I So I added this within the Namecheap DNS section. (sorry I don't know the proper terminology here)  Now is there a way to manually renew or I just wat for the chron job at 2AM again? I confirmed that restarting the Swag container does not renew the cert. 

 

 

Edited by adminmat
Link to comment
20 minutes ago, adminmat said:

Now is there a way to manually renew or I just wat for the chron job at 2AM again?

You can add or remove a subdomain to trigger the renewal process. If it fails again be sure to set the staging variable to "true", this will increase the rate limiting so you don't hit the limit when testing. Set it back to false when you have it working. 

  • Thanks 1
Link to comment
3 hours ago, strike said:

You can add or remove a subdomain to trigger the renewal process. If it fails again be sure to set the staging variable to "true", this will increase the rate limiting so you don't hit the limit when testing. Set it back to false when you have it working. 

ok, looks like it issued the new cert. I just removed the "server" domain and changed to True. Applied. Then re-added "server" changed back to false and applied. Thanks 

Link to comment
On 3/19/2021 at 5:44 PM, SimplePete said:

Hi there. I have an issue with using the reverse proxy set up for nextcloud. In the nextcloud.subfolder.config it says:


 


## Version 2020/12/09
# Assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['swag'],
#  'overwritewebroot' => '/nextcloud',
#  'overwrite.cli.url' => 'https://your-domain.com/nextcloud',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'your-domain.com',
#  ),

 

When I try to do this for my docker container of nextcloud, if the line 'overwritewebroot' => '/nextcloud', is inserted it prevents me from accessing nextcloud locallay - it says that "The page isn't redirecting properly". And when trying to access remotely SWAG displays "502 Bad Gateway".

 

My nextcloud config.php is as follows:

 


<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'xxxxx',
  'passwordsalt' => 'xxxxx',
  'secret' => 'xxxxx',
  'trusted_domains' => 
  array (
    0 => '192.168.1.123:12345',
	1 => 'MYSITE.duckdns.org',
  ),
  'dbtype' => 'mysql',
  'version' => '21.0.0.18',
  'overwrite.cli.url' => 'https://192.168.1.123:12345',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.1.123',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'xxxxx',
  'installed' => true,
  'trusted_proxies' => ['swag'],
  'overwritewebroot' => '/nextcloud',
  'overwrite.cli.url' => 'https://MYSITE.duckdns.org/nextcloud',
);

 

If you could give me some advice as to what I am doing wrong I would be really greateful.

I'm having the exact same problem!

SWAG is working for me with the emby and plex docker, but I can't get nextcloud to work. I'm always getting a "502 Bad Gateway" error. I tried it on different computers and on mobile, so it shouldn't be my router or browser causing this..

Does anyone have an idea how to fix this?

Link to comment
11 hours ago, Asgart said:

I'm having the exact same problem!

SWAG is working for me with the emby and plex docker, but I can't get nextcloud to work. I'm always getting a "502 Bad Gateway" error. I tried it on different computers and on mobile, so it shouldn't be my router or browser causing this..

Does anyone have an idea how to fix this?

Swag can't connect to nextcloud, so it's probably not on the same custom bridge.

Link to comment
35 minutes ago, saarg said:

Swag can't connect to nextcloud, so it's probably not on the same custom bridge.

Hi, that's not it. I created a custom bridge where swag, emby, plex and nextcloud are running on. The other dockers are working fine, just nextcloud just isn't working. It definitely is on the same custom bridge.

Link to comment
23 minutes ago, Asgart said:

Hi, that's not it. I created a custom bridge where swag, emby, plex and nextcloud are running on. The other dockers are working fine, just nextcloud just isn't working. It definitely is on the same custom bridge.

Have you modified the proxy conf or changed the container name?

Link to comment
3 hours ago, saarg said:

Have you modified the proxy conf or changed the container name?

Yes, basically what I did, was changing the container name of the 'swag' container to 'JulianSeidel'.

 

I'm just gonna post a few screenshots here..

 

These are my 'swag' container settings:

1081701850_swagcontainer.thumb.png.fd76a288d6ecc20dd407107513d3a6b1.png

 

This is my 'nextcloud' container:

1427884111_nextcloudcontainer.thumb.png.4b98e5fdb39d82b7a61db0d4d8248b46.png

 

Then I went into the appdata\swag\nginx\proxy-confs folder to edit the nextcloud.subdomain.conf file (while erasing the .sample to make it a .conf file):

# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['swag'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app nextcloud;
        set $upstream_port 444;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_max_temp_file_size 2048m;
    }
}

 

I also went into the appdata\nextcloud\www\nextcloud\config folder to edit the config.php file (I changed my personal data to xxx for this showcase):

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'oc82pfr3kbbl',
  'passwordsalt' => 'jlLdTzjYNONZ3/pf6skVd7YiwRTW/Z',
  'secret' => 'D32AynuD7qIf5+CBT/KrckjYiiPICbVog96kxzQ8SJjnnhJo',
  'trusted_domains' => 
  array (
    0 => '192.168.178.46:444',
	1 => 'nextcloud.xxx.net',
  ),
  'dbtype' => 'mysql',
  'version' => '21.0.0.18',
  'trusted_proxies' =>
  array (
    0 => 'JulianSeidel',
  ),
  'overwrite.cli.url' => 'https://nextcloud.xxx.net/',
  'overwritehost' => 'nextcloud.xxx.net',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.178.46:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'xxx',
  'installed' => true,
);

 

The subdomain is pingable, so I think that should not be the problem. The plex and emby docker are working fine with their own subdomains, but if I try to reach nextcloud, I'm always getting a "502 Bad Gateway  nginx/1.18.0" error message..

 

I'm really at a loss here :(

Link to comment
4 hours ago, Asgart said:

Yes, basically what I did, was changing the container name of the 'swag' container to 'JulianSeidel'.

 

I'm just gonna post a few screenshots here..

 

These are my 'swag' container settings:

1081701850_swagcontainer.thumb.png.fd76a288d6ecc20dd407107513d3a6b1.png

 

This is my 'nextcloud' container:

1427884111_nextcloudcontainer.thumb.png.4b98e5fdb39d82b7a61db0d4d8248b46.png

 

Then I went into the appdata\swag\nginx\proxy-confs folder to edit the nextcloud.subdomain.conf file (while erasing the .sample to make it a .conf file):



# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['swag'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app nextcloud;
        set $upstream_port 444;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_max_temp_file_size 2048m;
    }
}

 

I also went into the appdata\nextcloud\www\nextcloud\config folder to edit the config.php file (I changed my personal data to xxx for this showcase):



<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'oc82pfr3kbbl',
  'passwordsalt' => 'jlLdTzjYNONZ3/pf6skVd7YiwRTW/Z',
  'secret' => 'D32AynuD7qIf5+CBT/KrckjYiiPICbVog96kxzQ8SJjnnhJo',
  'trusted_domains' => 
  array (
    0 => '192.168.178.46:444',
	1 => 'nextcloud.xxx.net',
  ),
  'dbtype' => 'mysql',
  'version' => '21.0.0.18',
  'trusted_proxies' =>
  array (
    0 => 'JulianSeidel',
  ),
  'overwrite.cli.url' => 'https://nextcloud.xxx.net/',
  'overwritehost' => 'nextcloud.xxx.net',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.178.46:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'xxx',
  'installed' => true,
);

 

The subdomain is pingable, so I think that should not be the problem. The plex and emby docker are working fine with their own subdomains, but if I try to reach nextcloud, I'm always getting a "502 Bad Gateway  nginx/1.18.0" error message..

 

I'm really at a loss here :(

You are changing things you should not change. Change the port back to 443 and protocol to https in the proxy conf.

Edited by saarg
Link to comment

Hi,

 

I had issue with my unraid server (lost docker image). I restored all my containers but I don't know why swag become problematic (more than other). 

Looking at the logs I see this:

 

Quote

Requesting a certificate for *.xxxxxxxxxxx.it
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: *.xxxxxxxxxxxx.it: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.
ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.

 

It seems that I've been temporary banned and I have to wait a week to rehave a working certificate (doh!). 

 

But I was wondering if this has consequencies for nginx because I cannot longer login from outside world to my services.

 

Can someone confirm or disconfirm?

 

There's some workaround for this? I "need" access to some services (nextcloud for example) and waiting a week can be problematic.

 

Thank you all in advance!

 

 

Link to comment
27 minutes ago, Jokerigno said:

Hi,

 

I had issue with my unraid server (lost docker image). I restored all my containers but I don't know why swag become problematic (more than other). 

Looking at the logs I see this:

 

 

It seems that I've been temporary banned and I have to wait a week to rehave a working certificate (doh!). 

 

But I was wondering if this has consequencies for nginx because I cannot longer login from outside world to my services.

 

Can someone confirm or disconfirm?

 

There's some workaround for this? I "need" access to some services (nextcloud for example) and waiting a week can be problematic.

 

Thank you all in advance!

 

 

There is no workaround. You have exceeded the limit because you have tried too many times. You should have enabled staging to test getting the certs.

You could use a duckdns domain until your domain is not banned anymore.

Link to comment
37 minutes ago, saarg said:

There is no workaround. You have exceeded the limit because you have tried too many times. You should have enabled staging to test getting the certs.

You could use a duckdns domain until your domain is not banned anymore.

Hi, well I didn't know that restoring a container with same appdata could lead to this.

 

Just for anyone who can be interested in this using staging true and setting cloudflare Full SSL instead of Full SSL (Strict) allow nginx to start and services become available again.

 

I will remember to revert staging and SSL in a week.

 

 

Edited by Jokerigno
Link to comment

Hi All

 

Not sure this is possible using SWAG but here it goes... ;-)

I have installed the MineOS docker for Minecraft servers and on one of these servers I have a webserver running "Dynmap" rendering a full map of the Minecraft server (Since this is just a view I would like this accessible on the web)

 

But when I point to the "MineOS" which also have a webser UI !!

I cant connect to the Dynmap on port 25568

Any way to use swag without pointing to a specific docker?

 

So far I have used this conf for my sub domian map.domain.com and I can see in the log that the cert. is OK

 

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name map.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app MineOS-node;
        set $upstream_port 25568;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
		
   }
}

 

 

Link to comment
21 hours ago, Jokerigno said:

Hi, well I didn't know that restoring a container with same appdata could lead to this.

 

Just for anyone who can be interested in this using staging true and setting cloudflare Full SSL instead of Full SSL (Strict) allow nginx to start and services become available again.

 

I will remember to revert staging and SSL in a week.

 

 

Simply restoring the appdata should not lead to this. But with the limited info you supplied, it's hard to say what happened.

Link to comment
7 hours ago, casperse said:

Hi All

 

Not sure this is possible using SWAG but here it goes... ;-)

I have installed the MineOS docker for Minecraft servers and on one of these servers I have a webserver running "Dynmap" rendering a full map of the Minecraft server (Since this is just a view I would like this accessible on the web)

 

But when I point to the "MineOS" which also have a webser UI !!

I cant connect to the Dynmap on port 25568

Any way to use swag without pointing to a specific docker?

 

So far I have used this conf for my sub domian map.domain.com and I can see in the log that the cert. is OK

 


server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name map.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app MineOS-node;
        set $upstream_port 25568;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
		
   }
}

 

 

You have to point it to something, or else nginx doesn't know where to send the traffic.

Link to comment
20 hours ago, saarg said:

You have to point it to something, or else nginx doesn't know where to send the traffic.

Looking into the logs it dosent even seem like it is reading the file?

 

I have updated it to this:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name map.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app MineOS-node;
        set $upstream_port 25568;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location ~ (/MineOS-node)?/api {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app MineOS-node;
        set $upstream_port 25568;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

 

Should the     location ~ (/MineOS-node)?/api {

 

Be replaced with the local IP:PORT? sorry I have 8 different dockers working with SWAG but this one eludes me ;-)

Link to comment
On 3/21/2021 at 10:33 AM, saarg said:

Swag can't connect to nextcloud, so it's probably not on the same custom bridge.

Thank you! I changed the bridge in the docker for the nextcloud container and upon restart it worked. I can now access it remotely, however I cannot seem to get it to work locally however. When I go the corect IP in firefox it tells me "The page isn't redirecting properly". I have changed in the config to add to the array the IP: '192.168.1.*' but still no luck.

Do you have any suggestions as to what is causing this?

Link to comment
2 hours ago, casperse said:

Looking into the logs it dosent even seem like it is reading the file?

 

I have updated it to this:


server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name map.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app MineOS-node;
        set $upstream_port 25568;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location ~ (/MineOS-node)?/api {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app MineOS-node;
        set $upstream_port 25568;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

 

Should the     location ~ (/MineOS-node)?/api {

 

Be replaced with the local IP:PORT? sorry I have 8 different dockers working with SWAG but this one eludes me ;-)

upstream_app needs to be all lowercase, so you need to change the container name.

 

I have no idea about the location part as I'm no nginx wizard.

Link to comment
1 hour ago, SimplePete said:

Thank you! I changed the bridge in the docker for the nextcloud container and upon restart it worked. I can now access it remotely, however I cannot seem to get it to work locally however. When I go the corect IP in firefox it tells me "The page isn't redirecting properly". I have changed in the config to add to the array the IP: '192.168.1.*' but still no luck.

Do you have any suggestions as to what is causing this?

 

I don't know why.

Link to comment

I have been testing SWAG and saw in the notes that Zerossl may be better to use for certs.  In the Zerossl site it says a free account entitles you to unlimited acme certs vs 5 a week for Letsencrypt. I assume that Swag uses acme certs exclusively?  During testing SWAG and different setups I hit the 5 cert limit for Letsencrypt. If I switch to Zerossl this should not be an issue?  So I have to get a free zerossl cert account and change the certprovider in the docker setup to zerossl.  I am not at home currently but assume the email from my zerossl account has to be entered in the docker setup as well. Does anything in the proxy.conf files need to be changed to use Zerossl?  

 

UPDATE: Up and running with ZeroSSL. So far so good.

Edited by Gragorg
Link to comment
13 hours ago, saarg said:

upstream_app needs to be all lowercase, so you need to change the container name.

 

I have no idea about the location part as I'm no nginx wizard.

Thanks @saarg totally forgot about the capitol letters (The name came from the Docker pull)

 

But still seems like I am missing a connection (If anyone have any input to what I am missing then please give me a shout)

 

Swag is working for all other dockers (And I am getting cert. on all domains and sub domains)

The webserver is running and working 192.168.0.6:25568 (This port is also listed below on the docker)

The mineos docker creates a minecraft folder in the appdata (Not a mineos folder) don't know if this makes any difference

image.thumb.png.532de8e31bcc7038c99c90793c7bd839.png

 

My config file is now:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name map.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app mineos-node;
        set $upstream_port 25568;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
    location ~ (/mineos-node)?/api {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app mineos-node;
        set $upstream_port 25568;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

 

Keep getting:

image.png.4e46bcc802f0d7507dda27846ce23e3e.png

 

Kind of stuck here have tried allot of different things but end up breaking Swag for all other containers 😞

 

UPdate found this: https://gist.github.com/DmitryRendov/1efb672a0733aca5314dc3332d9823ac

But this seems to overcomplicate a simple link to port 25568 (In the above example the default port is 8123) 

 

OK this works!

 

server {
    listen 443 ssl;
    listen [::]:443 ssl;


    server_name map.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;
    
    # enable for ldap auth, fill in ldap details in ldap.conf 
    #include /config/nginx/ldap.conf;

     location / {
        proxy_pass http://192.168.0.6:25568;
        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /api/websocket {
        proxy_pass http://192.168.0.6:25568/api/websocket;
        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }
}

 

Edited by casperse
Link to comment

So I have one container setup to generate a wildcard cert for my domain, using dns validation on cloudflare. I was using the Global API key before, but I'm trying to convert over to an API token instead. I updated my cloudflare.ini file, removing the dns_cloudflare_email and dns_cloudflare_api_key values, and instead inserting a dns_cloudflare_api_token value.

However, since my cert is currently valid, I'm not seeing in the logs it attempting to regenerate the cert and use the new api token.

Is there an easy way I can force the certificate to regenerate to test my configuration change?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.