Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

17 hours ago, saarg said:

I think you don't fully understand port forwarding.

You are not forwarding port 8008. You are forwarding port 80 on the Wan side to port 8008 on the container. So on the wsn side it's always 443 and 80, but in the actual router/firewall you use the Wan side ports as the source ports and the ports you set in the container template you set as the destination ports.

From looking at your screenshot, you are just opening the ports, and not port forwarding.

No, I fully understand port forwarding. I'm just really distracted lately and at the risk of getting too personal, I'm on some new ADD meds that are kind of messing with my memory and cognition (and you guys have been super patient with me so thanks).

I see what you are saying now, I just didn't notice it before. The router doesn't allow me that level of control like my other did and I just didn't notice it until you said something. It seems I can only forward a port to a specific IP of the SAME port. The layout sucks but it seems start port and end port refers to port range and not source and destination. I included a stock image of the menu (not what I actually have in my settings). So I don't think I can forward port 80 from outside my network to 8008 on my UnRAID server, just 80 to 80. I may have to go back to my previous set up. This is kind of what I meant when I said the feature of ISP branded routers being sub-par.

 
image.png.2e3488c6278f051008e886599245b32a.png

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

1 hour ago, bobbintb said:

No, I fully understand port forwarding. I'm just really distracted lately and at the risk of getting too personal, I'm on some new ADD meds that are kind of messing with my memory and cognition (and you guys have been super patient with me so thanks).

I see what you are saying now, I just didn't notice it before. The router doesn't allow me that level of control like my other did and I just didn't notice it until you said something. It seems I can only forward a port to a specific IP of the SAME port. The layout sucks but it seems start port and end port refers to port range and not source and destination. I included a stock image of the menu (not what I actually have in my settings). So I don't think I can forward port 80 from outside my network to 8008 on my UnRAID server, just 80 to 80. I may have to go back to my previous set up. This is kind of what I meant when I said the feature of ISP branded routers being sub-par.

 
image.png.2e3488c6278f051008e886599245b32a.png

I believe you need to change the remote port shown on there

2 hours ago, Chandler said:

Alright, I've been reading through this forum getting all the answers to my problems so far. I was able to figure it out and get everything in a working state. 

I just have just a few questions now -- 

 

On startup I see the alert about the LuaJIT version issue, is that a problem?

I also see the warnings for conflicting server names. How do I fix that? I have only used the default templates and only edited them where necessary.  


Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
nginx: [warn] conflicting server name "ombi.*" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "sl.*" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "tautulli.*" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "ombi.*" on [::]:443, ignored
nginx: [warn] conflicting server name "sl.*" on [::]:443, ignored
nginx: [warn] conflicting server name "tautulli.*" on [::]:443, ignored
Server ready

 

In my default site config I enable the http redirect to https

 


server {
	listen 80;
	listen [::]:80;
	server_name _;
	return 301 https://$host$request_uri;
}

This works for all dockers except for Tautulli. When I go to the http for that I get page not found, any ideas? 

Lua issues are harmless.

 

Server name conflicts are a problem you need to fix. You likely have duplicate site configs

16 minutes ago, aptalca said:

Lua issues are harmless.

 

Server name conflicts are a problem you need to fix. You likely have duplicate site configs

Ok I fixed the name conflicts. Accidentally included subdomains.conf twice in the default. Any idea on the Tautulli not redirecting to https when attempting to reach from http? 

 

Hi guys,

 

I am trying to get airsonic to work, i have copied my nextcloud config and changed what i see is required but its not working.  i have added the airsonic A RECORD to my domain, also in the docker subdomain

 

Id be most grateful if assistance.

 

NEXTCLOUD

 

server {  
    listen 443 ssl;
    server_name nextcloud.domain.co.uk;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-rr:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-rr-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:rr-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-rr-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHtE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-rr:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.200:446/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }

 

AIRSONIC

 

server {  
    listen 443 ssl;
    server_name airsonic.domain.co.uk;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-rr:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-rr-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:rr-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-rr-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHtE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-rr:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.200:4040/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }

Edited by Greygoose

12 hours ago, Chandler said:

Ok I fixed the name conflicts. Accidentally included subdomains.conf twice in the default. Any idea on the Tautulli not redirecting to https when attempting to reach from http? 

 

Try incognito, 301 redirects are supposed to be permanent and are cached by the browser

16 minutes ago, Greygoose said:

Hi guys,

 

I am trying to get airsonic to work, i have copied my nextcloud config and changed what i see is required but its not working.  i have added the airsonic A RECORD to my domain, also in the docker subdomain

 

Id be most grateful if assistance.

 

NEXTCLOUD

 

server {  
    listen 443 ssl;
    server_name nextcloud.domain.co.uk;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-rr:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-rr-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:rr-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-rr-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHtE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-rr:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.200:446/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }

 

AIRSONIC

 

server {  
    listen 443 ssl;
    server_name airsonic.domain.co.uk;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-rr:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-rr-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:rr-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-rr-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHtE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-rr:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.200:4040/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }

Define not working

unable to access the airsonic from web browser via

 

 

dd.png

dd1.png

1 hour ago, Greygoose said:

unable to access the airsonic from web browser via

 

 

dd.png

dd1.png

Your confs don't match your logs. The web address you're trying to connect to has http auth turned on.

 

It looks like you have a conf somewhere that has an incorrect server name set (with /airsonic at the end), etc.

 

Either go back to defaults and start over, it post your full config or it is impossible for us to help you

Thanks for the help Aptalca

 

this is my default file

 

server {
    listen 80;
        server_name www.domain.co.uk;
        return 301 https://.co.uk$request_uri;
}

server {
    listen 443;
        server_name www.domain.co.uk;
        return 301 https://.co.uk$request_uri;
}

server {
        listen 80;
        server_name domain.com;
        return 301 https://domain.co.uk$request_uri;
}

server {

    listen 443 ssl default_server;
    server_name domain.co.uk;

    add_header Front-End-Https on;

    root /config/www;
    index index.html index.htm index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        # With php5-cgi alone:
        fastcgi_pass 127.0.0.1:9000;
        # With php5-fpm:
        #fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;
    }
    
    location /books {
            proxy_pass              http://192.168.0.1:9083;
            proxy_set_header        Host            $http_host;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header        X-Scheme        $scheme;
            proxy_set_header        X-Script-Name   /books;
        }

        #   location ^~/books {
    #    proxy_pass http://192.168.0.1:82/;
    #    rewrite /books/?(.*) /$1 break;
    #    auth_basic "Restricted";
        #    auth_basic_user_file /config/nginx/.htpasswd;
    #    include /config/nginx/proxy.conf;
    #}

    location /booksonic {
        proxy_pass http://192.168.0.1:4040/booksonic;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

    location /couch {
        proxy_pass http://192.168.0.1:5050/couch;
        auth_basic "Restricted";
              auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
        }

        location /deluge {
            proxy_pass http://192.168.0.1:8112/;
            proxy_set_header  X-Deluge-Base "/deluge/";
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;
        }

    location /emby {
    # Send traffic to the backend
            proxy_pass http://192.168.0.1:8096/emby;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Proto $remote_addr;
            proxy_set_header X-Forwarded-Protocol $scheme;
            proxy_redirect off;
    
    # Send websocket data to the backend aswell
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
    }

    location /headphones {
        proxy_pass http://192.168.0.1:8178/headphones;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /htpc {
        proxy_pass http://192.168.0.1:8085/htpc;
        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /lazylibrarian {
        proxy_pass http://192.168.0.1:5299/lazylibrarian;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /mylar {
        proxy_pass http://192.168.0.1:8090/mylar;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /nzbget {
        proxy_pass http://192.168.0.1:6789/nzbget;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /hydra {
        proxy_pass http://192.168.0.1:5075/hydra;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /plex {
        proxy_pass http://192.168.1.200:32400/web;
        include /config/nginx/proxy.conf;
    }

    location /web {
        proxy_pass http://192.168.0.150:32400/web;
        include /config/nginx/proxy.conf;
    }

        location /plexpy/ {
           proxy_pass http://192.168.0.1:8181;
        include /config/nginx/proxy.conf;
              proxy_bind $server_addr;
              proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-Ssl     on;
        auth_basic "Restricted";
              auth_basic_user_file /config/nginx/.htpasswd;
     }
    
    location /requests {
        proxy_pass http://192.168.0.1:3579/requests;
        include /config/nginx/proxy.conf;
    }

    location /radarr {
        proxy_pass http://192.168.1.200:7878/radarr;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /sonarr {
        proxy_pass http://192.168.1.200:8989/sonarr;
        auth_basic "Restricted";
            auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

    location /ubooquity {
        proxy_pass http://192.168.0.1:2202/ubooquity;
        auth_basic "Restricted";
             auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
    }

 location /airsonic {
        proxy_pass http://192.168.0.1:4040/airsonic;
        auth_basic "Restricted";
             auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;    
}

this is my airsonic file

 

server {  
    listen 443 ssl;
    server_name airsonic.domain.co.uk;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-C3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.200:4040/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }
}

 

 

this is my proxy conf

 

client_max_body_size 10m;
client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

51 minutes ago, Greygoose said:

this is my proxy conf

 

client_max_body_size 10m;
client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

 

Why not use our supplied airsonic proxy conf that works?

Hi Sarrg,

 

I have tried this using the airconic, domain sample. I renamed it to airsonic and copied into the nginx/site-confs folder

 

# make sure that your dns has a cname set for airsonic and that your airsonic container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name airsonic.domain.co.uk*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;
        
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_airsonic airsonic;
        proxy_pass http://192.168.1.100:4040;
    }
}

}

now ghet this from lets encypt logs

dd.png

So i renamed the subdomain conf file to airsonic and copyed into the site-confs folder, still getting the issue above.

 

# make sure that your dns has a cname set for airsonic and that your airsonic container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name airsonic.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;
        
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_airsonic airsonic;
        proxy_pass http://$upstream_airsonic:4040;
    }
}

when i remove the airsonic file from the site-confs folder then nextcloud works fine without any issues.

 

I'm lost. 4hrs into this now :(

PROGRESS

 

I deleted the letsencrypt docker & folder. I started fresh with spaceinvader one guide. 

 

10minutes later things look much better,.

 

however I now get this error, its getting the airsonic docker via the domain but this error below

 

dd.png

2 hours ago, Greygoose said:

PROGRESS

 

I deleted the letsencrypt docker & folder. I started fresh with spaceinvader one guide. 

 

10minutes later things look much better,.

 

however I now get this error, its getting the airsonic docker via the domain but this error below

 

dd.png

You don't move the files. You just remove the sample part from the file. And also read the top of the file to check if you have to make any changes.

You're only supposed to rename the files, not move them to different folders. Documentation is pretty clear on that.

guys,

 

sorry for wasting your time.

 

all sorted now. I also changed the context path in the airsonic docker to work using airsonic.domain instead of the airsonic.domain/airsonic

 

I was making things way too complex, you guys did all the work. Thank you, thnak you for now loosing it with me :/

Any news on adding the geoip2 module? I see from this link that @aptalca submitted a PR https://gitlab.alpinelinux.org/alpine/aports/issues/10068  

 

Edit: Maybe I should try and update the container, clicking the PR link I see it was added to 3.10.

Yup, update was all that was needed. I love you guys! 😍

Edited by strike

On 7/19/2019 at 8:02 PM, aptalca said:

I believe you need to change the remote port shown on there

Weird, that column is in the stock image but not on my actual router. I did try the remote port settings but I must have done it wrong initially because I tried it just now and it worked. Hopefully I can manage from here. Thanks for the help, I know I wasn't making things easy but I just really needed another set of eyes because I haven't been able to keep things straight lately.

On 7/15/2019 at 11:10 PM, aptalca said:

That command creates the credentials file. Then edit your site config files to enable it for whatever location you want

 

I'm trying this in the console for the letsencrypt docker.

 

I must be doing something wrong...

 

root@27g4c5326171:/# docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd
sh: docker: not found
root@27g4c5326171:/# exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd
sh: exec: illegal option -i
root@27g4c5326171:/#

 

4 hours ago, Lien1454 said:

 

I'm trying this in the console for the letsencrypt docker.

 

I must be doing something wrong...

 

root@27g4c5326171:/# docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd
sh: docker: not found
root@27g4c5326171:/# exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd
sh: exec: illegal option -i
root@27g4c5326171:/#

 

"docker exec -it letsencrypt" is used to run things things inside the container while you're on the host console, outside of the container.

 

If you're already inside the container, just run the part that starts with htpasswd

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.