dollabillz Posted May 4, 2021 Share Posted May 4, 2021 (edited) I was wondering if some one could help me figure out where i had screwed up. I set up swag and nextcloud on the same custom network and port forward is working but when i go to mydomain.me I get "The page isn’t redirecting properly". This all started when i got a new domain, on my old domain it worked just fine. can anyone point me in the right direction? after poking it the settings some more, i think it may be in the NGINX program because when i changed it from DNS/wildcard to http and only used one subdomain it worked. but when i put in the rest of the subdomains it stopped working again. Edited May 6, 2021 by dollabillz new info Quote Link to comment
mrtrilby Posted May 5, 2021 Share Posted May 5, 2021 On 5/3/2021 at 4:20 PM, joshallen2k said: I fixed this by disabling proxy inside Cloudflare. I'm not entirely sure why this worked, as my previous SWAG instance ran fine with Cloudflare proxy turned on... I have the same issue - I have never been able to use Nginx with Cloudflare's proxy turned on. If anyone has insight into why this doesn't work, that would be great to know. Also - I can't access my own server using DNS from within my own network - e.g. nextcloud.mydom.com. It works from a VPN, but not from my LAN. As far as I can tell from SpaceInvader One's guides, I have done everything correctly, and I can see that he can access his own Nextcloud from his LAN. Why would that not work on my LAN..? Quote Link to comment
tetrapod Posted May 6, 2021 Share Posted May 6, 2021 18 hours ago, mrtrilby said: I have the same issue - I have never been able to use Nginx with Cloudflare's proxy turned on. If anyone has insight into why this doesn't work, that would be great to know. I had the same issue and I think, if I remember correctly, that Spaceinwader's video didn't mention that you had to turn of proxy for the subdomain CNAME record. Maybe this worked differently before at Cloudflare? But when I turn on "proxied" for any CNAME that URL will no longer point to my server, it will point to a cloudflare server. How this proxy via Cloudflare is supposed to work I do not know. I can keep "proxied" on for my A records though Quote Link to comment
ihaveskittles Posted May 7, 2021 Share Posted May 7, 2021 On 5/1/2021 at 10:18 PM, joshallen2k said: Hi - I'm having trouble with my swag setup. With a fresh docker install, my logs show challenge failed for my subdomains. They are properly setup in Cloudflare and my port forwarding is correct (forwarding 80 to 180 and 443 to 1443). I've attached my logs. Any suggestions? swaglog.txt 3.89 kB · 6 downloads I'm having the same issue. I updated the docker and my reverse proxy stopped working. On 5/3/2021 at 9:20 AM, joshallen2k said: I fixed this by disabling proxy inside Cloudflare. I'm not entirely sure why this worked, as my previous SWAG instance ran fine with Cloudflare proxy turned on... I wished this worked for me, but it didn't. Any other ideas? Quote Link to comment
brucejobs Posted May 7, 2021 Share Posted May 7, 2021 On 3/6/2021 at 10:54 AM, SiRMarlon said: I am working on trying to figure out the extra parameters for the NGINX cofig file now. Did you work it out? IF so, please share steps from start to finish. thanks Quote Link to comment
pupmeister Posted May 8, 2021 Share Posted May 8, 2021 On 8/26/2020 at 1:40 PM, druck21 said: Has anything changed recently? I had this all set up correctly and working great using dns validation through cloudflare, but lately whenever I try to check my SAB docker by using the letsencrypt domain, I can get to the login page, but once I login I just get stuck on a "Lost connection to SABnzbd.." error screen. I can view SAB just fine when I go directly to the docker's internal address, just not when going through letsencrypt. Any ideas? Did you ever find out the reason and a solution for this problem? Quote Link to comment
tvd1 Posted May 9, 2021 Share Posted May 9, 2021 Hey guys - Sort of a newbie here, but I have a question about my swag setup. I followed a great guide on how to get Emby and Swag to work on my Unraid server.. All is well with that and im happy. However, I have another (physical) synology server that has services on the same domain. Those no longer work. Is there any guides or information about how I'd get "emby.mydomain.com" to resolve to my unraid swag setup, and "synology.mydomain.com:5000" to work on my synology box? Quote Link to comment
dollabillz Posted May 9, 2021 Share Posted May 9, 2021 15 hours ago, tvd1 said: Hey guys - Sort of a newbie here, but I have a question about my swag setup. I followed a great guide on how to get Emby and Swag to work on my Unraid server.. All is well with that and im happy. However, I have another (physical) synology server that has services on the same domain. Those no longer work. Is there any guides or information about how I'd get "emby.mydomain.com" to resolve to my unraid swag setup, and "synology.mydomain.com:5000" to work on my synology box? cant you just install Swag on both servers and port 5000 to your synology server? Quote Link to comment
tetrapod Posted May 10, 2021 Share Posted May 10, 2021 12 hours ago, dollabillz said: cant you just install Swag on both servers and port 5000 to your synology server? Why would you need Swag on both servers? Quote Link to comment
tetrapod Posted May 10, 2021 Share Posted May 10, 2021 On 5/9/2021 at 7:43 AM, tvd1 said: Hey guys - Sort of a newbie here, but I have a question about my swag setup. I followed a great guide on how to get Emby and Swag to work on my Unraid server.. All is well with that and im happy. However, I have another (physical) synology server that has services on the same domain. Those no longer work. Is there any guides or information about how I'd get "emby.mydomain.com" to resolve to my unraid swag setup, and "synology.mydomain.com:5000" to work on my synology box? By giving the example "emby.mydomain.com" I guess that he ha set up Swag to work with subdomains? What service have you used to point mydomain.com to your WAN address? I think we need a little more information on how you have set this up to be able to give good advice. You should not need to give a port number in the URL ("synology.mydomain.com:5000"). You either need a nginx subdomain config file configured for you synology server pointing to that resource (<synologyLAN-IP>:5000) or you skip Swag and let you NAT point port 5000 to your synology. But, again, there are a lot ways to skin this cat. Depends on what you are trying to accomplish @tvd1. Quote Link to comment
tvd1 Posted May 10, 2021 Share Posted May 10, 2021 (edited) Thanks all.. I was able to get this working by following this guide to change my subdomain config file : Swag reverse proxy for different server I just needed to make sure to use https for my synology.mydomain.com and leave off the port number as you suggested. Edited May 10, 2021 by tvd1 bad link Quote Link to comment
azacan Posted May 10, 2021 Share Posted May 10, 2021 On 4/3/2021 at 11:22 PM, azacan said: Hi, I have been trying to setup something I am not sure is possible to do with my current setup and swag. Basically is to reverse proxy http only services on my unraid machine from a domain like photoprism.lan to its containerIP and port (2342) I have swag running on unraid 6.9.1 host and listening on ports 80 and 443, those are port forwarded from my router for external access. I can successfully access my desired services running on https behind the subdomain certs I have generated for nextcloud and bitwarden: nextcloud.mydomain.com and bitwarden.mydomain.com. Everything works fine also internally: I have two entries on PiHole internal DNS server that resolves nextcloud.mydomain.com and bitwarden.mydomain.com to the local unraid IP where swag nginx is listening. Now I am trying to make use of the nginx reverse proxy on swag to locally access a new service on my unraid, in this case photoprism. The thing is that photoprism gui is running on port 2342 and is running over http. I would like to access photoprism with a domain (different from my external one used for nextcloud and bitwarden) and without needing to write the port each time, for example with http://photoprism.lan and no port (I have added a dns entry on the pihole to resolve photoprism.lan to the unraid IP where swag nginx is listening) but I have not find a way to configure a proxy-conf in nginx that proxies this domain to the right IP and port. What I have tried, among many other things is to put a file (local-servers.conf) inside proxy-confs folder of ngingx with: server { listen 80; server_name photoprism.*; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app photoprism; set $upstream_port 2342; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } I have tried also with server_name photoprism.lan* Although the internal docker dns works ok resolving the container name, I have tried also setting the proxy_pass with the final docker IP and port with no luck. When I try to go to http://photoprism.lan I got redirected to a https://photoprism.lan/ and see the default nginx webpage: Welcome to our server The website is currently being setup under this address. For help and support, please contact: [email protected] Is this because by default only https is being configured to be proxied? Any way of allowing http for internal lan without compromising security? My certs are subdomains, as stated above, like nextcloud.mydomain.com but the photoprism is not in the same domain but photoprism.lan, does this cause the failure? Thanks! Hi, Any idea on how to solve this or even if it is possible? Thanks! Quote Link to comment
Stubbs Posted May 13, 2021 Share Posted May 13, 2021 Is there a way to put the swag container behind a VPN? I followed the Spaceinvader guide on how to put certain docker applications behind a VPN using privoxy, but what if I wanted an entire custom network to be behind the VPN? For example, I'm self-hosting a Nextcloud instance with Swag, but anyone with the URL can basically see my real WAN IP address. Is there a way to configure it with openVPN files to put a VPN connection between user and host? Quote Link to comment
Stubbs Posted May 13, 2021 Share Posted May 13, 2021 (edited) Tried adding extra parameters to address what I was trying to do. Ended up breaking the container, so I reinstalled it, and now it's flat out not working. Any idea what's causing the problem? Log: dns-01 challenge for site.org Unsafe permissions on credentials configuration file: /config/dns-conf/luadns.ini Cleaning up challenges Cleaning up challenges Encountered exception during recovery: TypeError: delete_record() got an unexpected keyword argument 'type' Encountered exception during recovery: TypeError: delete_record() got an unexpected keyword argument 'type' An unexpected error occurred: TypeError: create_record() got an unexpected keyword argument 'type' Please see the logfiles in /var/log/letsencrypt for more details. ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/luadns.ini file. Encountered exception during recovery: TypeError: delete_record() got an unexpected keyword argument 'type' An unexpected error occurred: TypeError: create_record() got an unexpected keyword argument 'type' Please see the logfiles in /var/log/letsencrypt for more details. ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/luadns.ini file. Edited May 13, 2021 by Stubbs Quote Link to comment
Stubbs Posted May 13, 2021 Share Posted May 13, 2021 The more detailed log: 2021-05-14 07:27:14,760:DEBUG:acme.client:Storing nonce: 00033E53nKQ6FMRgnfb07hZGGW0_LU5GctvsON8mTd172Hk 2021-05-14 07:27:14,760:INFO:certbot._internal.auth_handler:Performing the following challenges: 2021-05-14 07:27:14,760:INFO:certbot._internal.auth_handler:dns-01 challenge for test.org 2021-05-14 07:27:14,761:WARNING:certbot.plugins.dns_common:Unsafe permissions on credentials configuration file: /config/dns-conf/luadns.ini 2021-05-14 07:27:14,765:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.luadns.com:443 2021-05-14 07:27:15,766:DEBUG:urllib3.connectionpool:https://api.luadns.com:443 "GET /v1/zones HTTP/1.1" 200 165 2021-05-14 07:27:15,770:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations resps = self.auth.perform(achalls) File "/usr/lib/python3.8/site-packages/certbot/plugins/dns_common.py", line 60, in perform self._perform(domain, validation_domain_name, validation) File "/usr/lib/python3.8/site-packages/certbot_dns_luadns/_internal/dns_luadns.py", line 54, in _perform self._get_luadns_client().add_txt_record(domain, validation_name, validation) File "/usr/lib/python3.8/site-packages/certbot/plugins/dns_common_lexicon.py", line 48, in add_txt_record self.provider.create_record(type='TXT', name=record_name, content=record_content) TypeError: create_record() got an unexpected keyword argument 'type' 2021-05-14 07:27:15,770:DEBUG:certbot._internal.error_handler:Calling registered functions 2021-05-14 07:27:15,770:INFO:certbot._internal.auth_handler:Cleaning up challenges 2021-05-14 07:27:15,772:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.luadns.com:443 2021-05-14 07:27:16,810:DEBUG:urllib3.connectionpool:https://api.luadns.com:443 "GET /v1/zones HTTP/1.1" 200 165 2021-05-14 07:27:16,813:ERROR:certbot._internal.error_handler:Encountered exception during recovery: TypeError: delete_record() got an unexpected keyword argument 'type' 2021-05-14 07:27:16,814:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 8, in <module> sys.exit(main()) File "/usr/lib/python3.8/site-packages/certbot/main.py", line 15, in main return internal_main.main(cli_args) File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1435, in main return config.func(config, plugins) File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1304, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 140, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 444, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 424, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, best_effort) File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations resps = self.auth.perform(achalls) File "/usr/lib/python3.8/site-packages/certbot/plugins/dns_common.py", line 60, in perform self._perform(domain, validation_domain_name, validation) File "/usr/lib/python3.8/site-packages/certbot_dns_luadns/_internal/dns_luadns.py", line 54, in _perform self._get_luadns_client().add_txt_record(domain, validation_name, validation) File "/usr/lib/python3.8/site-packages/certbot/plugins/dns_common_lexicon.py", line 48, in add_txt_record self.provider.create_record(type='TXT', name=record_name, content=record_content) TypeError: create_record() got an unexpected keyword argument 'type' 2021-05-14 07:27:16,815:ERROR:certbot._internal.log:An unexpected error occurred: 2021-05-14 07:27:16,815:ERROR:certbot._internal.log:TypeError: create_record() got an unexpected keyword argument 'type' Quote Link to comment
KoNeko Posted May 14, 2021 Share Posted May 14, 2021 (edited) Swap stopped renewing my Letsencrypt cert since this week. i didnt change anything in the docker or any config file of this docker. i do it via DNS which always worked the credentials are in the ini file at that location. Failed to renew certificate .nl with error: Missing properties in credentials configuration file /config/dns-conf/transip.ini: * Property "certbot_dns_transip:dns_transip_key_file" not found (should be RSA key file(convert with openssl rsa -in transip.key -out decrypted_key)). * Property "certbot_dns_transip:dns_transip_username" not found (should be Transip username). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewals failed. The following certificates could not be renewed: EDIT: maybe its new or it got removed somehow but after i added and restarted the container its all fixed. Edited May 14, 2021 by KoNeko Fixed the problem Quote Link to comment
polishprocessors Posted May 14, 2021 Share Posted May 14, 2021 Hey all! So I thought I had this up and running - got LetsEncrypt to work, got some subdomains setup, changed my DNS entries to point the right way and redirected my FW appropriately. But now I'm getting the following errors in my nginx log: 2021/05/14 18:18:06 [error] 476#476: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53 2021/05/14 18:18:11 [error] 476#476: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53 2021/05/14 18:18:11 [error] 476#476: send() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53 I've seen this elsewhere in the thread but no one's answered what's going on. It seems to me like the local docker resolver isn't working but I don't know whether this is from me changing something or just something broken in my config. I've confirmed I can ping 127.0.0.11 so it just seems like it's being rejected. I've tried running the container as a host but all my requests come back with a 502 error, presumably because it's not on the same docker subnet as the other containers, but once I put it back on 'bridge' with the rest of the containers I get these resolve errors as above again. I've tried restarting docker and my whole unraid box, to no avail-does anyone have any thoughts? Quote Link to comment
polishprocessors Posted May 15, 2021 Share Posted May 15, 2021 Ok, solved my issue to an extent. Whilst I have no idea why it's failing, I found this note in the SWAG proxy documentation: Quote If the proxied container is not in the same user defined bridge network as SWAG (could be on a remote host, could be using host networking or macvlan), we can change the value of $upstream_app to an IP address instead: set $upstream_app 192.168.1.10; So I changed the $upstream_app to read, instead of the name of the container, the IP of the NAT'd IP of Docker. It works fine, but does anyone know why I have to do this and how to run it as default? Quote Link to comment
polishprocessors Posted May 18, 2021 Share Posted May 18, 2021 Think I figured it out-need to have swag and any containers I want to kick it to on the same virtual network in docker Quote Link to comment
tardezyx Posted May 19, 2021 Share Posted May 19, 2021 (edited) Does SWAG automatically update the IP of the server at duckdns.org? If not, what is the purpose of the duckdns token in the SWAG docker settings? Edited May 19, 2021 by tardezyx Quote Link to comment
strike Posted May 19, 2021 Share Posted May 19, 2021 8 minutes ago, tardezyx said: Does SWAG automatically update the IP of the server at duckdns.org? If not, what is the purpose of the duckdns token in the SWAG docker settings? No. IIRC it has to do with DNS validation. 1 Quote Link to comment
guilhem31 Posted May 19, 2021 Share Posted May 19, 2021 Hi everyone, I'm sad I have to post here... everything was working fine until 3 days ago when one of my cache pool drive died. I had problems with my /appdata backup and I had to delete files from the swag config (probably chmod problems or busy files the moment I wanted to backup). I changed my cache drive without any other issue. When I try to launch swag, I got this error in my log : https://pastebin.com/mMuxi79e My ovh.ini credentials are good. I cleaned the _acme-challenge DNS entry from my OVH manager console. My domain DNS are all ok, A and CNAME. Restarted swag container multiple times.... nothing. I don't understand what I'm doing wrong. Any help would be VERY appreciated ! Quote Link to comment
RockDawg Posted May 20, 2021 Share Posted May 20, 2021 I've had SWAG set up and running for a couple years now (back before it was SWAG) and it works great. I have to admit I don't totally understand everything (or even much) about it, but via tutorials and this forum, I was able to get everything working. I switched to a wildcard cert a year or so ago without much issue. But I am having an issue trying to allow for a new subdomain. I have had Radarr working all this time and I recently another instance to to handle 4K content. I thought this would be super easy. I went on to my Cloudflare dash and created a cname for radarr4k (the other is just radarr) and I copied my radarr site-conf, renamed it to radarr4k, replaced every instance of radarr inside with radarr4k and changes the port the port I use for radarr4k. I thought it would be as simple as that and just work, but I get a 502 error whenvever I try to go to https://radarr4k.myserver.com. Here is my radarr file: server { listen 443 ssl; server_name radarr.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_radarr radarr; proxy_pass http://$upstream_radarr:7878; } } Here is my radarr4k file: server { listen 443 ssl; server_name radarr4k.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_radarr4k radarr4k; proxy_pass http://$upstream_radarr4k:7879; } } Any ideas what I am doing wrong? Quote Link to comment
saarg Posted May 20, 2021 Share Posted May 20, 2021 23 hours ago, guilhem31 said: Hi everyone, I'm sad I have to post here... everything was working fine until 3 days ago when one of my cache pool drive died. I had problems with my /appdata backup and I had to delete files from the swag config (probably chmod problems or busy files the moment I wanted to backup). I changed my cache drive without any other issue. When I try to launch swag, I got this error in my log : https://pastebin.com/mMuxi79e My ovh.ini credentials are good. I cleaned the _acme-challenge DNS entry from my OVH manager console. My domain DNS are all ok, A and CNAME. Restarted swag container multiple times.... nothing. I don't understand what I'm doing wrong. Any help would be VERY appreciated ! Use an earlier tag. It's an upstream issue. Quote Link to comment
saarg Posted May 20, 2021 Share Posted May 20, 2021 57 minutes ago, RockDawg said: I've had SWAG set up and running for a couple years now (back before it was SWAG) and it works great. I have to admit I don't totally understand everything (or even much) about it, but via tutorials and this forum, I was able to get everything working. I switched to a wildcard cert a year or so ago without much issue. But I am having an issue trying to allow for a new subdomain. I have had Radarr working all this time and I recently another instance to to handle 4K content. I thought this would be super easy. I went on to my Cloudflare dash and created a cname for radarr4k (the other is just radarr) and I copied my radarr site-conf, renamed it to radarr4k, replaced every instance of radarr inside with radarr4k and changes the port the port I use for radarr4k. I thought it would be as simple as that and just work, but I get a 502 error whenvever I try to go to https://radarr4k.myserver.com. Here is my radarr file: server { listen 443 ssl; server_name radarr.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_radarr radarr; proxy_pass http://$upstream_radarr:7878; } } Here is my radarr4k file: server { listen 443 ssl; server_name radarr4k.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_radarr4k radarr4k; proxy_pass http://$upstream_radarr4k:7879; } } Any ideas what I am doing wrong? You don't have to set a came in cloudflare when using wildcard. Wildcard is for everything. I guess you are using a custom docker network for swag and radarrs, so no need to change the port in the proxy-conf as swag talks to the containers using the name. It is all internal in the custom network and therefor you use the container port. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.