crgcputech79 Posted November 22, 2018 Share Posted November 22, 2018 Hello everyone, I was wandering if there was a tutorial on how to install and run a wordpress site using the lextsencrypt container? i am already using it as reverse proxy on sub-domains now but want to host the main domain i own. i am new to the unraid community but am really enjoying the software, great job!!! any help would be appreciated. Thanks Quote Link to comment
aptalca Posted November 25, 2018 Share Posted November 25, 2018 On 11/22/2018 at 4:18 PM, crgcputech79 said: Hello everyone, I was wandering if there was a tutorial on how to install and run a wordpress site using the lextsencrypt container? i am already using it as reverse proxy on sub-domains now but want to host the main domain i own. i am new to the unraid community but am really enjoying the software, great job!!! any help would be appreciated. Thanks No need for a tutorial. Download the wordpress files into the www folder and navigate to the configuration page. Follow the steps on the wordpress website Quote Link to comment
crgcputech79 Posted November 26, 2018 Share Posted November 26, 2018 (edited) Thanks, i got it figured out, im a noob is all lol i have been using the lets encrypt docker for about 2 weeks and it is the ticket. awesome stuff Edited November 26, 2018 by crgcputech79 Quote Link to comment
stlrox Posted November 26, 2018 Share Posted November 26, 2018 Suddenly my configuration is not working. I use this to connect to my Home Assistant from outside my home network. I didn't make any changes and the only thing recently did was to update this container to the latest version. Anyone can help me out to figure out this issue? Here is the log file: <-------------------------------------------------> cronjob running on Sun Nov 25 21:48:37 CST 2018 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/xx.my.duckdns.org.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator standalone, Installer None Running pre-hook command: if ps aux | grep [n]ginx: > /dev/null; then s6-svc -d /var/run/s6/services/nginx; fi Renewing an existing certificate Performing the following challenges: http-01 challenge for xx.my.duckdns.org http-01 challenge for yy.my.duckdns.org Performing the following challenges: http-01 challenge for xx.my.duckdns.org http-01 challenge for yy.my.duckdns.org Waiting for verification... Cleaning up challenges Attempting to renew cert (xx.my.duckdns.org) from /etc/letsencrypt/renewal/xx.myduckdns.org.conf produced an unexpected error: Failed authorization procedure. xx.my.duckdns.org (http-01): urn: ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://xx.my.duckdns.org/.well-known/acme-challenge/[tokencode]: Timeout during connect (likely firewall problem), yy.my.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://yy.my.duckdns.org/.well-known/acme-challenge/[tokencode]: Timeout during connect (likely firewall problem). Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/xx.my.duckdns.org/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/xx.test.duckdns.org/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Running post-hook command: if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && sleep 1 && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem Hook command "if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && sleep 1 && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem" returned error code 1 Error output from if: cat: {privkey,fullchain}.pem: No such file or directory Quote Link to comment
aptalca Posted November 26, 2018 Share Posted November 26, 2018 42 minutes ago, stlrox said: Suddenly my configuration is not working. I use this to connect to my Home Assistant from outside my home network. I didn't make any changes and the only thing recently did was to update this container to the latest version. Anyone can help me out to figure out this issue? Here is the log file: <-------------------------------------------------> cronjob running on Sun Nov 25 21:48:37 CST 2018 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/xx.my.duckdns.org.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator standalone, Installer None Running pre-hook command: if ps aux | grep [n]ginx: > /dev/null; then s6-svc -d /var/run/s6/services/nginx; fi Renewing an existing certificate Performing the following challenges: http-01 challenge for xx.my.duckdns.org http-01 challenge for yy.my.duckdns.org Performing the following challenges: http-01 challenge for xx.my.duckdns.org http-01 challenge for yy.my.duckdns.org Waiting for verification... Cleaning up challenges Attempting to renew cert (xx.my.duckdns.org) from /etc/letsencrypt/renewal/xx.myduckdns.org.conf produced an unexpected error: Failed authorization procedure. xx.my.duckdns.org (http-01): urn: ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://xx.my.duckdns.org/.well-known/acme-challenge/[tokencode]: Timeout during connect (likely firewall problem), yy.my.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://yy.my.duckdns.org/.well-known/acme-challenge/[tokencode]: Timeout during connect (likely firewall problem). Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/xx.my.duckdns.org/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/xx.test.duckdns.org/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Running post-hook command: if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && sleep 1 && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem Hook command "if ps aux | grep 's6-supervise nginx' | grep -v grep > /dev/null; then s6-svc -u /var/run/s6/services/nginx; fi; cd /config/keys/letsencrypt && openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass: && sleep 1 && cat {privkey,fullchain}.pem > priv-fullchain-bundle.pem" returned error code 1 Error output from if: cat: {privkey,fullchain}.pem: No such file or directory Either your ip on duckdns is wrong, or your port forwarding for 80 is wrong (or your isp blocks port 80) Quote Link to comment
stlrox Posted November 26, 2018 Share Posted November 26, 2018 6 minutes ago, aptalca said: Either your ip on duckdns is wrong, or your port forwarding for 80 is wrong (or your isp blocks port 80) I have Duckdns container and it's running to update any changes to IP address. Also verified IP address from my router to the IP address at the duckdns page and they both match. And my ISP doesn't block port 80. This issue happening since last week and the only thing that was changed was an update to this container. Quote Link to comment
aptalca Posted November 26, 2018 Share Posted November 26, 2018 8 hours ago, stlrox said: I have Duckdns container and it's running to update any changes to IP address. Also verified IP address from my router to the IP address at the duckdns page and they both match. And my ISP doesn't block port 80. This issue happening since last week and the only thing that was changed was an update to this container. Actually, it was something you did within the last 2-3 months. The update only caused a forced validation due to expiring certs, and that process failed. Check your port forwarding on your router Quote Link to comment
stlrox Posted November 27, 2018 Share Posted November 27, 2018 14 hours ago, aptalca said: Actually, it was something you did within the last 2-3 months. The update only caused a forced validation due to expiring certs, and that process failed. Check your port forwarding on your router Is there any way to renew from the command line? Earlier I used Letsencrypt along with Home Assistant on Raspberry Pi and every three months I used to renew Letsencrypt certs manually. Quote Link to comment
aptalca Posted November 27, 2018 Share Posted November 27, 2018 2 hours ago, stlrox said: Is there any way to renew from the command line? Earlier I used Letsencrypt along with Home Assistant on Raspberry Pi and every three months I used to renew Letsencrypt certs manually. We don't support that Quote Link to comment
Bilal Yassine Posted November 29, 2018 Share Posted November 29, 2018 Hi, I was wondering if anyone knows if it's possible to use the reverse proxy aspect of this docker to open a webpage hosted on a VM in unraid. so, for example, say I hosted a website or installed GitLab in a VM would I be able to reverse proxy to it with a subdomain. (not sure if i'm explaining this correctly. this field is really not my element of study) Regards, Bilal Yassine Quote Link to comment
aptalca Posted November 29, 2018 Share Posted November 29, 2018 4 hours ago, Bilal Yassine said: Hi, I was wondering if anyone knows if it's possible to use the reverse proxy aspect of this docker to open a webpage hosted on a VM in unraid. so, for example, say I hosted a website or installed GitLab in a VM would I be able to reverse proxy to it with a subdomain. (not sure if i'm explaining this correctly. this field is really not my element of study) Regards, Bilal Yassine Sure, you just use the ip of the vm in the proxy_pass directive Quote Link to comment
Bilal Yassine Posted November 29, 2018 Share Posted November 29, 2018 16 minutes ago, aptalca said: Sure, you just use the ip of the vm in the proxy_pass directive cool thanks I will give it a shot. as a side question. if I had something running on a raspberry pi so obviously not on my unraid box could I do the same thing to have reverse proxy working for it or is this docker just for things running on unraid? Quote Link to comment
aptalca Posted November 30, 2018 Share Posted November 30, 2018 3 hours ago, Bilal Yassine said: cool thanks I will give it a shot. as a side question. if I had something running on a raspberry pi so obviously not on my unraid box could I do the same thing to have reverse proxy working for it or is this docker just for things running on unraid? No, you can reverse proxy anything through the ip address. Quote Link to comment
Bilal Yassine Posted November 30, 2018 Share Posted November 30, 2018 16 hours ago, aptalca said: No, you can reverse proxy anything through the ip address. fantastic thanks for the help. Quote Link to comment
smdion Posted December 2, 2018 Share Posted December 2, 2018 (edited) Whats the possibility of adding the RADIUS or LDAP HTTP module so I can do Duo 2FA on my reverse proxy? https://github.com/nginx-modules/nginx-radius https://github.com/nginxinc/nginx-ldap-auth Edited December 2, 2018 by smdion Quote Link to comment
L0rdRaiden Posted December 2, 2018 Share Posted December 2, 2018 Is there any tutorial on how to setup "something" with this docker? I have been reading a little bit but there are 104 pages and I'm not and IT pro. Quote Link to comment
trurl Posted December 2, 2018 Share Posted December 2, 2018 15 minutes ago, L0rdRaiden said: Is there any tutorial on how to setup "something" with this docker? I have been reading a little bit but there are 104 pages and I'm not and IT pro. Have you looked through the videos prepared by SpaceInvader One? https://www.youtube.com/channel/UCZDfnUn74N0WeAPvMqTOrtA/videos 1 Quote Link to comment
L0rdRaiden Posted December 2, 2018 Share Posted December 2, 2018 (edited) Oh, thanks, I just watch it and followed it but I'm stuck when I try to change my dockers to the "proxynet" network. previously they were "custom:bro" or "bridge" I get an error like this root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='Radarr' --net='proxynet' --ip='192.168.1.205' --cpuset-cpus='4,6,5,7' -e TZ="Europe/Paris" -e HOST_OS="Unraid" -e 'PUID'='99' -e 'PGID'='100' -p '7878:7878/tcp' -v '/mnt/user/Storage/Downloads/':'/downloads':'rw' -v '/mnt/user/Storage/Movies/':'/movies':'rw' -v '/mnt/user/Docker/Radarr':'/config':'rw' 'linuxserver/radarr' c034520ca18928484bd0140c2cc31100864be179d22fdcee0f7c8fd761191cc1 /usr/bin/docker: Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets. how can I fix it? When I dont place a fix IP and I just let fix IP address empty and network type "custom: proxynet" I get this There is nothing in port mappings so it doesn't work either Then is possible to do the same with a webserver that I have in a virtual machine o unraid? Edited December 2, 2018 by L0rdRaiden Quote Link to comment
aptalca Posted December 2, 2018 Share Posted December 2, 2018 11 hours ago, smdion said: Whats the possibility of adding the RADIUS or LDAP HTTP module so I can do Duo 2FA on my reverse proxy? https://github.com/nginx-modules/nginx-radius https://github.com/nginxinc/nginx-ldap-auth Not sure how duo works but ldap auth is already included. For radius, there is no alpine package in the repo. 1 Quote Link to comment
aptalca Posted December 2, 2018 Share Posted December 2, 2018 34 minutes ago, L0rdRaiden said: Oh, thanks, I just watch it and followed it but I'm stuck when I try to change my dockers to the "proxynet" network. previously they were "custom:bro" or "bridge" I get an error like this root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='Radarr' --net='proxynet' --ip='192.168.1.205' --cpuset-cpus='4,6,5,7' -e TZ="Europe/Paris" -e HOST_OS="Unraid" -e 'PUID'='99' -e 'PGID'='100' -p '7878:7878/tcp' -v '/mnt/user/Storage/Downloads/':'/downloads':'rw' -v '/mnt/user/Storage/Movies/':'/movies':'rw' -v '/mnt/user/Docker/Radarr':'/config':'rw' 'linuxserver/radarr' c034520ca18928484bd0140c2cc31100864be179d22fdcee0f7c8fd761191cc1 /usr/bin/docker: Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets. how can I fix it? When I dont place a fix IP and I just let fix IP address empty and network type "custom: proxynet" I get this There is nothing in port mappings so it doesn't work either Then is possible to do the same with a webserver that I have in a virtual machine o unraid? First set it to the regular bridge and set up your port forwards if you like. Save and exit. Go into the container settings one more time, change it to proxynet, don't enter an ip and hit save. Unraid doesn't recognize your proxynet as a custom bridge network (assumes it is macvlan) so if you try to change port mappings after selecting proxynet, unraid won't do it properly. 1 Quote Link to comment
L0rdRaiden Posted December 2, 2018 Share Posted December 2, 2018 (edited) 59 minutes ago, aptalca said: First set it to the regular bridge and set up your port forwards if you like. Save and exit. Go into the container settings one more time, change it to proxynet, don't enter an ip and hit save. Unraid doesn't recognize your proxynet as a custom bridge network (assumes it is macvlan) so if you try to change port mappings after selecting proxynet, unraid won't do it properly. Thanks it works now The only issue is that my docker container has a capital leter "Netdata" and only works if I call it "netdata" instead. In the nginx conf file doesn't make any difference if I call it "Netdata" Quote include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_netdata Netdata; proxy_pass http://$upstream_netdata:19999; It doesn't bother me a lot but it is possible to have a capital letter in the docker name and change the conf file accordingly? Edited December 2, 2018 by L0rdRaiden Quote Link to comment
L0rdRaiden Posted December 2, 2018 Share Posted December 2, 2018 Are there any plans to include ModSecurity in this docker? https://www.modsecurity.org/ https://hub.docker.com/r/owasp/modsecurity-crs/ Quote Link to comment
aptalca Posted December 2, 2018 Share Posted December 2, 2018 4 hours ago, L0rdRaiden said: Thanks it works now The only issue is that my docker container has a capital leter "Netdata" and only works if I call it "netdata" instead. In the nginx conf file doesn't make any difference if I call it "Netdata" It doesn't bother me a lot but it is possible to have a capital letter in the docker name and change the conf file accordingly? That's a dns hostname resolution thing. Not nginx's fault. Use all lowercase in container names or define a network alias for the container Quote Link to comment
aptalca Posted December 2, 2018 Share Posted December 2, 2018 56 minutes ago, L0rdRaiden said: Are there any plans to include ModSecurity in this docker? https://www.modsecurity.org/ https://hub.docker.com/r/owasp/modsecurity-crs/ It seems to be an apache module? So no plans Quote Link to comment
L0rdRaiden Posted December 2, 2018 Share Posted December 2, 2018 18 minutes ago, aptalca said: It seems to be an apache module? So no plans is available for nginx https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/ https://github.com/SpiderLabs/ModSecurity-nginx Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.