Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

In the other (incorrect) thread I was asked to check the A record. A DNS lookup shows it's ok.  I'm using dns-o-matic to keep dns host record up to date.

 

 

 

 

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

1 hour ago, dalben said:

I do have some dlink webcams that are exposed to the intraweb via the dlink myhome software but there is no port forwarding of 443 required for that.

I reckon that's the problem.  The dlink software, is it using https?  Might not have opened the ports but what about uPnP, may be doing it without you realising it?

1 hour ago, CHBMB said:

I reckon that's the problem.  The dlink software, is it using https?  Might not have opened the ports but what about uPnP, may be doing it without you realising it?

Doing some reading DLink are a bit vague on how the webcams make it to their server.  I'll deregister the cameras and see what happens when then.

Does anyone know how to add additional lop level domains after this docker app has been configured? ie example.com AND example.org. If any commands need to be run or scripts modified I can do that, just need a little direction. Thanks!

 

edit- I'm referring to the letsencrypt portion of this (not nginx)

Edited by harperbrett

Does anyone know how to add additional lop level domains after this docker app has been configured? ie example.com AND example.org. If any commands need to be run or scripts modified I can do that, just need a little direction. Thanks!
 
edit- I'm referring to the letsencrypt portion of this (not nginx)


This container only supports one domain.

You could redirect the org to the com, though, if they are pointing to the same web folder

Hello

Thanks for maintaining this wonderful docker.

I have a minecraft server running and use a tool called overview which creates a "google maps" like map. This tool runs on a ubuntu VM and outputs all files in a folder. Now to share that I'd like to use the nginx webserver. My question now is whats the best way to mount that folder within the docker to be able to share it?

Hello

Thanks for maintaining this wonderful docker.

I have a minecraft server running and use a tool called overview which creates a "google maps" like map. This tool runs on a ubuntu VM and outputs all files in a folder. Now to share that I'd like to use the nginx webserver. My question now is whats the best way to mount that folder within the docker to be able to share it?


Is the vm on unraid? You can probably do a 9p share in the vm, save into that folder and map that for this container
1 hour ago, aptalca said:

 


Is the vm on unraid? You can probably do a 9p share in the vm, save into that folder and map that for this container

 

No the VM runs on my esxi host on 192.168.178.201 and unraid is 192.168.178.200.

No the VM runs on my esxi host on 192.168.178.201 and unraid is 192.168.178.200.


Then you can cifs mount an unraid share in the vm and map that same folder to the docker container

nextcloud  need xmlreader and zip module,

can you add xmlreader and zip module?

thank you 

"apk add --update php7-xmlreader php7-zip" can not work in Letsencrypt ver:55

php has been updated to 7.14 I believe so a lot of dependencies have changed.

Sent from my LG-H815 using Tapatalk

Security question - what is more secure - using .htaccess for authentication or using each app built-in authentication?

 

Sent from my LG-K430 using Tapatalk

 

 

 

 

In my personal opinion, htpasswd with a fail2ban rule that prevents brute force attempts by banning after so many tries

 

On my company server, I even have a recidive rule set up so if any fail2ban rule does 3 10min bans in a 3hr period, they get banned for a week

 

 

In my personal opinion, htpasswd with a fail2ban rule that prevents brute force attempts by banning after so many tries
 
On my company server, I even have a recidive rule set up so if any fail2ban rule does 3 10min bans in a 3hr period, they get banned for a week
 
 

But isn't passing htpasswd for one site (using brute, social eng, whatever) opens up all your sites to the attacker?
Using every specific app built in authentication enables different passwords to different systems.
Or am I missing something?

Sent from my LG-K430 using Tapatalk

You can create a different .htpasswd for each service if you wish.  I think the main thing you're "missing" is that nginx's implementation of .htpasswd is likely to be far more secure than that of "app x" which is why I'd generally advocate the same as @aptalca

Sorry to bother you again...

I'm trying to run nextcloud in your nginx docker. When I try to access the site it would not open the site but would download the index.php file.

 

My nginx config: 

server {
    listen 80;
	server_name cloud.XXX.ch;

	return 301 https://$server_name$request_uri;
}

server {
	listen 443 ssl;
	server_name cloud.XXX.ch;
	root /config/www/cloud;
	index index.php index.html;
	access_log /var/log/nginx/cloud.example.com.access.log;
	error_log /var/log/nginx/cloud.example.com.error.log;
	
	client_max_body_size 0;
	underscores_in_headers on;

	ssl on;
	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

	ssl_stapling on;
	ssl_stapling_verify on;
	
	location / {
	    	proxy_headers_hash_max_size 512;
		proxy_headers_hash_bucket_size 64;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

		add_header Front-End-Https on;
		}
}

Can you find the reason behind this?

I don't understand what you're trying to do?

 

1.  Reverse proxy our Nextcloud container with this one?

2.  Install Nextcloud into this container?

 

If it's the first then wait for me to finish my guide.  If it's the 2nd then you're on your own, configuring nginx for each individual app people want to install is way beyond what we're able to support.  We support getting the container up and running. Advanced config is past that.

18 hours ago, CHBMB said:

I don't understand what you're trying to do?

 

1.  Reverse proxy our Nextcloud container with this one?

2.  Install Nextcloud into this container?

 

If it's the first then wait for me to finish my guide.  If it's the 2nd then you're on your own, configuring nginx for each individual app people want to install is way beyond what we're able to support.  We support getting the container up and running. Advanced config is past that.


Would have been the 2nd. Was hoping you've seen this problem before...


Would have been the 2nd. Was hoping you've seen this problem before...


You did not set up your php processor (php-fpm) in your config so nginx doesn't know what to do with it. It just serves it as is

Hello

I created letsencrypt  container with 3 different subdomains (pydio and nextcloud included). Then I followed latest article to run nextcloud behind nginx reverese proxy.

for nextcloud it is working

but with pydio (2 different config files)

it fails with :

SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown ....

 

I am wondering how you differ the subdomain keys? Because in keys folder is only a link to one folder mydomain.com

and in config file we have these lines each:

ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

do I have to do something different?

 

Thank

 

The keys work for all the subdomains you specify.  Your issue is reverse proxying pydio, which I have no experience of tbh.

Homer-S, can you include the rest of the error? A lot of the time that error is pointing out an incorrect IP but that part doesn't seem to be included here.


Sent from my iPad using Tapatalk

For anyone that wants to get this working with cloudflare enabled. First toggle your the cloud icon for you domains in the DNS section so that they are grey and DNS only is enabled. Then install Letsencrypt and generate your certs. Once that is done go back to cloudflare crypto section and change the SSL cert from flexible to full strict and wait for it to issue, its says it can take up to 24 hours but mine was done in about 20 minutes. After all has been completed and working fine toggle the clouds back to original setting in DNS in the cloudflare panel. 

6 hours ago, Malykai said:

Homer-S, can you include the rest of the error? A lot of the time that error is pointing out an incorrect IP but that part doesn't seem to be included here.

 

Sorry, for sure I can.

 

Quote

SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: XX.174.239.197, server: pydio.XX.myadress.de, request: "GET / HTTP/1.1", upstream: "https://192.168.100.10:84/", host: "pydio.XX.myadress.de"

 

 

Is there a way to check if all three subdomains are included in keys?

 

I found my mistake!!!

wrong:

proxy_pass https://192.168.100.10:84/;

correct:

proxy_pass http://192.168.100.10:84/;

 

That was the reason for SSL error

 

Thanks anyway

Edited by Homer-S

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.