[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

11 hours ago, xxbigfootxx said:

If it's not supported does that mean that i'll have to stick with the local adresses instead of using the subdomain?

Then you can do split dns, where your local dns server will tell clients to connect to the local ip when they request the domain.

Link to comment

Are there any special settings I need to set to get nested subdomains working? I've got no issues with certificates for my root and first-level subdomains, but the second-level nested aren't getting added to the cert.

 

I'm using cloudflare and dns verification

 

Example A records:

A example.com <ip>   <-- OK
A *.example.com <ip>  <-- OK
A *.subdomain.example.com <ip>  <-- Cert invalid when navigating to site

 

Link to comment
8 hours ago, StudiesTheBlade said:

Are there any special settings I need to set to get nested subdomains working? I've got no issues with certificates for my root and first-level subdomains, but the second-level nested aren't getting added to the cert.

 

I'm using cloudflare and dns verification

 

Example A records:


A example.com <ip>   <-- OK
A *.example.com <ip>  <-- OK
A *.subdomain.example.com <ip>  <-- Cert invalid when navigating to site

 

Set EXTRA_DOMAINS to *.subdomain.example.com

  • Thanks 1
Link to comment
On 8/7/2020 at 11:50 AM, Wong said:

I attached nextcloud conf. file for reference if anyone could tell me if I did any mistake.

 

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => '*********************',
  'passwordsalt' => '********************************',
  'secret' => '*****************************',
  'trusted_domains' => 
  array (
    0 => '192.168.0.16:444',
    1 => 'nextcloud.protech.my',
  ),
  'dbtype' => 'mysql',
  'version' => '19.0.1.1',
  'trusted_proxies' => 
  array (
    0 => 'letsencrypt',
  ),
  'overwrite.cli.url' => 'https://nextcloud.protech.my/',
  'overwritehost' => 'nextcloud.protech.my',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.0.16:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => '***************',
  'installed' => true,
  'maintenance' => false,
);

Hi, so for the reason I can't use http is there is an error in my Letsenrypt log (same error as shown in the 1st version of SpaceInvander Reverse Proxy video). I think my ISP blocked port 80. Thats why I proceed with dns verification.

 

ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

However, there was no error in my log after using dns verification. And stated server ready at the end. Yes I port forward port 80 to 180, 443 to 1443 with TCP/UDP. Just a note, if I only port forward with TCP only of 80 to 180 to my unraid server. I was kick out of my unraid server interface for some reason. But TCP/UDP works for me regardless if is need TCP only. Yes, it is still stuck in the Letencrypt WebUI after setting up Letsencrypt docker again.

 

Let say I dont want to use Reverse Proxy anymore to redirect me to my docker container, do I have another option to try with step by step guide? Cause my purpose is really to get onlyoffice working with nextcloud, can I get onlyoffice to work with or without reverse proxy?

 

(I am replying to my previous thread for anyone that want to refer to my conf file, I have tested all but always still stuck in letsencrypt WebUI)

Link to comment
2 hours ago, Wong said:

Hi, so for the reason I can't use http is there is an error in my Letsenrypt log (same error as shown in the 1st version of SpaceInvander Reverse Proxy video). I think my ISP blocked port 80. Thats why I proceed with dns verification.

 

ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

 

However, there was no error in my log after using dns verification. And stated server ready at the end. Yes I port forward port 80 to 180, 443 to 1443 with TCP/UDP. Just a note, if I only port forward with TCP only of 80 to 180 to my unraid server. I was kick out of my unraid server interface for some reason. But TCP/UDP works for me regardless if is need TCP only. Yes, it is still stuck in the Letencrypt WebUI after setting up Letsencrypt docker again.

 

Let say I dont want to use Reverse Proxy anymore to redirect me to my docker container, do I have another option to try with step by step guide? Cause my purpose is really to get onlyoffice working with nextcloud, can I get onlyoffice to work with or without reverse proxy?

 

(I am replying to my previous thread for anyone that want to refer to my conf file, I have tested all but always still stuck in letsencrypt WebUI)

We don't know what is in the guide you followed, so please post all errors and how you set it up.

Start by getting letsencrypt running, which it looks like you have done already as you are getting to the default webserver page.

 

If you have already set up nextcloud and can access it locally, go ahead and enable the proxy-conf and be sure to read the top of the proxy-conf and do what it says.

 

Remember to take one step only, as it's easier to track the error then, for both you and us.

Link to comment
51 minutes ago, saarg said:

We don't know what is in the guide you followed, so please post all errors and how you set it up.

Start by getting letsencrypt running, which it looks like you have done already as you are getting to the default webserver page.

 

If you have already set up nextcloud and can access it locally, go ahead and enable the proxy-conf and be sure to read the top of the proxy-conf and do what it says.

 

Remember to take one step only, as it's easier to track the error then, for both you and us.

Alright, let break it down. I have register my own domain name (protech.my). The video I followed are link below from SpaceinvaderOne. Let's Encrypt's log said server is ready. Lets' Encrypt port is 80 -> 180 and 443 -> 1443. Port forwarding is done on my router as I able to see the Let's Encrypt WebUi. I attached the log for reference. I am sure nextcloud is working as I have manage to access it locally and set up admin account with Mariadb. For the record, my nextcloud container port is 444. I have used cloudflareddns docker by onzu to track my public IP. I have setup a CNAME nextcloud.protech.my where is point to my public IP. I have setup the nextcloud.subdomain.conf and conf.php I asssume is done correctly already I hope. Let me know if I make any mistake. I attached the file below. I restarted the dockers and still stuck at Let's Encypt Web UI. If anything is not clear, please let me know. I have been stuck with in for a month. It would be if anyone could solve this. I dont mind if I can't get reverse proxy working but if there any method to get onlyoffice working, that would work for me. Thanks. 

 

Extra information:

(to be very sure my nextcloud is working, I port forwarded 443->444 which is my nextcloud container. I am able to access it from outside my home wifi but when I port forward to 443->1443 and back to stuck in Let'sEncrypt Web UI)

 and 

/////////////////////////////////{ LETSENCRYPT LOG }////////////////////////////////////

[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
s6-svwait: fatal: supervisor died
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...
usermod: no changes

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Asia/Singapore
URL=protech.my
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
VALIDATION=dns
DNSPLUGIN=cloudflare
EMAIL=**************@gmail.com
STAGING=

SUBDOMAINS entered, processing
Wildcard cert for protech.my will be requested
E-mail address entered: wongzhiwei1@gmail.com
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; starting nginx
Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,
and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key.
[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-renew: executing...
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[cont-init.d] 60-renew: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
Server ready

 

////////////////////////////{ nextcloud.subdomain.conf }///////////////////////////////////

# make sure that your dns has a cname set for nextcloud
# assuming this container is called "letsencrypt", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['letsencrypt'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app nextcloud;
        set $upstream_port 443;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_max_temp_file_size 2048m;
    }
}
 

/////////////////////{config.php}////////////////////////////////////

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'oc5hdxqy44ml',
  'passwordsalt' => '***************************',
  'secret' => '********************************',
  'trusted_domains' => 
  array (
    0 => '192.168.0.16',
    1 => 'nextcloud.protech.my',
  ),
  'dbtype' => 'mysql',
  'version' => '19.0.1.1',
  'overwrite.cli.url' => 'https://nextcloud.protech.my/',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.0.16:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => '***********',
  'installed' => true,
  'trusted_proxies' => ['letsencrypt'],
  'overwritehost' => 'nextcloud.protech.my',
  'overwriteprotocol' => 'https',
  'onlyoffice' => array (
    'verify_peer_off' => true
    ),
);
 

image.png

Edited by Wong
Link to comment
13 minutes ago, Wong said:

Alright, let break it down. I have register my own domain name (protech.my). The video I followed are link below from SpaceinvaderOne. Let's Encrypt's log said server is ready. Lets' Encrypt port is 80 -> 180 and 443 -> 1443. Port forwarding is done on my router as I able to see the Let's Encrypt WebUi. I attached the log for reference. I am sure nextcloud is working as I have manage to access it locally and set up admin account with Mariadb. For the record, my nextcloud container port is 444. I have used cloudflareddns docker by onzu to track my public IP. I have setup a CNAME nextcloud.protech.my where is point to my public IP. I have setup the nextcloud.subdomain.conf and conf.php I asssume is done correctly already I hope. Let me know if I make any mistake. I attached the file below. I restarted the dockers and still stuck at Let's Encypt Web UI. If anything is not clear, please let me know. I have been stuck with in for a month. It would be if anyone could solve this. I dont mind if I can't get reverse proxy working but if there any method to get onlyoffice working, that would work for me. Thanks. 

 

Extra information:

(to be very sure my nextcloud is working, I port forwarded 443->444 which is my nextcloud container. I am able to access it from outside my home wifi but when I port forward to 443->1443 and back to stuck in Let'sEncrypt Web UI)

 and 

/////////////////////////////////{ LETSENCRYPT LOG }////////////////////////////////////

[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
s6-svwait: fatal: supervisor died
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...
usermod: no changes

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Asia/Singapore
URL=protech.my
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
VALIDATION=dns
DNSPLUGIN=cloudflare
EMAIL=**************@gmail.com
STAGING=

SUBDOMAINS entered, processing
Wildcard cert for protech.my will be requested
E-mail address entered: wongzhiwei1@gmail.com
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; starting nginx
Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,
and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key.
[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-renew: executing...
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[cont-init.d] 60-renew: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
Server ready

 

////////////////////////////{ nextcloud.subdomain.conf }///////////////////////////////////

# make sure that your dns has a cname set for nextcloud
# assuming this container is called "letsencrypt", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['letsencrypt'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app nextcloud;
        set $upstream_port 443;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_max_temp_file_size 2048m;
    }
}
 

/////////////////////{config.php}////////////////////////////////////

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'oc5hdxqy44ml',
  'passwordsalt' => '***************************',
  'secret' => '********************************',
  'trusted_domains' => 
  array (
    0 => '192.168.0.16',
    1 => 'nextcloud.protech.my',
  ),
  'dbtype' => 'mysql',
  'version' => '19.0.1.1',
  'overwrite.cli.url' => 'https://nextcloud.protech.my/',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.0.16:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => '***********',
  'installed' => true,
  'trusted_proxies' => ['letsencrypt'],
  'overwritehost' => 'nextcloud.protech.my',
  'overwriteprotocol' => 'https',
  'onlyoffice' => array (
    'verify_peer_off' => true
    ),
);
 

image.png

Post the docker run command for both containers.

Link to comment
On 8/16/2020 at 10:02 PM, saarg said:

Post the docker run command for both containers.

What is a run command? Sorry I am still a newbie. Do you mean the setting page of the container as shown below?

image.thumb.png.5d819bc7e3032bb827cf5f16dcdd9b45.png

 

 

 

 

Edited by Wong
Removed email address
Link to comment

@saarg

This is from letsencrypt. You said do it with both container. I use the same command line for nextcloud container as well? Yes, I am trying to run https://protech.my CNAME is nextcloud

 

root@adb850c459a2:/# ping nextcloud
PING nextcloud (172.18.0.4): 56 data bytes
64 bytes from 172.18.0.4: seq=0 ttl=64 time=0.055 ms
64 bytes from 172.18.0.4: seq=1 ttl=64 time=0.051 ms
64 bytes from 172.18.0.4: seq=2 ttl=64 time=0.043 ms
64 bytes from 172.18.0.4: seq=3 ttl=64 time=0.036 ms
64 bytes from 172.18.0.4: seq=4 ttl=64 time=0.035 ms
64 bytes from 172.18.0.4: seq=5 ttl=64 time=0.038 ms
64 bytes from 172.18.0.4: seq=6 ttl=64 time=0.033 ms
64 bytes from 172.18.0.4: seq=7 ttl=64 time=0.027 ms
64 bytes from 172.18.0.4: seq=8 ttl=64 time=0.035 ms
64 bytes from 172.18.0.4: seq=9 ttl=64 time=0.036 ms

--- nextcloud ping statistics ---
73 packets transmitted, 73 packets received, 0% packet loss
round-trip min/avg/max = 0.026/0.040/0.089 ms

Edited by Wong
Reduced the length of thread
Link to comment
15 minutes ago, aptalca said:

Your nextcloud subdomain is showing the default landing page, which likely means that your nextcloud proxy conf is not activated properly. Is it named "nextcloud.subdomain.conf" and resides at "/config/nginx/proxy-confs"?

OHHH MYYY GODDDD, it worked. So the problem is because when I saved the nextcloud.subdomain.conf, notepad++ save it as text file. I edited the save type into all type. Then it worked. It feel good to get things working. Thanks you for the awesome unraid community support. 

Link to comment

Hi,

 

I am having issues setting up a second domain via the LetsEncrypt docker in Unraid. I added the EXTRA_DOMAINS variable in the conf page and saved it. It wants to create a certificate for the extra domain although is gives me an error saying that the there is an invalid response for the extra domain.

 

The odd thing is that both the 'old' and new domain have the in their DNS records the same ip setup, pinging the new domain gives back the correct IP address. When you navigate to the new domain in the browser it shows the test page from the ngix server that is running on unraid. So i would assume that the port forwarding is also working fine, oh and just creating a cert for the 'old' domain works fine without any issue.

 

Could anyone give me advise on why the new domains isnt being registerd correctly? I attached the log file that i got from LE.

 

/docker run -d --name='letsencrypt' --net='proxynet' --privileged=true -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'EMAIL'='rj***@***.com' -e 'URL'='rjwalet.nl' -e 'SUBDOMAINS'='nextcloud,sonarr,radarr' -e 'ONLY_SUBDOMAINS'='false' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'EXTRA_DOMAINS'='bakbijbel.nl' -e 'PUID'='99' -e 'PGID'='100' -p '180:80/tcp' -p '1443:443/tcp' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' 'linuxserver/letsencrypt'

 

Thanks in advance!

 

Never mind, already fixed it myself :) Turns out there was a AAAA record still present with an IPv6 attachted to it, after deleting that DNS record an giving it sometime it worked :)

 

Edited by Rexl
Link to comment
5 hours ago, Wong said:

OHHH MYYY GODDDD, it worked. So the problem is because when I saved the nextcloud.subdomain.conf, notepad++ save it as text file. I edited the save type into all type. Then it worked. It feel good to get things working. Thanks you for the awesome unraid community support. 

In windows, make sure you enable the setting for displaying file extensions even if known

  • Like 1
Link to comment

@aptalca Hey sorry to bother.. I was wondering to do an HTTP blank setup on let's encrypt does it have to have anything special set anywhere besides the standard stuff in the docker like subdomains and stuff? I had an issue trying to add a subdomain but another container would set it properly so made me think I might have something configured improperly. Though I couldn't for the life of me figure it  out. The error I was getting was "Timeout during connect (likely firewall problem)”. But if I just pointed my ports to the other container HTTP worked. The other strange thing is sometimes it would work for a subdomain and other times it wouldn't after just a restart. I assume it's something I'm doing but just wondering if you heard of this ever happening. I ended up doing a DNS challenge and it all worked fine. Thanks for any insights

 

 

Edit

Should also mention I only use cloudflare for my DNS now and no longer use it as a pass through so it shouldn't be that to my knowledge. Also the other container shouldn't of worked if that was the case. I have 6-7 subdomains.

Edited by Jerky_san
Link to comment
12 hours ago, Jerky_san said:

@aptalca Hey sorry to bother.. I was wondering to do an HTTP blank setup on let's encrypt does it have to have anything special set anywhere besides the standard stuff in the docker like subdomains and stuff? I had an issue trying to add a subdomain but another container would set it properly so made me think I might have something configured improperly. Though I couldn't for the life of me figure it  out. The error I was getting was "Timeout during connect (likely firewall problem)”. But if I just pointed my ports to the other container HTTP worked. The other strange thing is sometimes it would work for a subdomain and other times it wouldn't after just a restart. I assume it's something I'm doing but just wondering if you heard of this ever happening. I ended up doing a DNS challenge and it all worked fine. Thanks for any insights

 

 

Edit

Should also mention I only use cloudflare for my DNS now and no longer use it as a pass through so it shouldn't be that to my knowledge. Also the other container shouldn't of worked if that was the case. I have 6-7 subdomains.

I don't follow. What's "HTTP blank"?

 

You'll have to be provide a clearer description of the issues you're having.

Link to comment
4 hours ago, aptalca said:

I don't follow. What's "HTTP blank"?

 

You'll have to be provide a clearer description of the issues you're having.

Sorry I don't know why I said blank.. HTTP challenge over port 80. Even though the port is totally accessible it seems it has trouble completing the challenges stating "Timeout during connect (likely firewall problem)". It will even fail to do the challenge on subdomains it just did a few minutes ago when adding another subdomain to the list. But if I spin up "NginxProxyManager" as a test container just to see if other containers fail. It is able to challenge via http without issue. To my knowledge when it does the HTTP challenge the server redirects to the let'sencrypt folder where the challenges are stored but for some reason it times out sometimes on one or more subdomains and succeeds on others. I almost wonder if fail to ban is kicking in because I have so many subdomains.

Edited by Jerky_san
Link to comment
7 hours ago, Jerky_san said:

Sorry I don't know why I said blank.. HTTP challenge over port 80. Even though the port is totally accessible it seems it has trouble completing the challenges stating "Timeout during connect (likely firewall problem)". It will even fail to do the challenge on subdomains it just did a few minutes ago when adding another subdomain to the list. But if I spin up "NginxProxyManager" as a test container just to see if other containers fail. It is able to challenge via http without issue. To my knowledge when it does the HTTP challenge the server redirects to the let'sencrypt folder where the challenges are stored but for some reason it times out sometimes on one or more subdomains and succeeds on others. I almost wonder if fail to ban is kicking in because I have so many subdomains.

Follow this: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/

Link to comment
1 hour ago, ElectricBadger said:

Do we need to change anything in our unRAID configs in order to continue getting updates to this container, if it's being renamed? Or will the rename get picked up automatically?

I would assume that there will be a new container to swap to, as swag is in a different git repo than the lets encrypt image. There is currently not released one on the community application plugin in unraid, so i would assume they will release it when they have time.

Link to comment
11 hours ago, ElectricBadger said:

Do we need to change anything in our unRAID configs in order to continue getting updates to this container, if it's being renamed? Or will the rename get picked up automatically?

For now you can just edit the docker to point the repository from linuxserver/letsencrypt to linuxserver/swag and it seems to work fine for me so far.

  • Thanks 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.