[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


5641 posts in this topic Last Reply

Recommended Posts

  • Replies 5.6k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

Application Name: SWAG - Secure Web Application Gateway Application Site:  https://docs.linuxserver.io/general/swag Docker Hub: https://hub.docker.com/r/linuxserver/swag Github: https:/

There is a PR just merged, it will be in next Friday's image, and will let you append php.ini via editing a file in the config folder   If you want to see how the sausage is made: https://gi

Posted Images

On 5/9/2019 at 4:15 AM, darrenyorston said:

Hello. I am trying to setup letsencrypt following spaceinvaderone's video. However, I cannot get letsencrypt to verify.

 

I am utilise an Ubiquiti USG as my router. I have set port forwarding in the the controller (running in a docker container) for port 80 to 180 and 443 to 1443 following spaceinvaderone's recommendation. According to the controller the port forwarding is working.

 

I have set the same ports in the container template and added my own domain name and the subdomain. I have edited the DNS settings in my domain provider adding a new CNAME "nextcloud" with the value set to my dynamic IP address with no-ip.

 

I am getting the message "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"

 

I have gone over my settings quite a few times but cannot see what I have done wrong. Could someone offer advice?

 

I have noted in no-ip's control panel that the dynamic DNS is not configured/detected for the subdomain. I dont know if this is the problem. It is showing the correct IP target though. I have dynamic DNS set in the unifi controller to my host name, but not to the second hostname listed in the dashboard. The unifi controller wont allow me to set two dynamic DNS etries to the same service.

I'm having this exact problem as well. When I port forward external port 80 to internal port 80, the unraid interface show up like normal on my domain. However the alternative internal port (I tried 180 and a few others and corresponding ports on the docker) will not work...

Link to post
5 hours ago, ErikH said:

I'm having this exact problem as well. When I port forward external port 80 to internal port 80, the unraid interface show up like normal on my domain. However the alternative internal port (I tried 180 and a few others and corresponding ports on the docker) will not work...

NAT reflection or hairpin NAT is what you need.

 

http://$IPADDRESS:180 or https://$IPADDRESS:1443 should work fine internally though

Link to post
15 hours ago, CHBMB said:

http://$IPADDRESS:180 or https://$IPADDRESS:1443 should work fine internally though

Thanks for your reply! 

Hoewever it seems that this doens't work either... all the other docker containers work fine except the letsencrypt one... I tried it on two machines now and both give the same result.

Edited by ErikH
Link to post
5 minutes ago, ErikH said:
An unexpected error occurred:

UnicodeDecodeError: 'utf-8' codec can't decode byte 0xae in position 2: invalid start byte
Please see the logfiles in /var/log/letsencrypt for more details.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Nginx is never starting up......

Need to fix that error before anything else.

Link to post

Hi, I have just installed this docker and having issues connecting to Sonarr, the only issue I see in the log is the following

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
Server ready

 

Anyone know how to correct these errors?

 

Thanks

Link to post
4 hours ago, CHBMB said:

Nginx is never starting up......

Need to fix that error before anything else.

Alright, then I know the problem is Nginx. In the mean while I tried a clean unraid install + letsencrypt on yet another system and there the exact same thing happend. 

Any idea on how to fix this error?

Link to post
5 minutes ago, ErikH said:

Alright, then I know the problem is Nginx. In the mean while I tried a clean unraid install + letsencrypt on yet another system and there the exact same thing happend. 

Any idea on how to fix this error?

He said the opposite. Nginx is not the problem as the creation of the cert is failing.

Link to post
2 hours ago, saarg said:

He said the opposite. Nginx is not the problem as the creation of the cert is failing.

My bad... I thought "Nginx is never starting up......" was the problem. 

So then... if the creation of the cert is failing, where do I look then?

Link to post

is there a way to make this 

#LOCAL IP ALLOW GEO BLOCK
    if ($lan-ip = yes) {
		set $allowed_country yes;
    }
    
	# COUNTRY GEO BLOCK 
    if ($allowed_country = no) {
		return 444;
    }

default for all configurations without the need to add it to each proxy-conf configuration?

Link to post
4 minutes ago, syniex said:

is there a way to make this 


#LOCAL IP ALLOW GEO BLOCK
    if ($lan-ip = yes) {
		set $allowed_country yes;
    }
    
	# COUNTRY GEO BLOCK 
    if ($allowed_country = no) {
		return 444;
    }

default for all configurations without the need to add it to each proxy-conf configuration?

Perhaps you can add it to nginx.conf outside of all the server blocks so it gets inherited by them

 

Pay attention to all the "include" statements. They literally mean copy and paste that file right here. That's how nginx starts with the main nginx.conf, imports all the included files and creates a giant config file that it then sorts through

Edited by aptalca
Link to post
1 hour ago, trevaaaaaaa said:

Hi, I have just installed this docker and having issues connecting to Sonarr, the only issue I see in the log is the following

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
Server ready

 

Anyone know how to correct these errors?

 

Thanks

That's an unrelated issue due to the alpine lua package. No fix for that yet, but it's not the cause of your proxy issue

Link to post
2 minutes ago, aptalca said:

Perhaps you can add it to nginx.conf outside of all the server blocks so it gets inherited by them

didn't work, "ginx: [emerg] "if" directive is not allowed here in /config/nginx/site-confs/default:118"

 

i tried both default file and nginx.conf

Link to post
28 minutes ago, ErikH said:

My bad... I thought "Nginx is never starting up......" was the problem. 

So then... if the creation of the cert is failing, where do I look then?

Docker run command

Link to post
1 hour ago, syniex said:

didn't work, "ginx: [emerg] "if" directive is not allowed here in /config/nginx/site-confs/default:118"

 

i tried both default file and nginx.conf

Try inside the http block

Link to post
4 hours ago, aptalca said:

That's an unrelated issue due to the alpine lua package. No fix for that yet, but it's not the cause of your proxy issue

Yeah didn't think it was related as server was ready, just trying to resolve issues in the log...thanks for clarifying the error :)

Link to post

Sorry
Text formulated before the last post and then sent later.

 

How can i stop nginx service in the container ?

service nginx stop dont work: "bash: service: command not found"

Edited by Abigel
Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.