Jump to content
linuxserver.io

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

5070 posts in this topic Last Reply

Recommended Posts

14 hours ago, saarg said:

You might have very old config files, so I would recommend you to check the date at the top of the config files in both swag and nextcloud and compare them with the ones on GitHub. The files I can remember is the default, proxy.conf and nginx.conf

I have updated the files but the message remains. Any other Idea?

Share this post


Link to post

Hi, this is my first post, I am still new in unraid, sorry for mybe non-professionel question.

I tried to migrate my running let'sencrypt docker to swag like described, so far so good. all is running.

 

but in the logs i can see the following and I hope you can advice me what has to be done.

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

 


nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

 

no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
Server ready

 

Thx in advance.

 

Share this post


Link to post
4 minutes ago, joghurt said:

Hi, this is my first post, I am still new in unraid, sorry for mybe non-professionel question.

I tried to migrate my running let'sencrypt docker to swag like described, so far so good. all is running.

 

but in the logs i can see the following and I hope you can advice me what has to be done.

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

 


nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

 

no field package.preload['resty.core']
no file './resty/core.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core.lua'
no file '/usr/local/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/5.1/resty/core.lua'
no file '/usr/share/lua/5.1/resty/core/init.lua'
no file '/usr/share/lua/common/resty/core.lua'
no file '/usr/share/lua/common/resty/core/init.lua'
no file './resty/core.so'
no file '/usr/local/lib/lua/5.1/resty/core.so'
no file '/usr/lib/lua/5.1/resty/core.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so')
Server ready

 

Thx in advance.

 

Some of your conf files are really old. Delete them and restart the container. Those are including nginx.conf, proxy.conf, ssl.conf, etc.

Share this post


Link to post
8 hours ago, PsiPlexServ said:

Hello, trying to renew my certs but it keeps erroring. 

Capture.thumb.PNG.4e7e2e09f1c456510d779d9f73f32f18.PNG

Don't run manual commands inside the container unless we ask you to. We don't support that.

Share this post


Link to post

Thx, I followed the instructions and deleted the conf files. The most of the log entry disappeared. 👍

Last message left is the system warning:

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

 

Is there anything I could do on this? Many thx in advance,

Share this post


Link to post
On 9/23/2020 at 8:00 AM, DockX said:

I have updated the files but the message remains. Any other Idea?

You updated them or deleted them and let the container recreate them on restart?

 

Which files in which container did you update?

Share this post


Link to post

How I switched to swag that seemed to work:

  1. Create an folder named swag in appdata
  2. Copy all content from letsencrypt folder to swag
    (could also rename it but I did not want to change letscencrypt stuff before I knew swag worked fine)
  3. Install swag template and change settings
  4. Stop letsencrypt docker and start swag
  5. Change letsencrypt to swag in nextcloud config
  6. Done.

Share this post


Link to post
On 9/24/2020 at 1:45 PM, saarg said:

You updated them or deleted them and let the container recreate them on restart?

 

Which files in which container did you update?

I have created everything new today, SWAG, Nextcloud, MariaDB and the warning remains. Should be easy to reproduce. I have the add_header line above the line where ssl.conf is included like its suggested in the readme. To not have it twice I disabled the add_header line inside the nextcloud container, message is there anyway though, disabled or not. Any other Ideas?

Share this post


Link to post
59 minutes ago, DockX said:

I have created everything new today, SWAG, Nextcloud, MariaDB and the warning remains. Should be easy to reproduce. I have the add_header line above the line where ssl.conf is included like its suggested in the readme. To not have it twice I disabled the add_header line inside the nextcloud container, message is there anyway though, disabled or not. Any other Ideas?

 

Not sure what your issue is, as I don't see it here.

Not sure what is in my cpnfigs, but on mobile arm so can't check until later today.

Share this post


Link to post
20 minutes ago, saarg said:

 

Not sure what your issue is, as I don't see it here.

Not sure what is in my cpnfigs, but on mobile arm so can't check until later today.

The issue is, that you always get the "the “ X - Robots - Tag ” HTTP header is not configured to equal to “none” warning, when you configure your swag with "none, noindex, nofollow, nosnippet, noarchive". When you have more than just "none" the warning appears, and only "none" is not enough for all crawlers.

Share this post


Link to post
1 hour ago, DockX said:

The issue is, that you always get the "the “ X - Robots - Tag ” HTTP header is not configured to equal to “none” warning, when you configure your swag with "none, noindex, nofollow, nosnippet, noarchive". When you have more than just "none" the warning appears, and only "none" is not enough for all crawlers.

Yes I know what the issue is, but not the solution.

Share this post


Link to post

Been a while, the new Linuxserver logo looks great!!

 

Can someone have a look at this reverse proxy for calibre-web (I think I got it from Calibre-Web's github)? It used to work and now I'm getting a 502 Bad Gateway.

 

#Config for Calibre Web
    location ^~ /calibre/ {
        auth_basic "Restricted";
         auth_basic_user_file /config/nginx/.htpasswd;
         include /config/nginx/proxy.conf;
        proxy_pass              http://192.168.1.252:8083;
        proxy_set_header        Host            $http_host;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Scheme        $scheme;
        proxy_set_header        X-Script-Name   /calibre;
    }

 

Edited by vurt

Share this post


Link to post
32 minutes ago, vurt said:

Been a while, the new Linuxserver logo looks great!!

 

Can someone have a look at this reverse proxy for calibre-web (I think I got it from Calibre-Web's github)? It used to work and now I'm getting a 502 Bad Gateway.

 


#Config for Calibre Web
    location ^~ /calibre/ {
        auth_basic "Restricted";
         auth_basic_user_file /config/nginx/.htpasswd;
         include /config/nginx/proxy.conf;
        proxy_pass              http://192.168.1.252:8083;
        proxy_set_header        Host            $http_host;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Scheme        $scheme;
        proxy_set_header        X-Script-Name   /calibre;
    }

 

Why not use the proxy conf included in swag?

Share this post


Link to post
14 minutes ago, saarg said:

Why not use the proxy conf included in swag?

Thanks for suggesting that, I never knew there's a sample in there.

 

But I'm still getting the same 502 Bad Gateway error. I'm beginning to suspect it might be Calibre-Web. Someone on Reddit is also getting the same error when his/her reverse proxy worked fine before.

 

This is what I just tried based on the conf included in swag:

 

location /calibre {
    return 301 $scheme://$host/calibre/;
}

location ^~ /calibre/ {
    # enable the next two lines for http auth
    auth_basic "Restricted";
    auth_basic_user_file /config/nginx/.htpasswd;

    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
    #auth_request /auth;
    #error_page 401 =200 /ldaplogin;

    # enable for Authelia, also enable authelia-server.conf in the default site config
    #include /config/nginx/authelia-location.conf;

    resolver 192.168.1.252 valid=30s;
    set $upstream_app calibre;
    set $upstream_port 8083;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    proxy_set_header Host $http_host;
    proxy_set_header X-Scheme $scheme;
    proxy_set_header X-Script-Name /calibre;
}

 

Share this post


Link to post

Today I got a info from "Fix Common Problems" the container "letsencrypt" is deprecated. So far so good, I had already read a couple weeks ago that you guys have to switch the name for the container, but I never changed my setting until today.

 

What I did so far:

1. stop the letsencrypt container

2. backup the config folder in appdata (copied to new folder called swag)

3. edit the old "letsencrypt" container

4. changed the name to swag

5. switch to "linuxserver/swag" repo

6. adjusted the config path to the new folder

7. starting the swag container

8. adjusting "trusted_proxies" in the nextcloud config.php in /appdata/nextcloud/www/nextcloud/config to swag

 

Did I miss something?

Share this post


Link to post
9 hours ago, vurt said:

Thanks for suggesting that, I never knew there's a sample in there.

 

But I'm still getting the same 502 Bad Gateway error. I'm beginning to suspect it might be Calibre-Web. Someone on Reddit is also getting the same error when his/her reverse proxy worked fine before.

 

This is what I just tried based on the conf included in swag:

 


location /calibre {
    return 301 $scheme://$host/calibre/;
}

location ^~ /calibre/ {
    # enable the next two lines for http auth
    auth_basic "Restricted";
    auth_basic_user_file /config/nginx/.htpasswd;

    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
    #auth_request /auth;
    #error_page 401 =200 /ldaplogin;

    # enable for Authelia, also enable authelia-server.conf in the default site config
    #include /config/nginx/authelia-location.conf;

    resolver 192.168.1.252 valid=30s;
    set $upstream_app calibre;
    set $upstream_port 8083;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    proxy_set_header Host $http_host;
    proxy_set_header X-Scheme $scheme;
    proxy_set_header X-Script-Name /calibre;
}

 

502 means swag can't connect to the container. Are they in the same docker network?

Share this post


Link to post
3 hours ago, bastl said:

Today I got a info from "Fix Common Problems" the container "letsencrypt" is deprecated. So far so good, I had already read a couple weeks ago that you guys have to switch the name for the container, but I never changed my setting until today.

 

What I did so far:

1. stop the letsencrypt container

2. backup the config folder in appdata (copied to new folder called swag)

3. edit the old "letsencrypt" container

4. changed the name to swag

5. switch to "linuxserver/swag" repo

6. adjusted the config path to the new folder

7. starting the swag container

8. adjusting "trusted_proxies" in the nextcloud config.php in /appdata/nextcloud/www/nextcloud/config to swag

 

Did I miss something?

 

I did almost the same, started by just changing name and repository, and then just renaming the app folder to swag

Everything seem to work but I can see differences between a new swag XML install and the old install

Example I have this in my "updated one" from the old one:

image.thumb.png.2555fb700da03c760de891ef6c7113d0.png

Which is from the old one, and I still have the old icon?

But everything works

 

Oh and I did apply the fix after running "Fix commen problems" for some config path.... (No errors anymore)

 

 

 

Share this post


Link to post
11 minutes ago, casperse said:

Which is from the old one, and I still have the old icon?

Same for me. I had 2048 already set in my old config and as shown in your screenshot it's the default value. Does the new SWAG template have a different value?

The icon for me also doesn't changed to the new one. Not a big deal.

Share this post


Link to post

Since you both also use nextcloud, how did you configure the X - Robots - Tag ? Do you have an entry for it in SWAG?

Share this post


Link to post
8 minutes ago, DockX said:

Since you both also use nextcloud, how did you configure the X - Robots - Tag ? Do you have an entry for it in SWAG?

I have it set to the below in the default file of nextcloud. Which is the default value.

Quote

add_header X-Robots-Tag none;

That is the only place I have it.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.