[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

4 hours ago, bengele said:

Hi all,

is there a way to include:

Latest NGINX Plus (no extra build steps required) or latest NGINX open source built with the --with-stream configuration flag

 

i want to Reverse Proxy a Teamspeak.

 

MFG

Bengele

Stream module is already installed and enabled. I use it to proxy vpn tcp connections

Link to comment

I have noticed this in my log, not sure what's going on but it seems to be working ok? What is it and Is it a problem to worry about?

nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
nginx: [warn] could not build optimal variables_hash, you should increase either variables_hash_max_size: 1024 or variables_hash_bucket_size: 64; ignoring variables_hash_bucket_size
Server ready

Cheers,

Tim

Link to comment
On 9/4/2018 at 6:16 AM, Saldash said:

Just as a matter of closure, I managed to achieve everything I wanted to (docker apps + windows server vm serving asp.net app).

It's actually been quite fun discovering that the LetsEncrypt app is handling the SSL for me - IIS on the server only knows how to deal with HTTP but with this I get full SSL on my public sub.domain.com address.

 

So I'm happy as a clam (until someone tells me I've done something critically foolish, which is bound to happen sooner or later!)

I know it's been awhile, I have the same use-case (need NGINX to forward to internal IIS server - care to share any pointers? Thanks!

Link to comment
10 hours ago, Idolwild said:

I know it's been awhile, I have the same use-case (need NGINX to forward to internal IIS server - care to share any pointers? Thanks!

It's simple, just use one of the examples from the default site config and plug in your IIS server's IP and port

Edited by aptalca
Link to comment

Hi, still getting this error in my log? Anyone else?

 

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Europe/London
URL=timstephens.co.uk
SUBDOMAINS=nextcloud,sonarr,radarr,deluge,tautulli,ombi
EXTRA_DOMAINS=unifi.berecomputing.co.uk,unms.berecomputing.co.uk
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=tim@timstephens.co.uk
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d nextcloud.timstephens.co.uk -d sonarr.timstephens.co.uk -d radarr.timstephens.co.uk -d deluge.timstephens.co.uk -d tautulli.timstephens.co.uk -d ombi.timstephens.co.uk
EXTRA_DOMAINS entered, processing
Extra domains processed are: -d unifi.berecomputing.co.uk -d unms.berecomputing.co.uk
E-mail address entered: tim@timstephens.co.uk
http validation is selected
Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
nginx: [warn] could not build optimal variables_hash, you should increase either variables_hash_max_size: 1024 or variables_hash_bucket_size: 64; ignoring variables_hash_bucket_size
Server ready

 

Link to comment
2 hours ago, MothyTim said:

Hi, still getting this error in my log? Anyone else?

 


-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Europe/London
URL=timstephens.co.uk
SUBDOMAINS=nextcloud,sonarr,radarr,deluge,tautulli,ombi
EXTRA_DOMAINS=unifi.berecomputing.co.uk,unms.berecomputing.co.uk
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=tim@timstephens.co.uk
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d nextcloud.timstephens.co.uk -d sonarr.timstephens.co.uk -d radarr.timstephens.co.uk -d deluge.timstephens.co.uk -d tautulli.timstephens.co.uk -d ombi.timstephens.co.uk
EXTRA_DOMAINS entered, processing
Extra domains processed are: -d unifi.berecomputing.co.uk -d unms.berecomputing.co.uk
E-mail address entered: tim@timstephens.co.uk
http validation is selected
Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
nginx: [warn] could not build optimal variables_hash, you should increase either variables_hash_max_size: 1024 or variables_hash_bucket_size: 64; ignoring variables_hash_bucket_size
Server ready

 

It's already been mentioned in this thread multiple times that this is nothing to worry about.

Link to comment

For some reason my renews have been failing. Checked the logs and found this. It has been working for months and I haven't changed anything. The INI file is unchanged...

 

Quote

Attempting to renew cert (website.com) from /etc/letsencrypt/renewal/website.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the path to your Cloudflare credentials INI file. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/website.com/fullchain.pem (failure)

 

Link to comment
9 hours ago, slimshizn said:

For some reason my renews have been failing. Checked the logs and found this. It has been working for months and I haven't changed anything. The INI file is unchanged...

 

 

That's a new one for me.

 

Check that file /config/etc/letsencrypt/renewal/website.com.conf to make sure it contains all the parameters including this line: dns_cloudflare_credentials = /config/dns-conf/cloudflare.ini

  • Thanks 1
Link to comment

I'm very new to setting up LetsEncrypt.  I'm having an issue with obtaining my cert.

 

FYI...I am a routing and security engineer and feel confident my network is configured properly.  I'm only tell you this so that you will feel somewhat confident in my network.  Certainly not telling you this to sound like a know-it-all/jackass. :)  Also, just to add, I have verified two-way communication between the container and LetsEncrypt using the ports I specified via packet-captures.  When I start the container I can see it communicating with devices on the internet but I'm still getting the below error.

 

I have verified that "MyNon-DDNSdomainName.com" and "plex.MyNon-DDNSdomainName.com" resolves correctly to my public IP.

 

I'm stumped - DNS forwarding and port-forwarding appears to be working yet I'm getting "connection refused"

 

Variables set:
PUID=99
PGID=100
TZ=America/New_York
URL=MyNon-DDNSdomainName.com
SUBDOMAINS=plex
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=me.me@gmail.com
STAGING=

Created donoteditthisfile.conf
Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
...................................................................................+..................................................................................................+...............................................................................................................................................................................................................................................................................................................................................+.....................................................................+............................................................................................................++*++*++*++*
DH parameters successfully created - 2048 bits
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d plex.MyNon-DDNSdomainName.com
E-mail address entered: me.me@gmail.com
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for plex.MyNon-DDNSdomainName.com
Waiting for verification...
Challenge failed for domain plex.MyNon-DDNSdomainName.com
http-01 challenge for plex.MyNon-DDNSdomainName.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: plex.MyNon-DDNSdomainName.com
Type: connection
Detail: Fetching
http://plex.MyNon-DDNSdomainName.com/.well-known/acme-challenge/WZ75elsNMJQFuroOl-8itA8JOfBER7fnN9emxDcn4Ys:
Connection refused

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Edited by MrMoosieMan
Link to comment
3 hours ago, MrMoosieMan said:

I'm very new to setting up LetsEncrypt.  I'm having an issue with obtaining my cert.

 

FYI...I am a routing and security engineer and feel confident my network is configured properly.  I'm only tell you this so that you will feel somewhat confident in my network.  Certainly not telling you this to sound like a know-it-all/jackass. :)  Also, just to add, I have verified two-way communication between the container and LetsEncrypt using the ports I specified via packet-captures.  When I start the container I can see it communicating with devices on the internet but I'm still getting the below error.

 

I have verified that "MyNon-DDNSdomainName.com" and "plex.MyNon-DDNSdomainName.com" resolves correctly to my public IP.

 

I'm stumped - DNS forwarding and port-forwarding appears to be working yet I'm getting "connection refused"

 

Variables set:
PUID=99
PGID=100
TZ=America/New_York
URL=MyNon-DDNSdomainName.com
SUBDOMAINS=plex
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=me.me@gmail.com
STAGING=

Created donoteditthisfile.conf
Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
...................................................................................+..................................................................................................+...............................................................................................................................................................................................................................................................................................................................................+.....................................................................+............................................................................................................++*++*++*++*
DH parameters successfully created - 2048 bits
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d plex.MyNon-DDNSdomainName.com
E-mail address entered: me.me@gmail.com
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for plex.MyNon-DDNSdomainName.com
Waiting for verification...
Challenge failed for domain plex.MyNon-DDNSdomainName.com
http-01 challenge for plex.MyNon-DDNSdomainName.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: plex.MyNon-DDNSdomainName.com
Type: connection
Detail: Fetching
http://plex.MyNon-DDNSdomainName.com/.well-known/acme-challenge/WZ75elsNMJQFuroOl-8itA8JOfBER7fnN9emxDcn4Ys:
Connection refused

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Try this: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/

Link to comment

Does the cronjob work for anyone?
It doesn't seem to run in my docker.

The /var/spool/cron/crontabs/root contains:

 

Quote

# do daily/weekly/monthly maintenance
# min   hour    day     month   weekday command
*/15    *       *       *       *       run-parts /etc/periodic/15min
0       *       *       *       *       run-parts /etc/periodic/hourly
0       2       *       *       *       run-parts /etc/periodic/daily
0       3       *       *       6       run-parts /etc/periodic/weekly
0       5       1       *       *       run-parts /etc/periodic/monthly
# renew letsencrypt certs
8       2       *       *       *       /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1
 

 

I have mapped /etc/periodic/15min as a volume from container to host /appdata/letsencrypt/crontabs/periodic/15min/bashscript.sh

In the bashscript I have this:
 

Quote

#!/bin/sh
echo "test" >> /config/www/test.txt


It should create the test.txt file, but it just doesn't happen, not in 15 not in 30 minutes.
Is this a borked setup on my end somehow?

Please let me know if I can provide some more info or attempt more things to fix this.

Thanks in advance for any help.

Link to comment
2 hours ago, Arndroid said:

Does the cronjob work for anyone?
It doesn't seem to run in my docker.

The /var/spool/cron/crontabs/root contains:

 

 

I have mapped /etc/periodic/15min as a volume from container to host /appdata/letsencrypt/crontabs/periodic/15min/bashscript.sh

In the bashscript I have this:
 


It should create the test.txt file, but it just doesn't happen, not in 15 not in 30 minutes.
Is this a borked setup on my end somehow?

Please let me know if I can provide some more info or attempt more things to fix this.

Thanks in advance for any help.

Don't mess with mapping folders in those locations. To test, just edit the crontab file under your config folder and restart the container. Make sure you have more than 1 minute between your upcoming script run time and restarting the container.

  • Like 1
Link to comment

Hello,

 

I just started using this docker and I got it set up thanks to SpaceInvaderOne (thanks!).  But, I have a couple of questions:

 

I was looking at the log, and it says that the cert expires in 90 days and that I should run "certbot" to renew.  What's a good way to automate that so that it renews sometime before expiration?  A user script?  Can anyone point me towards how to do that?

 

EDIT: I saw this on the project page:
 

Quote


Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under /config/log/letsencrypt to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from letsencrypt in those circumstances.

 

 

Assuming there are no issues with renewal I don't have to worry about it?  The log said I had to manually do it...

 

--

 

Also; I'm using LetsEncrypt to make my Nextcloud accessible outside my network, and one thing I noticed was that both of the domains that I have set up with duckdns.org are now accessible from outside.  One of course is the Nextcloud that works over https.  The other is another one I set up last summer to get OpenVPN working (basically I only want Nextcloud exposed and nothing else).  Both are secured with SSL, so I have that going for me.

 

I know that if you specify the subdomains in the docker that they should be protected with your SSL cert, and while both of my subdomains are I don't want the other one to be accessible, only the subdomain for Nextcloud.  I also noticed that it brings up the same webpage if you open the WebUI of the LetsEncrypt docker or in a web browser (ex. https://server.duckdns.org) except in the WebUI its the local IP address of the Unraid server.  Both pages simply say "Welcome to our server... for help, email..." etc.

 

I tried removing the non-Nextcloud subdomain from the docker's subdomain setting and all that did when I tried to access it again is throw a warning about the connection not being secure.  However, I don't want it accessible at all.

 

Thanks for your help! 

Edited by aidenpryde
more information found?
Link to comment
On 9/13/2019 at 12:26 PM, slimshizn said:

No it was not, line 14 was empty actually. I went ahead and added that, have to wait till tonight for it to auto renew again to see if it works.

 

Did yours renew after adding the line? I'm asking because mine is failing renewal and I do have the dns_cloudflare_credentials = /config/dns-conf/cloudflare.ini line in the conf file.

 

**Update**

I found that my cloudflare.ini file didn't have my data in it. I had a problem with all of my dockers due to a bad upgrade to my cache drive a while back, so I guess the problem was me. I'll check back in tomorrow to see if the renewal goes right.

Edited by phreeq
Link to comment
On 9/7/2019 at 3:26 PM, FireFtw said:

I'm having issues getting a few dockers set up.

 

Booksonic is a strange one, here is my config


server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name booksonic.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_booksonic booksonic;
        proxy_pass http://$upstream_booksonic:4040;
    }
}

Which gives me this when I actually try and navigate to it

lsJZpck.png

 

Clicking on the link actually brings me to where I want to be

rhOpgak.png

 

the webUI for the docker has it set to http://10.0.0.10:4040/booksonic which gets redirected like it should, but how to set up the equivalent with nginx or a DNS config I don't know.

 

Then we have gotify, which doesn't work at all. I just get a bad gateway.


server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name gotify.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_gotify gotify;
        proxy_pass http://$upstream_gotify:1400;
    }
}

6ETb5Dd.png

 

This is regular docker container, not one that was setup for unraid. Not sure if that means there's something to set up that I don't know about.

 

this is the same problem i am having any resolution

Link to comment

I'm new to raid/dockers so sorry for my ignorance...

 

I currently have this docker working with nextcloud using spaceinvaderone's youtube video.

 

I have to say this docker stuff is neat.

 

I am having trouble wrapping my mind around DNS. I would love to use this docker for stuff outside this docker as well. For instance Microsoft exchange for active sync to my phone. Both use port 443 so I switched internal and external nextcloud to 444.

 

So can this docker be used with stuff outside the docker? From my understanding dockers use the host DNS and internal docker names. This was explained a bit in invaderones video. I have read some info about adding --dns

 

So do I have this right?

mail.domain.com has to resolve to a public ip so it can verify by sending magic packets out and back in for cert creation?

So I would have to configure this docker somehow when it sees mail.domain.com request for active sync to send to mail.domain.local? Even if I could do that I have to add a dns entry to mail.domain.local into this docker?

 

Your help is much appreciated.

Link to comment
47 minutes ago, HarryHeck said:

I'm new to raid/dockers so sorry for my ignorance...

 

I currently have this docker working with nextcloud using spaceinvaderone's youtube video.

 

I have to say this docker stuff is neat.

 

I am having trouble wrapping my mind around DNS. I would love to use this docker for stuff outside this docker as well. For instance Microsoft exchange for active sync to my phone. Both use port 443 so I switched internal and external nextcloud to 444.

 

So can this docker be used with stuff outside the docker? From my understanding dockers use the host DNS and internal docker names. This was explained a bit in invaderones video. I have read some info about adding --dns

 

So do I have this right?

mail.domain.com has to resolve to a public ip so it can verify by sending magic packets out and back in for cert creation?

So I would have to configure this docker somehow when it sees mail.domain.com request for active sync to send to mail.domain.local? Even if I could do that I have to add a dns entry to mail.domain.local into this docker?

 

Your help is much appreciated.

 

You just point the site conf or reverse proxy conf to the ip:port of your mail server.

You only need to have the containers in the same bridge if you use the name.

Link to comment

I am trying to set up letscrypt with jellyfin with the included config files, but I do not get it to work.  (My goal is really to be able to use it with Chromecast)

 

It just comes to "Welcome to our server" webpage

 

Docker is set up at the same reverse proxy bridge as letscrypt and Nextcloud is on.
So I have a few questions:

 

If the thing I am using is "XXX.duckdns.org" for example, I am supposed to write "XXX.duckdns.org" in jellyfin external domain field, or "https://XXX.duckdns.org" ?

 

And in config file I expected not have to change anything because its on reverse proxy bridge, but I tried to put something there behind proxy_pass to see if that works, am I supposed to then write "XXX.duckdns.org:8096" or "the local IP adress of container:8096" or "the local IP adress of NAS:8096"?

Edited by Mihle
Link to comment
3 hours ago, Mihle said:

I am trying to set up letscrypt with jellyfin with the included config files, but I do not get it to work.  (My goal is really to be able to use it with Chromecast)

 

It just comes to "Welcome to our server" webpage

 

Docker is set up at the same reverse proxy bridge as letscrypt and Nextcloud is on.
So I have a few questions:

 

If the thing I am using is "XXX.duckdns.org" for example, I am supposed to write "XXX.duckdns.org" in jellyfin external domain field, or "https://XXX.duckdns.org" ?

 

And in config file I expected not have to change anything because its on reverse proxy bridge, but I tried to put something there behind proxy_pass to see if that works, am I supposed to then write "XXX.duckdns.org:8096" or "the local IP adress of container:8096" or "the local IP adress of NAS:8096"?

Don't change the proxy conf. In the browser go to address https://jellyfin.xxxxx.duckdns.org

Link to comment
7 hours ago, saarg said:

 

You just point the site conf or reverse proxy conf to the ip:port of your mail server.

You only need to have the containers in the same bridge if you use the name.

Exchange sever you need to use SAN certs without ips or it will complain. So the docker needs to go out on mail.domain.com for letsencrypt then be able to change url and resolve mail.domain.local. Thats good to know on the bridge setup. I would prefer a separate vlan for letsencrypt/nginx.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.