[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


5533 posts in this topic Last Reply

Recommended Posts

Im starting to think that my port 80 is blocked by my ISP. I'm not sure how bad this is, as i can still reach nextcloud externally on 443.

I tried all the NAT reflection options with rebooting after each change, but still no succes..

Link to post
  • Replies 5.5k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

Application Name: SWAG - Secure Web Application Gateway Application Site:  https://docs.linuxserver.io/general/swag Docker Hub: https://hub.docker.com/r/linuxserver/swag Github: https:/

There is a PR just merged, it will be in next Friday's image, and will let you append php.ini via editing a file in the config folder   If you want to see how the sausage is made: https://gi

Posted Images

Im starting to think that my port 80 is blocked by my ISP. I'm not sure how bad this is, as i can still reach nextcloud externally on 443.
I tried all the NAT reflection options with rebooting after each change, but still no succes..
I think that makes more sense. I know ISP can do it as long you use their router.

But if you say nextcloud works using port 443. Maybe force let's encrypt to redirect traffic to 443 only?

I did it by going to the appdata/letsencrypt/nginx/site-confs/

And edit the default

The setting is already there is just enabling it.

I'm just guessing right now because is really specific

Sent from my Pixel 2 XL using Tapatalk

Link to post

Hey Guys,

 

I need some help. I am getting this on the logs for letsencrypt. Two errors. I have followed Spaceinvader and Techcoreduo and i cant get it to work outside my network.

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

 

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

 

 

 

Screen Shot 2019-05-28 at 4.06.01 PM.png

Screen Shot 2019-05-28 at 4.06.52 PM.png

Screen Shot 2019-05-28 at 4.09.29 PM.png

Screen Shot 2019-05-28 at 4.11.03 PM.pngimage.thumb.png.5f67455aa1369d7f52e907811f6471ca.pngimage.png.5934681c0e3ae7d2c799eb3c359f8c74.png

Edited by Tucubanito07
Link to post
Hey Guys,
 
I need some help. I am getting this on the logs for letsencrypt. Two errors. I have followed Spaceinvader and Techcoreduo and i cant get it to work outside my network.
 
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
 
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
 
 
 
1826228601_ScreenShot2019-05-28at4_06_01PM.thumb.png.e0b46fad39ced450be6ff41593189ec2.png
2096802930_ScreenShot2019-05-28at4_06_52PM.thumb.png.5b2cef9d53173f5bdd961f81b9ec5eab.png
2024555171_ScreenShot2019-05-28at4_09_29PM.thumb.png.8860cc3fe107b196ed2daf358c21b0b3.png
123510710_ScreenShot2019-05-28at4_11_03PM.thumb.png.b1b0656787f73c10f05b1055ef42f0c7.pngimage.thumb.png.5f67455aa1369d7f52e907811f6471ca.pngimage.png.5934681c0e3ae7d2c799eb3c359f8c74.png
Look back a couple pages; it's been covered very recently

Sent from my SM-G975U using Tapatalk

Link to post
7 hours ago, gacpac said:

Also, shouldn't you be using TCP instead of UDP emoji848.png?

Sent from my Pixel 2 XL using Tapatalk
 

Yeah he should use tcp for 80 and 443 and is the reason for the issues.

@Tucubanito07

The errors you have is harmless as said on the last couple of pages. Change your port forwards to use tcp as Tupac says above, and you should be closer to get it working.

 

Link to post
1 hour ago, aptalca said:

Just read the last few posts man, come on now

Duh!!! My bad....I know reading is fundamental! 

 

Also, I am trying to setup the mail mod in nginx.  In the nginx.conf, I uncommented the mail section and copied/edited the php script from the wiki page.  I edited the script to use my IP of my unraid.  in the conf file the auth_http is set to the location of the script file.

How can I tell if it's working?

Edited by sgt_spike
adding to
Link to post
5 hours ago, saarg said:

Yeah he should use tcp for 80 and 443 and is the reason for the issues.

@Tucubanito07

The errors you have is harmless as said on the last couple of pages. Change your port forwards to use tcp as Tupac says above, and you should be closer to get it working.

 

So change my router to port forward to 80 and 443 ?

Link to post
So change my router to port forward to 80 and 443 ?
Probably be a good place to start. May have to reference back through SpaceInvaders videos, he shows how to set it up and you can figure our where yours is broke.

Sent from my SM-G975U using Tapatalk

Link to post
2 minutes ago, blaine07 said:

Probably be a good place to start. May have to reference back through SpaceInvaders videos, he shows how to set it up and you can figure our where yours is broke.

Sent from my SM-G975U using Tapatalk
 

I followed his instructions to the teeth and it did not work. I am going to delete everything and restart from fresh again and see if that helps. But I have already done it with space invader. 

Link to post
I followed his instructions to the teeth and it did not work. I am going to delete everything and restart from fresh again and see if that helps. But I have already done it with space invader. 
That's what guide I used with success. Pfsense is my router FWIW.

Sent from my SM-G975U using Tapatalk

Link to post
I am using the router from my isp provider.  It has to do with the port forwarding ports. 
I'm not sure how but might be worth looking into if your provider blocks 80; it isn't unheard of

Sent from my SM-G975U using Tapatalk

Link to post
5 minutes ago, blaine07 said:

I'm not sure how but might be worth looking into if your provider blocks 80; it isn't unheard of

Sent from my SM-G975U using Tapatalk
 

after i port forwarded to tcp 80 and 443 i get this screen. I have input the password and it does not go in. 

 

 

Screen Shot 2019-05-29 at 12.13.14 PM.png

Link to post
after i port forwarded to tcp 80 and 443 i get this screen. I have input the password and it does not go in. 
 
 
1167296982_ScreenShot2019-05-29at12_13_14PM.thumb.png.680d693992c801c6c7bde84da41d5d41.png
I think that's forwarding to your unraid server directly?

Sent from my Pixel 2 XL using Tapatalk

Link to post
I believe that is what it is. So i change it to this and this is what i get now.
851086489_ScreenShot2019-05-29at12_21_42PM.thumb.png.18ee0110236dcdf70306b7bcba63e3d2.png
280283802_ScreenShot2019-05-29at12_21_32PM.thumb.png.5304eda2bdf2f66406914889fc9b9b04.png
Cool. So we are im busines now. Look at the link you have.

It's https but then going to port 80. Is wrong



Sent from my Pixel 2 XL using Tapatalk

Link to post
4 minutes ago, gacpac said:

Cool. So we are im busines now. Look at the link you have.

It's https but then going to port 80. Is wrong



Sent from my Pixel 2 XL using Tapatalk
 

Where do I need to look or change for this specific error? Thank you guys for the help. Really appreciated a lot. 

Link to post
12 minutes ago, Tucubanito07 said:

Where do I need to look or change for this specific error? Thank you guys for the help. Really appreciated a lot. 

Honestly, 

 

Check both config files. Because it's redirecting somewhere else. If I go to the website it redirects me to https://nextcloud-eleanor.ddns.net:80/login

 

But If I type your public IP address in the browser. (Which I'm not going to type for security)

 

I get this

image.png.5a9e75451b1134b954f83b108f3d3009.png

 

I think you gotta fix some security issues in your router, my friend.

 

That should be hitting the nginx webserver built in let's encrypt not straight to your nextcloud. 

 

Please someone correct me if I'm wrong. I might be mistaken

Link to post
31 minutes ago, gacpac said:

Honestly, 

 

Check both config files. Because it's redirecting somewhere else. If I go to the website it redirects me to https://nextcloud-eleanor.ddns.net:80/login

 

But If I type your public IP address in the browser. (Which I'm not going to type for security)

 

I get this

image.png.5a9e75451b1134b954f83b108f3d3009.png

 

I think you gotta fix some security issues in your router, my friend.

 

That should be hitting the nginx webserver built in let's encrypt not straight to your nextcloud. 

 

Please someone correct me if I'm wrong. I might be mistaken

This is how it looks. 

Screen Shot 2019-05-29 at 1.20.13 PM.png

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.