[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


5288 posts in this topic Last Reply

Recommended Posts

46 minutes ago, aptalca said:

?? Php-fpm is just a processor. Your index file and root directive tell nginx where the necessary files are. When php files are called, they are sent to the processor.

 

What exactly are you trying to accomplish here? What are these apps you're referring to?

so what i mean is i want to have a seperate pool per nginx server directive. so one pool for be website-a and another for website-b. im just trying to acheive separation of envs through php-fpm.

 

so i add a new pool for [website-a] how does it line up with website-a server directive

 

sorry if my not being clear enough

 

thanks!

Link to post
  • Replies 5.3k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

Application Name: SWAG - Secure Web Application Gateway Application Site:  https://docs.linuxserver.io/general/swag Docker Hub: https://hub.docker.com/r/linuxserver/swag Github: https:/

There is a PR just merged, it will be in next Friday's image, and will let you append php.ini via editing a file in the config folder   If you want to see how the sausage is made: https://gi

Posted Images

On 1/25/2020 at 8:16 AM, aptalca said:

It's explained in the readme

@aptalca , thank you for indicating the readme file. I successfully mounted LE config folder to onlyoffice docker. Howver, I still need to present the certs in the filenames onlyoffice required onlyoffice.crt, onlyoffice.key. Should I use "ln -s" or create a cron job to copy LE certs in the filenames required?

 

I would appreciate any advice. Thank you.

Link to post
4 hours ago, sse450 said:

@aptalca , thank you for indicating the readme file. I successfully mounted LE config folder to onlyoffice docker. Howver, I still need to present the certs in the filenames onlyoffice required onlyoffice.crt, onlyoffice.key. Should I use "ln -s" or create a cron job to copy LE certs in the filenames required?

 

I would appreciate any advice. Thank you.

Sure, you can create symlinks with those names.

 

But you really should be reverse proxying instead.

Link to post
8 hours ago, phyzical said:

so what i mean is i want to have a seperate pool per nginx server directive. so one pool for be website-a and another for website-b. im just trying to acheive separation of envs through php-fpm.

 

so i add a new pool for [website-a] how does it line up with website-a server directive

 

sorry if my not being clear enough

 

thanks!

Edit /config/php/www2.conf

Link to post
1 hour ago, aptalca said:

Sure, you can create symlinks with those names.

 

But you really should be reverse proxying instead.

@aptalca Thank you for the hint. But, second sentence in your reply is important. It is not very clear tome.

 

I do reverse proxy using LE docker. But, I think that onlyoffice still needs the certs in its /Data/certs directory. Am I wrong?

 

How do just reverse proxying solve that issue without certs in OO docker?

 

 

Link to post

Hi All,

This may be a “duh” question, but I am trying to learn and not hose this box’s dialed in setup in the process. So, my question is, should I just change the ip addy/subnet for the LetsEncrypt (LE) container?

 

Background:

br0: 192.168.69.0/24

eth2: 192.168.169.0/24

I originally installed LE using the bonded (br0) interface which is working perfectly. I have since added a small 10Gb second subnet (eth2) which includes my servers and one desktop. When I have the desktop on the original br0 subnet, I can access anything behind the LE proxy as expected. When I switch the desktop over to the new eth2 subnet I can do everything BUT access anything behind the LE proxy.

 

Therefore, it seems to me that by simply changing the LE proxy’s subnet to that of the eth2 interface, I should be able to utilize my 10Gb interface on the desktop for everything, including those services behind the LE proxy. However, if I am overlooking a better way of doing this, I am open to suggestions and the ‘why’ so I understand for future needs and having the ability pay it forward. As a sample, here is info from the Nextcloud config.php file and the Docker network:

 

Config.php snippet:

'trusted_domains' =>

  array (

    0 => '192.168.69.xxx:aaa',

    1 => 'daxxxxx.aaaaaa.bbbbbbbfe',

  ),

  'dbtype' => 'mysql',

  'version' => '17.0.2.1',

  'overwrite.cli.url' => 'https://da daxxxxx.aaaaaa.bbbbbbbfe',

  'overwritehost' => 'da daxxxxx.aaaaaa.bbbbbbbfe',

  'overwriteprotocol' => 'https',

  'dbname' => 'dbname',

  'dbhost' => '192.168.69.xxx:aaaa',

  'dbport' => '',

  'dbtableprefix' => 'oc_',

  'mysql.utf8mb4' => true,

 

Docker:

DockerNetworks.thumb.png.3c394530d76da4da1e1b3df2592f6a8b.png

 

 

Thanks!!!

 

Link to post
2 hours ago, sse450 said:

@aptalca Thank you for the hint. But, second sentence in your reply is important. It is not very clear tome.

 

I do reverse proxy using LE docker. But, I think that onlyoffice still needs the certs in its /Data/certs directory. Am I wrong?

 

How do just reverse proxying solve that issue without certs in OO docker?

 

 

when your cert is working in LE docker u dont need another cert in onlyoffice "underneath", ssl is handled then by nginx from letsencrypt.

Link to post
3 hours ago, sse450 said:

@aptalca Thank you for the hint. But, second sentence in your reply is important. It is not very clear tome.

 

I do reverse proxy using LE docker. But, I think that onlyoffice still needs the certs in its /Data/certs directory. Am I wrong?

 

How do just reverse proxying solve that issue without certs in OO docker?

 

 

I haven't used onlyoffice. We use collabora with nextcloud, reverse proxied through letsencrypt container.

 

Here's a post about it: https://helpcenter.onlyoffice.com/server/document/document-server-proxy.aspx

Link to post
On 11/28/2019 at 1:43 AM, bluesky509 said:

Anybody know how to setup custom error pages?

Specifically interested in 401 and 50x error pages.

 

 

@bluesky509 did you work out how to do this?  I'm in the same boat

Link to post

Hi all,

So I have this working but really want to get CloudFlare to work with Proxies.

I have it working without the Proxies, just as DNS and its working fine.

 

I have it set like so:

image.thumb.png.d68d28400e1ed96c13525607637d4662.png

So A record to my WAN IP, then CNAME subdomains for each thing I want.

 

I also have LetsEncrypt set as DNS verification challenge and its working using wildcard.

I have ports forwarded from my router for 1443 and 180 and all good there too.

 

BUT my question is!

1) Can I remove said ports as its doing DNS verification or just the 180 (80) one? 

2) Is there a way I can get the Proxy status to work, as every time I set it as Proxy I cannot access anything remotely?

 

Thanks

Link to post
6 hours ago, SavellM said:

Hi all,

So I have this working but really want to get CloudFlare to work with Proxies.

I have it working without the Proxies, just as DNS and its working fine.

 

I have it set like so:

image.thumb.png.d68d28400e1ed96c13525607637d4662.png

So A record to my WAN IP, then CNAME subdomains for each thing I want.

 

I also have LetsEncrypt set as DNS verification challenge and its working using wildcard.

I have ports forwarded from my router for 1443 and 180 and all good there too.

 

BUT my question is!

1) Can I remove said ports as its doing DNS verification or just the 180 (80) one? 

2) Is there a way I can get the Proxy status to work, as every time I set it as Proxy I cannot access anything remotely?

 

Thanks

If you're doing dns validation, you don't need port 80 mapping.

 

Can't help you with cloudflare proxy. I don't use it

Link to post

Hi question,

 

Tried to find this online but could not find it.

I have two instances of a few dockers running ("radarr and radarr4k" "bazarr and bazarr4k").
 

Now I have succesfully set up the not 4k intended dockers with let's encrypt and all is working now I want to do the same for the 4k intended dockers.

 

I have done the following changes in the conf already:

 

# make sure that your dns has a cname set for bazarr and that your bazarr container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name bazarr4k.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_bazarr bazarr4k;
        proxy_pass http://$upstream_bazarr:6868;
    }
}

- I changed the server_name to the correct subdomain for which i obtained a certificate.

- Changed the proxy_pass to http://$upstream_bazarr:6868; (as how i have the port setup in unraid)

 

Now I just changed the name of the config to bazarr4k.subdomain.conf since bazarr was already in use did not expect this to work and got a 502 bad gateway.

 

Does anybody run the same or does anybody have an idea on how to do this correctly?

Much appreciated,

 

Bleak

Link to post
40 minutes ago, Bleak said:

Hi question,

 

Tried to find this online but could not find it.

I have two instances of a few dockers running ("radarr and radarr4k" "bazarr and bazarr4k").
 

Now I have succesfully set up the not 4k intended dockers with let's encrypt and all is working now I want to do the same for the 4k intended dockers.

 

I have done the following changes in the conf already:

 


# make sure that your dns has a cname set for bazarr and that your bazarr container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name bazarr4k.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_bazarr bazarr4k;
        proxy_pass http://$upstream_bazarr:6868;
    }
}

- I changed the server_name to the correct subdomain for which i obtained a certificate.

- Changed the proxy_pass to http://$upstream_bazarr:6868; (as how i have the port setup in unraid)

 

Now I just changed the name of the config to bazarr4k.subdomain.conf since bazarr was already in use did not expect this to work and got a 502 bad gateway.

 

Does anybody run the same or does anybody have an idea on how to do this correctly?

Much appreciated,

 

Bleak

Don't change the port

Link to post

Would it be possible to run multiple instances of the letsencrypt container? All instances would have to have the same port mapping (i presume). Would this be possible by defining custom docker networks for each instance of letsencrypt and would http validation still work?

 

Thank you for the help!

Link to post

OK, so I can access my calibre docker through the reverse proxy.

 

What I would like to be able to do is to also access the OPDS server that is builtin so I can download books on the road. Typically the address would be IPaddress:8080/opds; but right now I only have 80 and 443 port forwarded (and the webgui works fine there)

 

 

Link to post
22 hours ago, Seige said:

Would it be possible to run multiple instances of the letsencrypt container? All instances would have to have the same port mapping (i presume). Would this be possible by defining custom docker networks for each instance of letsencrypt and would http validation still work?

 

Thank you for the help!

Hi not sure why you would want multiple instances for let's encrypt. If you need to add extra domains just add an extra variable with the name Extra domains. As the value use EXTRA_DOMAINS and then in the key you can add extra domains note this has to be the full version you want so example.domain.com and not domain.com if you need even more add them with a comma like this example.domain.com,example2.domain.com,example3.domain.com etc... 

 

So in my case I want to be able to reach my plex from 3 different domains I add one the normal way as top domain and with the sub domains. and the other two in the extra domains.

image.thumb.png.d65d392db8f4965d711cdec543d51c78.png

 

  Hope this helps!

Edited by Bleak
Link to post

How can I fix this lua error?

 

 

nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')

 

Link to post
How can I fix this lua error?
 
 
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:no field package.preload['resty.core']no file './resty/core.lua'no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'no file '/usr/local/share/lua/5.1/resty/core.lua'no file '/usr/local/share/lua/5.1/resty/core/init.lua'no file '/usr/share/lua/5.1/resty/core.lua'no file '/usr/share/lua/5.1/resty/core/init.lua'no file '/usr/share/lua/common/resty/core.lua'no file '/usr/share/lua/common/resty/core/init.lua'no file './resty/core.so'no file '/usr/local/lib/lua/5.1/resty/core.so'no file '/usr/lib/lua/5.1/resty/core.so'no file '/usr/local/lib/lua/5.1/loadall.so'no file './resty.so'no file '/usr/local/lib/lua/5.1/resty.so'no file '/usr/lib/lua/5.1/resty.so'no file '/usr/local/lib/lua/5.1/loadall.so')

 



What it means has been talked about in length previously in this thread.

TLDR; ignore it
Link to post
7 minutes ago, blaine07 said:

 


What it means has been talked about in length previously in this thread.

TLDR; ignore it

Thanks, and this part?

nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/config/keys/letsencrypt/fullchain.pem"

Edited by L0rdRaiden
Link to post

So, i guess it's the usual problem:
 

root@cc3c920d7a5b:/# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/nextcloud.somedomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nextcloud.somedomain.com
http-01 challenge for oo.somedomain.com
Cleaning up challenges
Attempting to renew cert (nextcloud.somedomain.com) from /etc/letsencrypt/renewal/nextcloud.somedomain.com.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/nextcloud.somedomain.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/nextcloud.somedomain.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

Of course ports 80 and 443 are forwarded correcly to the container.

 

Deleting certificates and key and try to get new ones leads it to generate them, download them and then saying there the same error (and of course, the new ones don't work):
 

Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/nextcloud.somedomain.com-0002/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/nextcloud.somedomain.com-0002/privkey.pem
Your cert will expire on 2020-04-30. To obtain a new or tweaked
version of this certificate in the future, simply run certbot

again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

Any hint?

Thanks.
 

Edited by dhstsw
Link to post
2 hours ago, dhstsw said:

So, i guess it's the usual problem:
 


root@cc3c920d7a5b:/# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/nextcloud.somedomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nextcloud.somedomain.com
http-01 challenge for oo.somedomain.com
Cleaning up challenges
Attempting to renew cert (nextcloud.somedomain.com) from /etc/letsencrypt/renewal/nextcloud.somedomain.com.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/nextcloud.somedomain.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/nextcloud.somedomain.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

Of course ports 80 and 443 are forwarded correcly to the container.

 

Deleting certificates and key and try to get new ones leads it to generate them, download them and then saying there the same error (and of course, the new ones don't work):
 


Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/nextcloud.somedomain.com-0002/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/nextcloud.somedomain.com-0002/privkey.pem
Your cert will expire on 2020-04-30. To obtain a new or tweaked
version of this certificate in the future, simply run certbot

again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

Any hint?

Thanks.
 

Don't manually run commands inside the container and don't manually delete key files unless we ask you to. We don't provide support for that.

Link to post
3 hours ago, aptalca said:

Don't manually run commands inside the container and don't manually delete key files unless we ask you to. We don't provide support for that.

I did that after having the container not updating the keys (received email from letsencrypt stating certs are expiring in 20 days).

Anyway, i keep a backup of all the appdata folder, keys and certs are the way they used to be.
Never the less, it's not updating.

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...
usermod: no changes

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Europe/Athens
URL=somedomain.com
SUBDOMAINS=nextcloud,oo
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=someine@somewhere.com
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d nextcloud.somedomain.com -d oo.somedomain.com
E-mail address entered: someine@somewhere.com
http validation is selected
Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

Server ready

 

Link to post
1 hour ago, dhstsw said:

I did that after having the container not updating the keys (received email from letsencrypt stating certs are expiring in 20 days).

Anyway, i keep a backup of all the appdata folder, keys and certs are the way they used to be.
Never the less, it's not updating.


[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...
usermod: no changes

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Europe/Athens
URL=somedomain.com
SUBDOMAINS=nextcloud,oo
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=someine@somewhere.com
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d nextcloud.somedomain.com -d oo.somedomain.com
E-mail address entered: someine@somewhere.com
http validation is selected
Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

Server ready

 

If you turn off your server at night the certs will not renew. Tha cron job is run at 2 in the night.

 

Have you checked in the browser that the current cert is expiring?

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.