fagostini Posted April 4, 2021 Share Posted April 4, 2021 Hey looking for some help with SWAG, nothing is getting baned at all. I have tried to trip getting banned by trying 10 times in a row with a bad login... max is set to 2. I thought it might be that i needed to add a .local for bitwardenrs and a path to the log. even after doing this still getting nothing. [Definition] failregex = ^\s*\[ERROR\]\s+Username or password is incorrect. Try again.(?:, 2FA invalid)?\. <HOST>$ this is my bitwarden.local inside filter.d [bitwarden] enabled = true filter = bitwarden logpath = /config/log/containers/bitwarden.log maxretry = 2 inside jail.local i have added my fail2ban log. i changed to debug and heavydebug still can't see why it isn't picking up the failed attempt. any help would be much appriciated fail2ban.log Quote Link to comment
wes.crockett Posted April 9, 2021 Share Posted April 9, 2021 On 3/15/2019 at 6:02 PM, aptalca said: Turn cloudflare proxy off. Click on the orange cloud and make sure it's gray You're my hero, 2 years later. Quote Link to comment
pumavision Posted April 9, 2021 Share Posted April 9, 2021 Commenting to see if anyone has gotten Snapdrop working through a SWAG reverse proxy on unraid. Tried setting up the configs myself with partial success but it's not working properly. Would also be awesome to see a default config file for linuxserver/snapdrop included with SWAG! Quote Link to comment
BenW Posted April 10, 2021 Share Posted April 10, 2021 Hi all, Quick (hopefully) question; I've followed SpaceInvaderOne's video about setting up reverse proxy and Nextcloud - using SWAG to make it externally accessible. Everything is working fine - and Nextcloud is the only externally accessible app I've setup. However, when I access my static IP address directly from a browser (not via the Nextcloud.(mydomain.com)) I get a 'Welcome to your SWAG instance' page. Is this a security issue? Is there any way to direct ALL traffic that hits port 80 or 444 at my address to send it directly to my Nextcloud instance? Cheers! Quote Link to comment
alturismo Posted April 10, 2021 Share Posted April 10, 2021 2 hours ago, BenW said: Hi all, Quick (hopefully) question; I've followed SpaceInvaderOne's video about setting up reverse proxy and Nextcloud - using SWAG to make it externally accessible. Everything is working fine - and Nextcloud is the only externally accessible app I've setup. However, when I access my static IP address directly from a browser (not via the Nextcloud.(mydomain.com)) I get a 'Welcome to your SWAG instance' page. Is this a security issue? Is there any way to direct ALL traffic that hits port 80 or 444 at my address to send it directly to my Nextcloud instance? Cheers! that would make a reverse proxy more or less onsolete .... you can skip swag then and just forward ports to your NC instance directly, cert creation will be another story then ... as option, use rewrite rules for all incoming requests to root to your NC domain in swag Quote Link to comment
BenW Posted April 10, 2021 Share Posted April 10, 2021 2 hours ago, alturismo said: that would make a reverse proxy more or less onsolete .... Thanks - I'll give the re-writing rules from root to NC domain a go, but is leaving it as is a security risk? Quote Link to comment
alturismo Posted April 11, 2021 Share Posted April 11, 2021 21 hours ago, BenW said: Thanks - I'll give the re-writing rules from root to NC domain a go, but is leaving it as is a security risk? nope, all good as long as you dont put extra stuff manually in the /www folder, then you should know what you doing. 1 Quote Link to comment
seanmuth Posted April 14, 2021 Share Posted April 14, 2021 (edited) Having an issue migrating from the old letsencrypt image to swag. Followed the instructions on the repo, and now I'm getting Error determining zone_id: 9103 Unknown X-Auth-Key or X-Auth-Email. Please confirm that you have supplied valid Cloudflare API credentials. (Did you enter the correct email address and Global key?) ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file Also getting this warning, ran `chmod 600` and the warning will not go away. Unsafe permissions on credentials configuration file: /config/dns-conf/cloudflare.ini My credentials are correct in cloudflare.ini. I've tried rolling my API token, generating completely new ones, even using email/global API key and nothing is working. Stumped here. /var/log/letsencrypt.log hits the first exception here: 2021-04-14 12:28:36,683:DEBUG:urllib3.connectionpool:https://api.cloudflare.com:443 "GET /client/v4/zones?name=docker.muth.dev&per_page=1 HTTP/1.1" 403 None 2021-04-14 12:28:36,692:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/certbot_dns_cloudflare/_internal/dns_cloudflare.py", line 187, in _find_zone_id zones = self.cf.zones.get(params=params) # zones | pylint: disable=no-member File "/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py", line 672, in get return self._base.call_with_auth('GET', self._parts, File "/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py", line 126, in call_with_auth return self._call(method, headers, parts, File "/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py", line 502, in _call raise CloudFlareAPIError(code, message) CloudFlare.exceptions.CloudFlareAPIError: Unknown X-Auth-Key or X-Auth-Email I can curl the https://api.cloudflare.com/client/v4/user/tokens/verify endpoint just fine: "messages":[{"code":10000,"message":"This API Token is valid and active","type":null}] I am a genius. Renamed my dir that my compose and config files live in from letsencrypt/ to swag/, but forgot to update the volume mount path as well. Amazing lol. All is well. Edited April 14, 2021 by seanmuth log output, I'm an idiot Quote Link to comment
MikaelTarquin Posted April 17, 2021 Share Posted April 17, 2021 Hi all. I upgraded from Lets Encrypt to SWAG this week, and initially things were fine. But then a separate cache corruption issue occurred, and I had to reformat my cache drive. Now that I've ran Mover twice (once to move everything to the array, and again after the reformat back to the cache), things aren't working as expected. SWAG is failing to run and seems to be missing certain files. Honestly I'm not much of an expert here, I can follow along @SpaceInvaderOne's videos and google enough to be dangerous, but this has me stuck. Would anyone be kind enough to provide some guidance on what I should try? I don't have a CA backup because the last one ran before I had SWAG, and I can't restore Lets Encrypt because the app has been delisted and I no longer have the template saved. To support the app dev(s) visit: Certbot: https://supporters.eff.org/donate/support-work-on-certbot To support LSIO projects visit: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=America/Los_Angeles URL=[***OMITTED***] SUBDOMAINS=ombi,cloud EXTRA_DOMAINS= ONLY_SUBDOMAINS=true VALIDATION=http CERTPROVIDER= DNSPLUGIN= EMAIL=[***OMITTED***] STAGING=false Using Let's Encrypt as the cert provider SUBDOMAINS entered, processing SUBDOMAINS entered, processing Only subdomains, no URL in cert Sub-domains processed are: -d ombi.[***OMITTED***] -d cloud.[***OMITTED***] E-mail address entered: [***OMITTED***] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate for ombi.[***OMITTED***] and cloud.[***OMITTED***] An unexpected error occurred: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: cloud.[***OMITTED***],ombi.[***OMITTED***]: see https://letsencrypt.org/docs/rate-limits/ Please see the logfiles in /var/log/letsencrypt for more details. Can't open privkey.pem for reading, No such file or directory 22963416648520:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('privkey.pem','r') 22963416648520:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76: unable to load private key cat: privkey.pem: No such file or directory cat: fullchain.pem: No such file or directory New certificate generated; starting nginx Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind, and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key. [cont-init.d] 50-config: exited 0. [cont-init.d] 60-renew: executing... Can't open /config/keys/letsencrypt/fullchain.pem for reading, No such file or directory 23299000830792:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/config/keys/letsencrypt/fullchain.pem','r') 23299000830792:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76: unable to load certificate The cert is either expired or it expires within the next day. Attempting to renew. This could take up to 10 minutes. <-------------------------------------------------> <-------------------------------------------------> cronjob running on Sat Apr 17 11:46:29 PDT 2021 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/ombi.[***OMITTED***]-0001.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/ombi.[***OMITTED***].conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 70, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/usr/lib/python3.8/site-packages/certbot/_internal/storage.py", line 468, in __init__ self._check_symlinks() File "/usr/lib/python3.8/site-packages/certbot/_internal/storage.py", line 538, in _check_symlinks raise errors.CertStorageError( certbot.errors.CertStorageError: expected /etc/letsencrypt/live/ombi.[***OMITTED***]/cert.pem to be a symlink Renewal configuration file /etc/letsencrypt/renewal/ombi.[***OMITTED***].conf is broken. Skipping. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certificates are not due for renewal yet: /etc/letsencrypt/live/ombi.[***OMITTED***]-0001/fullchain.pem expires on 2021-07-16 (skipped) No renewals were attempted. No hooks were run. Additionally, the following renewal configurations were invalid: /etc/letsencrypt/renewal/ombi.[***OMITTED***].conf (parsefail) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 0 renew failure(s), 1 parse failure(s) [cont-init.d] 60-renew: exited 0. [cont-init.d] 70-templates: executing... **** The following reverse proxy confs have different version dates than the samples that are shipped. **** **** This may be due to user customization or an update to the samples. **** **** You should compare them to the samples in the same folder to make sure you have the latest updates. **** /config/nginx/proxy-confs/ombi.subdomain.conf /config/nginx/proxy-confs/nextcloud.subdomain.conf [cont-init.d] 70-templates: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [emerg] cannot load certificate "/config/keys/letsencrypt/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/keys/letsencrypt/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) Quote Link to comment
isvein Posted April 19, 2021 Share Posted April 19, 2021 Just a thing I found out, just in case someone has the same problem and did not know: Tried to update the certs today but got the message that authentication did not work. Found out that since my domain is now on Cloudflare, I had to turn off the proxy for the subdomains SWAG is using, then the authentication worked and then I could turn the proxy setting on again. Quote Link to comment
Wolbaz Posted April 19, 2021 Share Posted April 19, 2021 Having issues with overseerr. Works great and is fast and snappy with network set to bridge. When I add it to proxynet, however, it is consistently slow, and sometimes hangs up for minutes at a time. This is both using the local IP as well as the external domain. All of my other dockers on proxynet work fine. I brought that up on overseerr discord support and they insist it's a docker problem. Quote Link to comment
wes.crockett Posted April 22, 2021 Share Posted April 22, 2021 Good evening all, My web host raised their rates again and... well... screw that... $15/mo for a simple, mostly static, WP site... I don't think so. I already have MariaDB, SWAG, and a NextCloud instance set up and working. I blew away swag and redid it so that it includes top level domain certificate and not just sub-domains. My subdomain for Nextcloud is working, as well as one that I called web.exampledomian.com [using my actual domain]. The web one goes straight to the SWAG page. As does www.exampledomain.com. That said, I get 'ERR_TOO_MANY_REDIRECTS' when I just try https://exampledomain.com I am using Cloudflare for dns. Once I get my site up and running, I plan to transition my DNS registration to Cloudflare entirely for $8/yr. Any idea where to look as to why https://exampledomain.com would get a Too Many Redirects error while the subdomains (including www) do not? Quote Link to comment
wes.crockett Posted April 22, 2021 Share Posted April 22, 2021 5 minutes ago, wes.crockett said: Good evening all, My web host raised their rates again and... well... screw that... $15/mo for a simple, mostly static, WP site... I don't think so. I already have MariaDB, SWAG, and a NextCloud instance set up and working. I blew away swag and redid it so that it includes top level domain certificate and not just sub-domains. My subdomain for Nextcloud is working, as well as one that I called web.exampledomian.com [using my actual domain]. The web one goes straight to the SWAG page. As does www.exampledomain.com. That said, I get 'ERR_TOO_MANY_REDIRECTS' when I just try https://exampledomain.com I am using Cloudflare for dns. Once I get my site up and running, I plan to transition my DNS registration to Cloudflare entirely for $8/yr. Any idea where to look as to why https://exampledomain.com would get a Too Many Redirects error while the subdomains (including www) do not? It's always the setting you don't think about... set it to do Full SSL on CloudFlare and good to go. Quote Link to comment
casperse Posted April 24, 2021 Share Posted April 24, 2021 Configuration change needed after latest Nextcloud update to Nextcloud 21.0.1 Error message: My existing configuration in Swag: server { listen 443 ssl; listen [::]:443 ssl; server_name maindomain.dk; include /config/nginx/ssl.conf; # add_header X-Frame-Options "SAMEORIGIN" always; add_header Strict-Transport-Security "max-age=15768000; includeSubDomians; preload;"; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app nextcloud; set $upstream_port 443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_max_temp_file_size 2048m; } } I have found different solution on the net that I cant "translate" into my SWAG configuration file Quote To be more precise, I have added the following lines to my nginx config file: location = /.well-known/webfinger { rewrite ^/.well-known/webfinger /public.php?service=webfinger last; } location = /.well-known/nodeinfo { rewrite ^/.well-known/nodeinfo /public.php?service=nodeinfo last; } Or this one: location ^~ /.well-known { location = /.well-known/carddav { return 301 /remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; } # Anything else is dynamically handled by Nextcloud location ^~ /.well-known { return 301 /index.php$uri; } try_files $uri $uri/ =404; } If anyone have this working then it would be great if you could share your configuration file Quote Link to comment
casperse Posted April 24, 2021 Share Posted April 24, 2021 (edited) Update I tried this: server { listen 443 ssl; listen [::]:443 ssl; server_name maindomain.dk; include /config/nginx/ssl.conf; # add_header X-Frame-Options "SAMEORIGIN" always; add_header Strict-Transport-Security "max-age=15768000; includeSubDomians; preload;"; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app nextcloud; set $upstream_port 443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_max_temp_file_size 2048m; } # Make a regex exception for `/.well-known` so that clients can still # access it despite the existence of the regex rule location ^~ /.well-known { location = /.well-known/carddav { return 301 /remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; } # Anything else is dynamically handled by Nextcloud location ^~ /.well-known { return 301 /index.php$uri; } try_files $uri $uri/ =404; } } And I got it reduced to this last one: To anyone finding this "webfinger" error Last error is related to cache (In chrome do the following) Open Dev Tools (F12), and while this is open right click on "normal" refresh button on your top left and select Empty cache and hard reload. And all us ok Edited April 24, 2021 by casperse Quote Link to comment
Greygoose Posted April 25, 2021 Share Posted April 25, 2021 I am trying to set my maxmind key in the docker by adding a variable. Its not working I would be most grateful for some advice. Config Type: Variable Name: Maxmind Key: my Maxmind key Value: MAXMINDDB_LICENSE_KEY= Default value: -e What wrong with the above please. Quote Link to comment
saarg Posted April 25, 2021 Share Posted April 25, 2021 2 hours ago, Greygoose said: I am trying to set my maxmind key in the docker by adding a variable. Its not working I would be most grateful for some advice. Config Type: Variable Name: Maxmind Key: my Maxmind key Value: MAXMINDDB_LICENSE_KEY= Default value: -e What wrong with the above please. Everything. You have switched value and key and also remove =. Default value is also not -e. Just leave it blank. 1 Quote Link to comment
Greygoose Posted April 25, 2021 Share Posted April 25, 2021 3 hours ago, saarg said: Everything. You have switched value and key and also remove =. Default value is also not -e. Just leave it blank. Thank you, I now have it working because of you help. Much appreciated. Quote Link to comment
gustomucho Posted May 1, 2021 Share Posted May 1, 2021 (edited) I'm having some problems with my reverse proxy for a particular container (Linuxserver's Airsonic). I recently updated my containers (both Airsonic and Swag). Everything was working perfectly fine before the update. Now I get the following error : I am using the default subdomain.conf file provided with Swag (airsonic.subdomain.conf) Just to make sure, I tried deleting the config file and using the new one that gets automatically downloaded. The results stays the same. I can still access the Airsonic docker using the local address. Also, all of my other containers using Swag reverse proxy still work perfectly fine, so it seems isolated for Airsonic. The log of Swag does not bring up any error and airsonic subdomain is shown in there. Any ideas? Edited May 1, 2021 by gustomucho Quote Link to comment
saarg Posted May 1, 2021 Share Posted May 1, 2021 53 minutes ago, gustomucho said: I'm having some problems with my reverse proxy for a particular container (Linuxserver's Airsonic). I recently updated my containers (both Airsonic and Swag). Everything was working perfectly fine before the update. Now I get the following error : I am using the default subdomain.conf file provided with Swag (airsonic.subdomain.conf) Just to make sure, I tried deleting the config file and using the new one that gets automatically downloaded. The results stays the same. I can still access the Airsonic docker using the local address. Also, all of my other containers using Swag reverse proxy still work perfectly fine, so it seems isolated for Airsonic. The log of Swag does not bring up any error and airsonic subdomain is shown in there. Any ideas? Yes, the context path was added back to your airsonic template. Remove it and it will work again. 1 Quote Link to comment
gustomucho Posted May 1, 2021 Share Posted May 1, 2021 5 minutes ago, saarg said: Yes, the context path was added back to your airsonic template. Remove it and it will work again. Thanks alot for the quick answer! Problem solved Quote Link to comment
joshallen2k Posted May 2, 2021 Share Posted May 2, 2021 (edited) Hi - I'm having trouble with my swag setup. With a fresh docker install, my logs show challenge failed for my subdomains. They are properly setup in Cloudflare and my port forwarding is correct (forwarding 80 to 180 and 443 to 1443). I've attached my logs. Any suggestions? swaglog.txt Edited May 2, 2021 by joshallen2k typo Quote Link to comment
Aerodb Posted May 2, 2021 Share Posted May 2, 2021 Hey all, I wanted to ask where I could find the needed domains or IP addresses are for this container to work. I want to add them to my whitelist but I don't see anything detailing these on the linuxserver.io page for swag. I had issues setting this up with my pi-hole DNS server and want to re-enable it now, but also want the certificates to be able to renew also. thank you in advance. Quote Link to comment
007craft Posted May 3, 2021 Share Posted May 3, 2021 (edited) I was wondering if somebody could help me out with a problem with Swag not working on a particular subnet. My network is Vlan 2 (192.168.1.x) where my unraid and Swag lives and I also have vlan 3 (192.168.3.x) where my wifi connections live. So when in on the wan on some public IP, or on my computer on the 192.168.1.x network, which is the same as my unraid and swag containers, everything works fine. When I use my cell phone however, which is on the 192.168.3.x network, I get an error. Something about RFC1918 to public server address rejected. my router is set to allow 100% vlan communication over the local lan. I can easily access all my dockers from my 192.168.3.x network if I type the local ips, Like 192.168.1.102:8080 for example. So why is it that when I access via my domain, which Has the reverse proxy and Swag forwards the domain over to 192.168.1.102:8080, it does not work if trying from the 192.168.3.x network? I imagine this is because I need to somehow add 192.168.3.x Vlan to the "proxynet" bridge Im using in Unraid. So add it to the unraid route table, but I am unsure how to do this. Edited May 3, 2021 by 007craft Quote Link to comment
joshallen2k Posted May 3, 2021 Share Posted May 3, 2021 On 5/1/2021 at 10:18 PM, joshallen2k said: Hi - I'm having trouble with my swag setup. With a fresh docker install, my logs show challenge failed for my subdomains. They are properly setup in Cloudflare and my port forwarding is correct (forwarding 80 to 180 and 443 to 1443). I've attached my logs. Any suggestions? swaglog.txt 3.89 kB · 1 download I fixed this by disabling proxy inside Cloudflare. I'm not entirely sure why this worked, as my previous SWAG instance ran fine with Cloudflare proxy turned on... Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.