[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


5633 posts in this topic Last Reply

Recommended Posts

On 10/13/2019 at 7:05 AM, Spoonsy1480 said:

I’m having trouble with let’s encrypt it was working fine but I have just changed isp that does not include a static up.
Setup Cloudflare dns and Cloudflare points to my IP address I have a file and a www. That points to ip
Let’s encrypt says it’s not correct at Cloudflare it doesn’t have a or cname it does
Adjustments.JPGAdjustments.JPG


Sent from my iPhone using Tapatalk

Check port forwarding. New isp might block 80

Edited by GilbN
Link to post
  • Replies 5.6k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

Application Name: SWAG - Secure Web Application Gateway Application Site:  https://docs.linuxserver.io/general/swag Docker Hub: https://hub.docker.com/r/linuxserver/swag Github: https:/

I don't need support.  I just wanted to say thanks for this container and its continuous maintenance.  I started with Aptalca's container then switched to the linuxserver.io container.  Its been close

Posted Images

On 10/13/2019 at 1:05 AM, Spoonsy1480 said:

I’m having trouble with let’s encrypt it was working fine but I have just changed isp that does not include a static up.
Setup Cloudflare dns and Cloudflare points to my IP address I have a file and a www. That points to ip
Let’s encrypt says it’s not correct at Cloudflare it doesn’t have a or cname it does
Adjustments.JPGAdjustments.JPG


Sent from my iPhone using Tapatalk

Letsencrypt server seems to reach a server, but it's not the letsencrypt container. So either your ip is incorrect, or your port forwarding.

 

See here: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/

Link to post
9 hours ago, Alec.Dalessandro said:

these are the same results I am getting in my log of letsencrypt but 'i'm not sure how the port forwarding is incorrect....

Your domain (external ip) is forwarded to your unraid gui. Fix your port forwarding. Follow the article I linked above

Edited by aptalca
Link to post

Hi guys. Awesome support in this thread.

 

Anyone to indicate me how to configure letsencrypt for a container that doesn't support a base url (e.g., motioneye container running on unraid-IP:8765)? Does it help if the container is running on its own lan IP or not? What needs to be added to the letsencrypt configuration file?

 

Apologies if it has been already replied somewhere in the last 156 pages.

Link to post
On 9/21/2019 at 3:04 PM, Saldash said:

Sorry bud, I didn't even know you'd posted a response - I haven't had any notifications from the forum and only noticed when I popped on to ask a question about Grafana.

 

I can't remember what is was that I had a problem with for this container, let me post this and I'll have a scroll back and edit this once I've remembered!

 

-- EDIT

 

Well I looked back and I haven't got a clue what i was on about!

I do have everything setup and functioning so I would be happy to answer any specific questions you might have re the setup I use at this point.

No worries - I was able to figure it out! Was surprisingly easy. Thanks for the response!

Link to post

Is there a way to enable debugging for nginx within the letsencrypt docker container. Still trying to solve the unms issues I have with websockets not working and I can't seem to turn on debugging mode. I need to get more logging on why its not passing through websocket calls to the unms docker container.

Link to post
15 hours ago, Kydonakis said:

Hi guys. Awesome support in this thread.

 

Anyone to indicate me how to configure letsencrypt for a container that doesn't support a base url (e.g., motioneye container running on unraid-IP:8765)? Does it help if the container is running on its own lan IP or not? What needs to be added to the letsencrypt configuration file?

 

Apologies if it has been already replied somewhere in the last 156 pages.

If you use the subdomain method, you don't need a base url

Link to post
On 10/8/2019 at 3:06 PM, dandiodati said:

Anyone else have luck setting up letsencrypt and unms ? I have both services running in docker containers. If I send a websocket request (curl --insecure --include --no-buffer --header "Connection: Upgrade" --header "Upgrade: websocket" --header "Host: example.com:80" --header "Origin: http://example.com:80" --header "Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==" --header "Sec-WebSocket-Version: 13" https://192.168.x.x:443/)  then the nginx service within letsencrypt container just redirects me to its default home page instead of the unms container. If I use a regular https request then I do get redirected to the unms container(The login page). So something is weird with trying to connect as a websocket container which is needed for discovery. I tried the setting above too but no luck.  

Hey!  I was having the same problem and eventually gave up.  If you get this sorted, let me know.  I will gladly try and help track this down again because it drives me nuts.  For reference below are a few links to my own troubleshooting that I tried months ago, both from this post and from UBNT forums.  Do note that my set up has changed since some of those posts in that I now have an EdgeSwitch8 instead of an Asus router in AP mode referenced in some of the posts.  That change had no effect.

 

If it lends itself to some other connection, I also cannot browse to my domain website (Ombi) from within my network.  The UBNT rep suggested a static host map, but that brings me to an "ERR_CONNECTION_REFUSED" page when attempting to go through my domain.

 

Initial Post: 

Follow-up: 

 

UBNT and exchange with UBNT support

https://community.ui.com/questions/UNMS-WSS-key-using-WAN-IP-device-connection-times-out/7ea01845-1b3d-41a9-9555-172e8ecbd4b0

Link to post
I’m having trouble with let’s encrypt it was working fine but I have just changed isp that does not include a static up.
Setup Cloudflare dns and Cloudflare points to my IP address I have a file and a www. That points to ip
Let’s encrypt says it’s not correct at Cloudflare it doesn’t have a or cname it does
Adjustments.JPG.f353a0ed6c7bb0be1bacfe8a8ae0d68a.JPGAdjustments.JPG.262155700b601047d1fa971395a91443.JPG


Sent from my iPhone using Tapatalk

I have it working now had to change http and https ports on UnRAID as my router won’t do that


Sent from my iPhone using Tapatalk
Link to post

Hey all!

I've been lurking for a while (weeks and months by now!) trying to figure out what I might be doing wrong, but figured it was time to actually ask for help :)

 

I'm trying to set up letsencrypt to access nextcloud and others. I've followed SpaceInvaderOne's videos and various other guides online. I ended up switching to DNS validation thinking it might be an issue with port forwarding or my isp blocking some ports (as I understand it, DNS validation would avoid all this).

 

Letsencrypt logs show "Server ready", but I still can't access my containers. I get an ERR_SSL_PROTOCOL_ERROR message.

I've also tried using tools like https://www.sslshopper.com/ssl-checker.html to check and the IP resolves to my router, but it tells me that no SSL certificates were found and to check name resolution and port forwarding (which is how I switched to DNS validation in the first place).

 

Any help would be appreciated! Are there any other tools that might show me better where things are failing?

Letsencrypt log below.

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/New_York
URL=REDACTED.net
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=dns
DNSPLUGIN=cloudflare
EMAIL=REDACTED@gmail.com
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
Wildcard cert for only the subdomains of REDACTED.net will be requested
E-mail address entered: REDACTED@gmail.com
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; starting nginx
creating GeoIP2 database
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
Server ready

 

Link to post

Hi,

 

I have LetsEncrypt working with a few dockers already. However, with Pydio, I get *1 pydio could not be resolved (3: Host not found). Here is my conf:

 

# make sure that your dns has a cname set for pydio and that your pydio container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name pydio.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_pydio pydio;
        proxy_pass https://$upstream_pydio:4436;
    }
	
}

The only thing I changed in here was the port. The name of the container matches the conf case sensitive. The network type is the same as the other dockers that are working. Any ideas? 

Link to post
16 minutes ago, Chandler said:

Hi,

 

I have LetsEncrypt working with a few dockers already. However, with Pydio, I get *1 pydio could not be resolved (3: Host not found). Here is my conf:

 


# make sure that your dns has a cname set for pydio and that your pydio container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name pydio.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_pydio pydio;
        proxy_pass https://$upstream_pydio:4436;
    }
	
}

The only thing I changed in here was the port. The name of the container matches the conf case sensitive. The network type is the same as the other dockers that are working. Any ideas? 

Why did you change the port? Don't do things the conf doesn't tell you to do

Link to post

Hi Everyone, I have tried to fix this myself for a few days and I have failed. So looking for some guidance. If this is not the right forum, please let me know and I will go to the UnRaid forum and ask there.

1. So I use UnRaid 6.7.2 and I installed the Letsencrypt docker app. I also installed nextcloud and sonarr.

2. I bought a domain irisnet.ga and I have put two CNAME in there. sonarr.irisnet.ga and nextcloud.irisnet.ga

3. I used dns certificate method in the Letsencrypt to generate the certificate and it generates for the two subdomains. http method doesn't work as the challenge fails. My port 80 might be blocked. Not sure about this one.

4. I followed spaceinvaders youtube videos to setup the reverse proxy for both of the nextcloud and sonarr. However, seems like in cloudflare is not able to reach my server when I type in https://nextcloud.irisnet.ga for example. I get a 522 error.

 

Router Setup

image.png.a21700d4cc5b234e6964a61a3aa0104f.png

Cloudflare Setup

image.thumb.png.46dbfab99364bb3207e518ff8721f0ab.png

Docker Setup

image.png.48110aecfb1f22a55ab10d58d93a2126.png

Letsencrypt Output
[s6-init] making user provided files available at /var/run/s6/etc…exited 0.
[s6-init] ensuring user provided files have correct perms…exited 0.
[fix-attrs.d] applying ownership & permissions fixes…
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts…
[cont-init.d] 10-adduser: executing…

_ ()
| | ___ _ __
| | / | | | /
| | _ \ | | | () |
|| |/ || __/

Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
GID/UID
User uid: 99
User gid: 100
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing…
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing…
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing…
Variables set:
PUID=99
PGID=100
TZ=America/New_York
URL=irisnet.ga
SUBDOMAINS=sonarr,nextcloud
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=dns
DNSPLUGIN=cloudflare
EMAIL=@.com
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d sonarr.irisnet.ga -d nextcloud.irisnet.ga
E-mail address entered: @.com
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing…
[custom-init] no custom files found exiting…
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty’s; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty’s LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module ‘resty.core’ not found:

no field package.preload[‘resty.core’]
no file ‘./resty/core.lua’
no file ‘/usr/share/luajit-2.1.0-beta3/resty/core.lua’
no file ‘/usr/local/share/lua/5.1/resty/core.lua’
no file ‘/usr/local/share/lua/5.1/resty/core/init.lua’
no file ‘/usr/share/lua/5.1/resty/core.lua’
no file ‘/usr/share/lua/5.1/resty/core/init.lua’
no file ‘/usr/share/lua/common/resty/core.lua’
no file ‘/usr/share/lua/common/resty/core/init.lua’
no file ‘./resty/core.so’
no file ‘/usr/local/lib/lua/5.1/resty/core.so’
no file ‘/usr/lib/lua/5.1/resty/core.so’
no file ‘/usr/local/lib/lua/5.1/loadall.so’
no file ‘./resty.so’
no file ‘/usr/local/lib/lua/5.1/resty.so’
no file ‘/usr/lib/lua/5.1/resty.so’
no file ‘/usr/local/lib/lua/5.1/loadall.so’)
Server ready

=====================================================

I am a bit lost at this point. Would anyone please point me in the right direction? Thank you!

Update: I requested help on the Letsencrypt forum and confirmed that the certificates are getting generated. Cloudflare not able to reach my ip. or I am not able to get past my router. Because for example if I type in http://192.168.1.145:8989/ i can hit sonarr. But if I type in https://irisnet.duckdns.org:8989 or https://sonarr.irisnet.ga or https://sonarr.irisnet.ga:8989 it doesn’t go anywhere.

Same with the nextcloud. I can reach with the internal ip. So if the certificates are working, the issue is either the router port is not redirecting traffic on 443 to 1443 or Letsencrypt is not forwarding to the right docker. If anyone has any troubleshooting tips, please let me know.

On another note, the virgil (hassio on raspberry pi) when I tried DuckDNS with Letsencrypt, I am able to reach it using https://irisnet.duckdns.org:8123

Edited by war1000
added additional update
Link to post
16 hours ago, war1000 said:

I am a bit lost at this point. Would anyone please point me in the right direction? Thank you!

Update: I requested help on the Letsencrypt forum and confirmed that the certificates are getting generated. Cloudflare not able to reach my ip. or I am not able to get past my router. Because for example if I type in http://192.168.1.145:8989/ i can hit sonarr. But if I type in https://irisnet.duckdns.org:8989 or https://sonarr.irisnet.ga or https://sonarr.irisnet.ga:8989 it doesn’t go anywhere.

Same with the nextcloud. I can reach with the internal ip. So if the certificates are working, the issue is either the router port is not redirecting traffic on 443 to 1443 or Letsencrypt is not forwarding to the right docker. If anyone has any troubleshooting tips, please let me know.

On another note, the virgil (hassio on raspberry pi) when I tried DuckDNS with Letsencrypt, I am able to reach it using https://irisnet.duckdns.org:8123

Hey, I don't use duckdns because I have a fixed IP, but I have got Nextcloud running.  I had this issue at the beginning too.

 

Also, the LuaJIT / restycore error at the end of your letsencrypt log is apparently perfectly normal (I think it's just a docker issue and I have it too), so don't worry about that.

 

What I suggest you do is turn off the 'cloudflare proxy' setting for any non-working cname.  I'm not actually sure how duckdns works, but to start with I'd suggest you also turn of any cloudflare proxy setting to do with duckdns set up as well.  You can gradually turn them on later to test which ones work.  I found some apps are OK, others are not.

 

I found I got a 'too many redirects' error with this turned on - and if you're using duckdns it's probably going to be even more redirects.  Also, I found I had to wait quite some time (up to a day maybe) after turning this off for it to take effect.

 

The proxy feature hides the IP address of the real host by providing a cloudflare one, then redirecting it.

 

I've read that enabling strict HTTPS can help this issue, (as normally it only occurs when using https, which everyone either does or should now).  I suspect this will get you working, then if you ever manage to move that forward more so that you can get the proxy enabled as well, please let me know cause I haven't managed to yet!

 

Also, don't worry about turning off the proxy setting too much - this is the way most people run their DNS - it's a great feature but not absolutely necessary.  You'd be better spent ensuring you have a real firewall installed like OPNsense or similar.

 

Let me know if you need any more help and good luck!!

 

Thanks,

 

Marshalleq

Edited by Marshalleq
Link to post
16 minutes ago, Marshalleq said:

Hey, I don't use duckdns because I have a fixed IP, but I have got Nextcloud running.  I had this issue at the beginning too.

 

Also, the LuaJIT / restycore error at the end of your letsencrypt log is apparently perfectly normal (I think it's just a docker issue and I have it too), so don't worry about that.

 

What I suggest you do is turn off the 'cloudflare proxy' setting for any non-working cname.  I'm not actually sure how duckdns works, but to start with I'd suggest you also turn of any cloudflare proxy setting to do with duckdns set up as well.  You can gradually turn them on later to test which ones work.  I found some apps are OK, others are not.

 

I found I got a 'too many redirects' error with this turned on - and if you're using duckdns it's probably going to be even more redirects.  Also, I found I had to wait quite some time (up to a day maybe) after turning this off for it to take effect.

 

The proxy feature hides the IP address of the real host by providing a cloudflare one, then redirecting it.

 

I've read that enabling strict HTTPS can help this issue, (as normally it only occurs when using https, which everyone either does or should now).  I suspect this will get you working, then if you ever manage to move that forward more so that you can get the proxy enabled as well, please let me know cause I haven't managed to yet!

 

Also, don't worry about turning off the proxy setting too much - this is the way most people run their DNS - it's a great feature but not absolutely necessary.  You'd be better spent ensuring you have a real firewall installed like OPNsense or similar.

 

Let me know if you need any more help and good luck!!

 

Thanks,

 

Marshalleq

Thank you very much for your reply. I am going to try your recommendation. The made the following change to keep things clean.

Cloudflare:

image.thumb.png.b86f0adf952b6a29f34dd2228c6fceb8.png

 

DuckDNS:

image.thumb.png.e028fe48939e7b88c177fa65b83369a0.png

 

I am not sure about the enabling strict https setting but I will research. I think you are right about the proxy part. Because the DuckDNS on the hassio works as it goes to duckdns only and not through cloudflare.

 

I will keep monitoring and report back tonight. Thank you for the direction here.

Link to post
10 minutes ago, war1000 said:

Thank you very much for your reply. I am going to try your recommendation. The made the following change to keep things clean.

Cloudflare:

image.thumb.png.b86f0adf952b6a29f34dd2228c6fceb8.png

 

DuckDNS:

image.thumb.png.e028fe48939e7b88c177fa65b83369a0.png

 

I am not sure about the enabling strict https setting but I will research. I think you are right about the proxy part. Because the DuckDNS on the hassio works as it goes to duckdns only and not through cloudflare.

 

I will keep monitoring and report back tonight. Thank you for the direction here.

Ok setting the cloudflare to dns more returns the right ip if I ping sonarr.irisnet.ga for example. I am pretty sure something is not converting at the router. Since I have my port 443 redirected to the UnRaid server port 1443, is there anyway I could test if a service is available on port 443 directly from the internet? i.e. If I turn off Letsencrypt, then change the port for Sonarr to 443? I am just want to confirm that I can access a service directly on the port. Right now when Letsencrypt is running, I can see the port open using and online port checker. 

Link to post

With this I found I had to be carefeul - just because it's returning the right address on one machine, doesn't mean it's returning the right address in all cases, and if it's not, it won't work.  Cloudflare is pretty good with speedy DNS updates, but I found I had to wait for this particular change.  Are you pinging from the server or the client?

 

Also, I assume you're testing via some external internet connection such as tethering through your phone?  If so, checking that IP address pings correctly is important.  At this point I'd suggest looking at the active logs of both the letsencrypt docker and the particular app you're going to e.g. nextcloud wihtin the appdata directory or equivalent.  I found I could see issues in there fairly easily.  Also the logs in the GUI of the docker container on the docker page in unraid.

Edited by Marshalleq
Link to post
32 minutes ago, Marshalleq said:

With this I found I had to be carefeul - just because it's returning the right address on one machine, doesn't mean it's returning the right address in all cases, and if it's not, it won't work.  Cloudflare is pretty good with speedy DNS updates, but I found I had to wait for this particular change.  Are you pinging from the server or the client?

 

Also, I assume you're testing via some external internet connection such as tethering through your phone?  If so, checking that IP address pings correctly is important.  At this point I'd suggest looking at the active logs of both the letsencrypt docker and the particular app you're going to e.g. nextcloud wihtin the appdata directory or equivalent.  I found I could see issues in there fairly easily.  Also the logs in the GUI of the docker container on the docker page in unraid.

Thanks for the reply. No I am testing from within my network. I will test it via the phone tonight. 

 

My network setup is pretty standard, 5 computers behind the router. 3 plugged into the router and 2 laptops (there are also phones). 1 server (UnRaid), 1 pc (Windows 10), 1 raspberry pi (Hassio), 2 laptops (Windows 10). I have a laptop that I can use to tether with the phone. Before I do this, I have disconnected hassio so it doesn't ping out when I test. I am also going to redo the nextcloud configs to make it match the spaceinvader setup. I will post the setting here for review.

Link to post

For within your network, it's likely best to create a static DNS record, with the same domain name you're using and point that at your INTERNAL nextcloud / unraid address.

 

So:

  1. Unraid needs to have the correct IP for the domain
  2. Cloudflare needs to have the correct IP for the domain
  3. The proxy setting in cloudflare should be off
  4. You need to give it time for the new cloudflare setting to propagate to the DNS servers on the internet (which will include the DNS server at whatever phone provider you are using AND the DNS server that your home router is using)
  5. Internal devices either need the internal DNS updated or some router trickery which you may or may not have, which is why I suggest adding this manually for now

If you can't figure out how to do this in the router, for testing purposes you can test by just pastin the internal unraid / letsencrypt IP and DNS record into your clients hosts file.  Be sure you clear the DNS cache on the local client each time you change this as it will always remember the last setting.

 

Hope that helps.

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.