Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

4 hours ago, Marshalleq said:

Maybe something on the router / DNS side?

The things is I have not changed anything with the router or dns. All I did was update letsencrypt. 

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

Since the latest update, my reverse proxies aren't working. I can confirm using external IP works, like http://external.ip/emby. I can ping mydomain.net. Internal IP of course works.

 

The log doesn't indicate any problems.

 

Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/Los_Angeles
URL=advurt.net
SUBDOMAINS=www
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
DHLEVEL=4096
VALIDATION=dns
DNSPLUGIN=cloudflare
[email protected]
STAGING=

4096 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are: -d www.mydomain.net
E-mail address entered: [email protected]
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; starting nginx
creating GeoIP2 database
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready

 

Edited by vurt

There was an update that the Linux guys fix because now it works. I deleted subdomain www. And it works like a charm. 

16 hours ago, dandiodati said:

Have you found a solution for this I also have been trying to solve it and tried these options without luck. One thing I found out is that you can manually test the websocket call via this command: curl --insecure --include --no-buffer --header "Connection: Upgrade" --header "Upgrade: websocket" --header "Host: example.com:80" --header "Origin: http://example.com:80" --header "Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==" --header "Sec-WebSocket-Version: 13" https://192.168.x.x:443/

 

(Found it on this page https://help.ubnt.com/hc/en-us/articles/115015690147-UNMS-Device-Discovery#blocking discover)

 

And I noticed that the websocket call does not work going through the nginx proxy. I can make it work if I go directly to the unms server and port. And I also can access the UI, just the registry does not work due to the websocket calls not going though the nginx/letsencrypt reverse proxy. 

Any one else have any luck with unms ?

This is the config I've ended up with after much eperimentation! Devices show up and I'm able to add them and manage them!

Cheers,

Tim

# make sure that your dns has a cname set for unms and that your unms container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name unms.YOURDOMAIN.com;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_unms unms;
        proxy_pass https://$upstream_unms:443;
        proxy_cache off;
    	proxy_store off;
    	proxy_buffering off;
        
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header X-Real-IP $remote_addr;
    	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    	proxy_set_header X-Forwarded-Proto $scheme;
    	proxy_set_header Referer "";

    	client_max_body_size 0;
    }

}

 

hey guys, great forum.  Just bought a domain to use with my server.  Basically just using Letsencrypt to access Sonarr, Radarr, Nextcloud.  Do i need to buy Positive SLL from Namecheap?  i already did as i didn't know any better. I will never be running a website, etc.. just using it for domain name and custom email.  Any help would be appreciated.

Edited by xman111

hey guys, great forum.  Just bought a domain to use with my server.  Basically just using Letsencrypt to access Sonarr, Radarr, Nextcloud.  Do i need to buy Positive SLL from Namecheap?  i already did as i didn't know any better. I will never be running a website, etc.. just using it for domain name and custom email.  Any help would be appreciated.
You don't need an SSL letsencrypt will get one for you

Sent from my SM-N960U using Tapatalk

3 hours ago, ijuarez said:

You don't need an SSL letsencrypt will get one for you

Sent from my SM-N960U using Tapatalk
 

thanks man, appreciate the quick response. 

EDIT: Back to normal with the new version.

 

 @Tucubanito07 thanks for the heads-up.

Edited by vurt

guys, just got Letsencrypt working with sonarr, radarr, nextcloud.   What I am confused about is can anyone just go to my page at radarr.mydomain.cc and get into my system?   or even worse nextcloud.mydomain.cc?   It's great for me to get to it from anywhere, just want to check how safe it is facing outward as I normally only use OpenVPN.

1 hour ago, xman111 said:

guys, just got Letsencrypt working with sonarr, radarr, nextcloud.   What I am confused about is can anyone just go to my page at radarr.mydomain.cc and get into my system?   or even worse nextcloud.mydomain.cc?   It's great for me to get to it from anywhere, just want to check how safe it is facing outward as I normally only use OpenVPN.

Everyone can access that address, so it's good to set a password and/or activate fail2ban or other security measures.

Do not leave any services open if you reverse proxy them.

3 minutes ago, saarg said:

Everyone can access that address, so it's good to set a password and/or activate fail2ban or other security measures.

Do not leave any services open if you reverse proxy them.

thanks for the response.  i guess i will have to look into this further.  Someone would have to guess the address first thought i guess.  i might just turn off the reverse proxy on a few things.

thanks for the response.  i guess i will have to look into this further.  Someone would have to guess the address first thought i guess.  i might just turn off the reverse proxy on a few things.

Radarr, sonarr have username and passwords you can set not sure about nextcloud


Sent from my iPhone using Tapatalk

if someone got into my radarr page, there woudln't be anyway someone could get into my server or shares though right?

if someone got into my radarr page, there woudln't be anyway someone could get into my server or shares though right?

No one get into shares and next cloud has a passcode


Sent from my iPhone using Tapatalk
1 minute ago, Spoonsy1480 said:


No one get into shares and next cloud has a passcode


 

thanks dude..

Edited by xman111

Hi - I hope someone can help... I have been trying to setup a reverse proxy (following SpaceInvader Ones excellent video)... but when I create a docker network called "ProxyNet" - it doesn't appear in the config page for setting up LetsEncrypt. Its definitely there as I can view it from terminal, but it just isnt listed in the drop down box. I am using UnRAID 6.5.0. Attached are a couple of pictures, one showing the options I have in the LetsEncrypt setup page and one showing "ProxyNet" exists when I list the docker networks in terminal.

 

Any thoughts?

 

Thanks

UnRAID-LetsEncrypt 1.jpg

UnRAID-LetsEncrypt 2.jpg

1 hour ago, SliMat said:

Hi - I hope someone can help... I have been trying to setup a reverse proxy (following SpaceInvader Ones excellent video)... but when I create a docker network called "ProxyNet" - it doesn't appear in the config page for setting up LetsEncrypt. Its definitely there as I can view it from terminal, but it just isnt listed in the drop down box. I am using UnRAID 6.5.0. Attached are a couple of pictures, one showing the options I have in the LetsEncrypt setup page and one showing "ProxyNet" exists when I list the docker networks in terminal.

 

Any thoughts?

 

Thanks

UnRAID-LetsEncrypt 1.jpg

UnRAID-LetsEncrypt 2.jpg

Update to latest unraid first, then come if you have the same issue.

46 minutes ago, j0nnymoe said:

Update to latest unraid first, then come if you have the same issue.

Thanks - but I am reluctant to upgrade as the server is an HP DL380p G8 in a remote datacenter and when I upgraded to the latest version I had massive problems (no mouse or keyboard control in ILO) ending up with the machine falling over and I had to drive to the DC, remove it, roll back to 6.5.0 to get it working then drive it back to the DC. Apart from changing the onboard P420i RAID controller to work in HBA mode rather than RAID I have done nothing to comfort me that I won't get the same problem again if I upgrade.

 

All I have on the machine, which I am using, is a number of VMs (Ubuntu Webservers / Exchange Server), then 2 dockers MariaDB and NextCloud. But am keen to get reverse proxy working.

 

Thanks - any other pointers would be well appreciated.

1 hour ago, SliMat said:

Thanks - but I am reluctant to upgrade as the server is an HP DL380p G8 in a remote datacenter and when I upgraded to the latest version I had massive problems (no mouse or keyboard control in ILO) ending up with the machine falling over and I had to drive to the DC, remove it, roll back to 6.5.0 to get it working then drive it back to the DC. Apart from changing the onboard P420i RAID controller to work in HBA mode rather than RAID I have done nothing to comfort me that I won't get the same problem again if I upgrade.

 

All I have on the machine, which I am using, is a number of VMs (Ubuntu Webservers / Exchange Server), then 2 dockers MariaDB and NextCloud. But am keen to get reverse proxy working.

 

Thanks - any other pointers would be well appreciated.

wow, that sucks..

1 hour ago, SliMat said:

Thanks - but I am reluctant to upgrade as the server is an HP DL380p G8 in a remote datacenter and when I upgraded to the latest version I had massive problems (no mouse or keyboard control in ILO) ending up with the machine falling over and I had to drive to the DC, remove it, roll back to 6.5.0 to get it working then drive it back to the DC. Apart from changing the onboard P420i RAID controller to work in HBA mode rather than RAID I have done nothing to comfort me that I won't get the same problem again if I upgrade.

 

All I have on the machine, which I am using, is a number of VMs (Ubuntu Webservers / Exchange Server), then 2 dockers MariaDB and NextCloud. But am keen to get reverse proxy working.

 

Thanks - any other pointers would be well appreciated.

I would say that your issue isn't a container issue but a bug within unraid 6.5 itself, I would contact lime tech about it or search the forum to see if someone else has had this issue (I suspect someone has).

On 9/17/2019 at 10:06 AM, phreeq said:
 

Did yours renew after adding the line? I'm asking because mine is failing renewal and I do have the dns_cloudflare_credentials = /config/dns-conf/cloudflare.ini line in the conf file.

 

**Update**

I found that my cloudflare.ini file didn't have my data in it. I had a problem with all of my dockers due to a bad upgrade to my cache drive a while back, so I guess the problem was me. I'll check back in tomorrow to see if the renewal goes right.

Just am seeing this after an extended time off of the forums. Yes it did happen to work and continues to do so. Not sure why that had happened but backed up as soon as I had it working correctly just in case. (Do weekly backups regularly)

Just am seeing this after an extended time off of the forums. Yes it did happen to work and continues to do so. Not sure why that had happened but backed up as soon as I had it working correctly just in case. (Do weekly backups regularly)
After all the headaches I had, I did start doing weekly backups for my containers. Learned that lesson the hard way

Sent from my ONEPLUS A5010 using Tapatalk

1 hour ago, slimshizn said:

Just am seeing this after an extended time off of the forums. Yes it did happen to work and continues to do so. Not sure why that had happened but backed up as soon as I had it working correctly just in case. (Do weekly backups regularly)

Just catching up on this, are you saying people using cloudflare for DNS need to add an extra line?  (Trying to go back through the thread to find)....

12 hours ago, xman111 said:

wow, that sucks..

Yep 🙄

14 hours ago, j0nnymoe said:

Update to latest unraid first, then come if you have the same issue.

OK, I consider this solved now... not ideal, but in case anyone else finds this thread @j0nnymoe seems to be correct.

 

I also had an HP Microserver running 6.5.0 at home, because it had the same issues with the new version as the machine in the DC... so, as it's here and I can easily access it, I just upgraded from 6.5.0 to 6.7.2 and now I do see the custom network in the settings for LetsEncrypt - so this certainly does look like a bug with 6.5.0. I will monitor this machine and see if it behaves with 6.7.2!

 

So, it looks like I'll have to schedule a visit to the DC and then try the upgrade on the DC machine the night before - that way if I lose connection I will be able to pop in the next day to fix it, rather than having it offline while I wait for a slot to get in 😑

 

Thanks for the advice @j0nnymoe

 

UnRAID-LetsEncrypt 3.jpg

Edited by SliMat

hey guys, how to i stop an app from using letsencrypt?  i have about 5 apps using it but there are a few that aren't really needed.  I deleted the sub domains on the properties of the letsencrypt container but everything keeps working.  Funny is was pretty hard to get it working, seems equally as hard to stop it from working, lol.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.