[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


5529 posts in this topic Last Reply

Recommended Posts

4 hours ago, saarg said:

It's better to copy the text and add it as code in the post. That way it's easier to read and you can redact your mail and URL.

The easiest way is to mark the text, copy it and add it as code.

You post all the configs that you changed. We can't know which ones you changed.

 

I edited the post above removing the screen shots and redoing with copy/paste of the command info but I'll add it here as well. But I'm not sure how to do the config files. I'm going into Krusader and going to a file but when I copy it then try to paste it here in the </> code box, it wont paste. Is there a better way to do them? Can I somehow download the file and then upload it into the forum post?

 

SWAG....

Command:

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='swag' --net='proxynet' -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'EMAIL'='stephen@mywebsite.com' -e 'URL'='mywebsite.com' -e 'SUBDOMAINS'='ombi,server,sonarr,radarr,lidarr,nextcloud,sabnzbd,nzbget,plex' -e 'ONLY_SUBDOMAINS'='true' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'EXTRA_DOMAINS'='' -e 'STAGING'='false' -e 'DUCKDNSTOKEN'='' -e 'PROPAGATION'='' -e 'PUID'='99' -e 'PGID'='100' -p '180:80/tcp' -p '1443:443/tcp' -v '/mnt/user/appdata/swag':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/swag'

76457241e9b946d99184a4254b3963fe78876f13c10d23e0fed380eb7a8ceb4e

The command finished successfully!

 

 

Heimdall.....

Command:root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='heimdall' --net='proxynet' -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'PUID'='99' -e 'PGID'='100' -p '280:80/tcp' -p '2443:443/tcp' -v '/mnt/user/appdata/heimdall':'/config':'rw' 'linuxserver/heimdall'

773977f9c74aa209781671d43f3d93c6b6200b45132fc58ae73bc2f27b1402cb

Edited by SPOautos
Link to post
  • Replies 5.5k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

Application Name: SWAG - Secure Web Application Gateway Application Site:  https://docs.linuxserver.io/general/swag Docker Hub: https://hub.docker.com/r/linuxserver/swag Github: https:/

There is a PR just merged, it will be in next Friday's image, and will let you append php.ini via editing a file in the config folder   If you want to see how the sausage is made: https://gi

Posted Images

19 hours ago, saarg said:

It's better to copy the text and add it as code in the post. That way it's easier to read and you can redact your mail and URL.

The easiest way is to mark the text, copy it and add it as code.

You post all the configs that you changed. We can't know which ones you changed.

Hope you dont mind that I have the command lines and these files on seperate posts. 

 

I'm not sure what to do with the config files since it wouldnt let me copy/paste so I am just uploading them, does that work?  Please let me know if you would like me to get them in here a different way.  I dont think I actually changed anything in these except In a heimdall file I made the url "server"@myurl.com instead of heimdall@myurl.com.... but I have noticed that in Heimdall files and Swag files they both point to port 80 and 443 eventhough I changed ports in the templates so they would be different. Could this be why they are 'overlapping' and Heimdall shows up when I select the Swag gui?

 

Also, something else is that in my router, my main internet IP address that shows up.....if I go to a browser without being on my local network (I did it over cellular) and type in that router internet ip address, it takes me to my Heimdall page. Same with my routers Dynamic DNS, if I type it in on a browser over cellular it also goes to my Heimdall page.  I realized this because I have been trying to set up a PPTP vpn in my router using the dynamic dns and it doesnt seem to be working and I think this is why....because its going to my Heimdall page. I'm not positive if that is causing the vpn issue, but I stumbled on all of this with heimdall and swag while trying to figure out why my router is directing to heimdall.....maybe it should do that because of reverse proxy and all that, I do not really know.

 

I havent done much more than use email and a browser on a windows pc in 20 years.....so honestly I'm suprised I've made it this far with this project....its only because of awesome people like you and old posts here on the forum, and SpaceInvader videos that I have all this going and working on a box I actually put together myself.....its pretty amazing! I appreciate the help!

 

 

heimdall nginx.conf heimdall site confs swag nginx site confs

Edited by SPOautos
Link to post

How do you get wildcard certs for additional domains? I've set EXTRA_DOMAINS="*.domain2.com", but a wildcard cert is only created for the URL primary domain. Under /etc/letsencrypt/live is only one folder which is for the primary domain.

URL=domain1.com
SUBDOMAINS=wildcard
EXTRA_DOMAINS=*.domain2.com
ONLY_SUBDOMAINS=false
VALIDATION=dns
DNSPLUGIN=cloudflare
EMAIL=me@gmail.com

I've also tried setting EXTRA_DOMAINS=domain2.com,*.domain2.com, but it didn't make any difference.

 

Edit: Nevermind, my mistake. The certificate created is valid for both domains! And when I provide it as EXTRA_DOMAINS=domain2.com,*.domain2.com the certificate works for the root as well.

Edited by vonpelz
Link to post
8 hours ago, vonpelz said:

How do you get wildcard certs for additional domains? I've set EXTRA_DOMAINS="*.domain2.com", but a wildcard cert is only created for the URL primary domain. Under /etc/letsencrypt/live is only one folder which is for the primary domain.


URL=domain1.com
SUBDOMAINS=wildcard
EXTRA_DOMAINS=*.domain2.com
ONLY_SUBDOMAINS=false
VALIDATION=dns
DNSPLUGIN=cloudflare
EMAIL=me@gmail.com

I've also tried setting EXTRA_DOMAINS=domain2.com,*.domain2.com, but it didn't make any difference.

 

Edit: Nevermind, my mistake. The certificate created is valid for both domains! And when I provide it as EXTRA_DOMAINS=domain2.com,*.domain2.com the certificate works for the root as well.

There is only ever one cert generated with this image and it contains all the names as SANs

Link to post
On 10/16/2020 at 2:15 AM, SPOautos said:

Hope you dont mind that I have the command lines and these files on seperate posts. 

 

I'm not sure what to do with the config files since it wouldnt let me copy/paste so I am just uploading them, does that work?  Please let me know if you would like me to get them in here a different way.  I dont think I actually changed anything in these except In a heimdall file I made the url "server"@myurl.com instead of heimdall@myurl.com.... but I have noticed that in Heimdall files and Swag files they both point to port 80 and 443 eventhough I changed ports in the templates so they would be different. Could this be why they are 'overlapping' and Heimdall shows up when I select the Swag gui?

 

Also, something else is that in my router, my main internet IP address that shows up.....if I go to a browser without being on my local network (I did it over cellular) and type in that router internet ip address, it takes me to my Heimdall page. Same with my routers Dynamic DNS, if I type it in on a browser over cellular it also goes to my Heimdall page.  I realized this because I have been trying to set up a PPTP vpn in my router using the dynamic dns and it doesnt seem to be working and I think this is why....because its going to my Heimdall page. I'm not positive if that is causing the vpn issue, but I stumbled on all of this with heimdall and swag while trying to figure out why my router is directing to heimdall.....maybe it should do that because of reverse proxy and all that, I do not really know.

 

I havent done much more than use email and a browser on a windows pc in 20 years.....so honestly I'm suprised I've made it this far with this project....its only because of awesome people like you and old posts here on the forum, and SpaceInvader videos that I have all this going and working on a box I actually put together myself.....its pretty amazing! I appreciate the help!

 

 

heimdall nginx.conf 1.63 kB · 2 downloads heimdall site confs 1.04 kB · 1 download swag nginx site confs 4.06 kB · 1 download

There is nothing wrong in those files that I can see. Doesn't look like you have changed anything. Which address are you using when you get the issue?

Try clearing your browser cache.

You have hidden the address/IP you used in your first screenshot, but I can see you are using port 1443. If you have a domain you don't use the port after the domain. If you have been using the IP of your server, there is no need to redact it as it's an internal IP.

Link to post
3 hours ago, saarg said:

There is nothing wrong in those files that I can see. Doesn't look like you have changed anything. Which address are you using when you get the issue?

Try clearing your browser cache.

You have hidden the address/IP you used in your first screenshot, but I can see you are using port 1443. If you have a domain you don't use the port after the domain. If you have been using the IP of your server, there is no need to redact it as it's an internal IP.

Thank You for looking.....so funny the timing, I was just fixing to post something. I was looking in the SWAG log (the log in the dockers tab) and it says this in it..... Could this be some kind of issue? I went to that url but its over my head, I have no idea what its talking about.

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

 

 

 

The main ip address of my router is 24.178.85.225 and if you type that into a browser it goes to my Heindall page. Same thing if you type in my Dynamic DNS which is whiteunraid.tplinkdns.com I was told on the Heimdall thread that it shouldnt do that and it seems like I have the settings correct so I'm thinking it has something to do with Swag redirecting it or something.

 

In my router the port forwarding is setup with the Unraid server ip address with external port 80 and internal port 180 and another one external port 443 and internal port 1443. Then In the Swag template I used port 180 and 1443.  I also have swag and heimdall both setup in their templates with the same custom named network type....IS that all correct???

Edited by SPOautos
Link to post
9 hours ago, SPOautos said:

Thank You for looking.....so funny the timing, I was just fixing to post something. I was looking in the SWAG log (the log in the dockers tab) and it says this in it..... Could this be some kind of issue? I went to that url but its over my head, I have no idea what its talking about.

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

 

 

 

The main ip address of my router is 24.178.85.225 and if you type that into a browser it goes to my Heindall page. Same thing if you type in my Dynamic DNS which is whiteunraid.tplinkdns.com I was told on the Heimdall thread that it shouldnt do that and it seems like I have the settings correct so I'm thinking it has something to do with Swag redirecting it or something.

 

In my router the port forwarding is setup with the Unraid server ip address with external port 80 and internal port 180 and another one external port 443 and internal port 1443. Then In the Swag template I used port 180 and 1443.  I also have swag and heimdall both setup in their templates with the same custom named network type....IS that all correct???

The lua error have been answered a couple of hundred times already in this thread and is harmless.

 

You get the Heimdall page because you have configured it this way. Bit it's hard to troubleshoot this as you can't say what you have done. I would just start from scratch and set it up again and then note what you are doing while you are following the guide. That way we are able to help.

Link to post

hi, i got a problem while setting up this container.

I cant see the problem, i think it is something about the portforward. I just cannot figure out what.

I have attached the log form the docker menu, a screendump of my port forward and a screendump of my port assignment to the docker container.

 

I hope someone can help me getting this up and running

Udklip port forward.JPG

Udklip port assignment docker.JPG

docker log swag.txt

Link to post
1 hour ago, zanion said:

hi, i got a problem while setting up this container.

I cant see the problem, i think it is something about the portforward. I just cannot figure out what.

I have attached the log form the docker menu, a screendump of my port forward and a screendump of my port assignment to the docker container.

 

I hope someone can help me getting this up and running

Udklip port forward.JPG

Udklip port assignment docker.JPG

docker log swag.txt 3.68 kB · 0 downloads

You don't own duckdns, do you? You have to set the domain to whatever username you created at duckdns also. Not only duckdns.org.

Link to post
On 10/17/2020 at 5:50 PM, SPOautos said:

Thank You for looking.....so funny the timing, I was just fixing to post something. I was looking in the SWAG log (the log in the dockers tab) and it says this in it..... Could this be some kind of issue? I went to that url but its over my head, I have no idea what its talking about.

 

nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

 

 

 

The main ip address of my router is 24.178.85.225 and if you type that into a browser it goes to my Heindall page. Same thing if you type in my Dynamic DNS which is whiteunraid.tplinkdns.com I was told on the Heimdall thread that it shouldnt do that and it seems like I have the settings correct so I'm thinking it has something to do with Swag redirecting it or something.

 

In my router the port forwarding is setup with the Unraid server ip address with external port 80 and internal port 180 and another one external port 443 and internal port 1443. Then In the Swag template I used port 180 and 1443.  I also have swag and heimdall both setup in their templates with the same custom named network type....IS that all correct???

 

I thought I might make a list of everything I did in setting up the reverse proxy and just make sure it all sounds like its in order.....

* I use a DuckDNS address that points to my routers internet ip address.

* I created a custom network for the reverse proxy

* I use a custom domain name and have CNAME's created for each app that is part of the reverse proxy network. The Cname is pointing to the DuckDNS address which in turn is pointing to the routers internet ip address.

* I changed the proxy config subdomain files names to remove sample from them for each app that i have using the reverse proxy network. (the only one that had the subfolder name changed was Heimdall but I have now deleted that one so that everything edited is only the subdomain files)

* In the template I have http port 180 and https port 1443 and in my router I have port forwards where external port 80 points to internal port 180 and the servers IP address......similarly external port 443 points to internal point 1443 and also uses the servers IP address.

 

Does that all sound correct?

Link to post
3 hours ago, SPOautos said:

 

I thought I might make a list of everything I did in setting up the reverse proxy and just make sure it all sounds like its in order.....

* I use a DuckDNS address that points to my routers internet ip address.

* I created a custom network for the reverse proxy

* I use a custom domain name and have CNAME's created for each app that is part of the reverse proxy network. The Cname is pointing to the DuckDNS address which in turn is pointing to the routers internet ip address.

* I changed the proxy config subdomain files names to remove sample from them for each app that i have using the reverse proxy network. (the only one that had the subfolder name changed was Heimdall but I have now deleted that one so that everything edited is only the subdomain files)

* In the template I have http port 180 and https port 1443 and in my router I have port forwards where external port 80 points to internal port 180 and the servers IP address......similarly external port 443 points to internal point 1443 and also uses the servers IP address.

 

Does that all sound correct?

Sounds correct. Does it work?

What I don't understand is the use of duckdns if you have your own domain. If your domain registrar doesn't support any dyndns, you can use cloudflare for free.

Link to post
7 hours ago, saarg said:

Sounds correct. Does it work?

What I don't understand is the use of duckdns if you have your own domain. If your domain registrar doesn't support any dyndns, you can use cloudflare for free.

 

Yea, domain registrar didnt let me create a dynamic dns....my router does but the url I'd get from tplink link is a tplink url so if I changed routers I might would lose it. So I just went with duckdns, its free also, and its what SpaceInvader walks people through in his video and I was following his video closely to make sure I did it all correct. I've watched his video several times and gone through all of my settings and I just don't see where its messed up.  But I have Heimdall showing up on the internet when you type in the WAN address online and apparently its not supposed to do that. I REALLY thought it was a issue with Swag since the reverse proxy settings include things like pointing a dynamic DNS to the WAN address. But I just dont know enough about all this stuff to diagnose it, I'm just following directions and it appears to all be set up right.

 

And yes, it all works....I have a rev proxy custom network with a Heimdall page at a custom url and 8 apps working through it. Everything seems to be working great except that one issue with the WAN ip. And I have suspected that it may be causing a issue related to me not being able to get a PPTP vpn connected to my router since it uses the routers dynamic DNS (which is pulling up my Heimdall page), but I dont KNOW that its the cause.

Edited by SPOautos
Link to post

I am trying to setup NextCloud with a domain name (I would prefer not using subdomains). I followed the spaceinvader one tutorial where he mentions using a domain name and I couldn't get Swag to redirect to nextcloud. I then tried following the linuxserver.io letsencrypt-nginx-starter-guide and had the same problem. Both times I inserted the domain name into where the subdomains would go and I would get the defaulting to a landing page created by the docker. Tried using NginxProxyManager and was able to get everything working but ran into other compatibility issues with setting up windows clients for nextcloud.

 

Is there anything in particular I need to do differently with just the domain name?

 

EDIT: I was able to get nextcloud working using the config files I have copied the nextcloud and swag configurations for the container and config files. I haven't found info for Nextcloud without sub-domains, and what I am doing is probably wrong but it works, so I am leaving this here to help the next person.

 

 

Swag config.txt Nextcloud config.txt

Edited by SDH500
Link to post
19 hours ago, saarg said:

You don't own duckdns, do you? You have to set the domain to whatever username you created at duckdns also. Not only duckdns.org.

I get the same problem if i do that, i have attached my configuration of swag. If i set only subdomain to true, then it will always look at the domain+subdomain as one unit. If i do as you suggest, then i have to set the only subdomain to false, then make my subdomain under the domain tab.

The problem is still the same.

image.thumb.png.4698aee39d60f04b521aa3e906e7852c.png

Link to post
1 hour ago, zanion said:

I get the same problem if i do that, i have attached my configuration of swag. If i set only subdomain to true, then it will always look at the domain+subdomain as one unit. If i do as you suggest, then i have to set the only subdomain to false, then make my subdomain under the domain tab.

The problem is still the same.

image.thumb.png.4698aee39d60f04b521aa3e906e7852c.png

You still have to use youruser.duckdns.org in the domain as you do not have control over duckdns.org. Subdomains are subdomain.youruser.duckdns.org.

If you only have one subdomain, you don't need that comma after it, but you shouldn't have anything there for now, unless you want subdomains also.

 

It might be that your ISP is blocking port 80. Go through this troubleshooting guide https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/

Link to post
4 hours ago, SPOautos said:

 

Yea, domain registrar didnt let me create a dynamic dns....my router does but the url I'd get from tplink link is a tplink url so if I changed routers I might would lose it. So I just went with duckdns, its free also, and its what SpaceInvader walks people through in his video and I was following his video closely to make sure I did it all correct. I've watched his video several times and gone through all of my settings and I just don't see where its messed up.  But I have Heimdall showing up on the internet when you type in the WAN address online and apparently its not supposed to do that. I REALLY thought it was a issue with Swag since the reverse proxy settings include things like pointing a dynamic DNS to the WAN address. But I just dont know enough about all this stuff to diagnose it, I'm just following directions and it appears to all be set up right.

 

And yes, it all works....I have a rev proxy custom network with a Heimdall page at a custom url and 8 apps working through it. Everything seems to be working great except that one issue with the WAN ip. And I have suspected that it may be causing a issue related to me not being able to get a PPTP vpn connected to my router since it uses the routers dynamic DNS (which is pulling up my Heimdall page), but I dont KNOW that its the cause.

I would just use duckdns then and not use tplink at all.

As I have said before, turn off swag and then see what happens if you go to the wan IP. If it still loads Heimdall, you have a port forwarding issue. If nothing loads, you have configured something in swag that makes Heimdall load.

 

PPTP does not use port 80, so it the problem with Heimdall is not the issue.

Edited by saarg
Link to post
I am trying to setup NextCloud with a domain name (I would prefer not using subdomains). I followed the spaceinvader one tutorial where he mentions using a domain name and I couldn't get Swag to redirect to nextcloud. I then tried following the linuxserver.io letsencrypt-nginx-starter-guide and had the same problem. Both times I inserted the domain name into where the subdomains would go and I would get the defaulting to a landing page created by the docker. Tried using NginxProxyManager and was able to get everything working but ran into other compatibility issues with setting up windows clients for nextcloud.
 
Is there anything in particular I need to do differently with just the domain name?
If you get swag web loading page the the proxy config isn't setup right passing NC. Be best to post pictures of swag proxy config

Sent from my Pixel 4 XL using Tapatalk

Link to post

hello guys, total noob here...

 

i followed SpaceInvaderOnes tutorials on youtube to create a certificate using duckdns.org and swag

i did it before on a ubuntu server, but on unraid everything fails.

i did exactly as he was telling:

 

- created proxynet

- created 3 domains on duckdns (let's say jelly.duckdns.org, nextcloud.duckdns.org and syncthing.duckdns.org)

- put my email adress

- duckdns.org is the domain name

- jelly,nextcloud,syncthing are the subdomains

- true only subdomains

- validation http

- duckdns token entered

 

on duckdns docker:

 

- jelly.duckdns.org (tried only jell, tried putting all 3, etc.)

- entered the token

 

tried many other ways with wildcards and such, still it's being refused...

i think the issue might be my router (port forwarding) but now i've already reached the limit of tries for this week :(

i attached a screenshot of my router setup, which again followed on youtube.

 

now i don't know if i should put 1443 or 443 on the swag docker... according to SpaceInvaderOne 1443 but that has already failed.

at the point of giving up unless someone has an idea what could be wrong. would be so glad if someone could help...

 

cheers guys

 

 

20201020_203748.jpg

Link to post

Hi,

First off I am a novice at any of this proxy network setup stuff with very little experience and understanding of what I am doing or what I am doing incorrectly, so please be patient (and if possible gentle) with your replies and comments. :)

 

So I followed the guides by @SpaceInvaderOne , namely these three below merged together, and set up everything using my own domain.

Video #1Video #2 & Video #3 (related to this docker). Testing with sonarr for starters.

 

I got server ready on the swag logs (pasted below):

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/Chicago
URL=mydomain.com
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
VALIDATION=dns
DNSPLUGIN=cloudflare
EMAIL=myemailaddress
STAGING=false

SUBDOMAINS entered, processing
Wildcard cert for only the subdomains of mydomain.com will be requested
E-mail address entered: myemailaddress here
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; starting nginx
Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,
and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key.
[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-renew: executing...
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[cont-init.d] 60-renew: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

Server ready
  • duckdns subdomain created 
  • duckdns container installed and running updating every 5 minutes
  • ports are forwarded, not sure if 80 needs to be forwarded for dns validation, but it is.
  • CNAMES are created on cloudflare and pointed to duckdns subdomain created above, and proxied
  • both dockers are on proxynet (docker network created for this)
  • config files are edited,
  • server is up and running and sonarr can be accessed locally.

But when I try to access

sonarr.mydomain.com

on chrome, I get the error 521 - webserver is down. 

1996575085_521_Webserverisdown.thumb.jpg.168b7aac46feb82f3083662bfefc0802.jpg

 

Can someone help tell me what I did wrong and how to correct this please?

 

Thanks,

Abhi

Edited by abhi.ko
Added a step that was missed earlier.
Link to post

Latest update to swag appears to have blocked secure access to all my installed dockers. I can access the dockers locally via http://IP address:port, but https://anydocker.mydomain.com asks for a user name and password, none of which are accepted and result in a "403 forbidden" error. Thinking it may be related to a previous htpasswd configuration, I reinstalled swag (copying over only the proxy-conf files I am using and the entire dns-conf directory to the new installation). Still no access. I don't have an .htaccess file in config/nginx. Where do I being to look for a fix? I am stumped.

Edited by madaroda
fixed a typo
Link to post
11 minutes ago, madaroda said:

Latest update to swag appears to have blocked secure access to all my installed dockers. I can access the dockers locally via http://IP address:port, but https://anydocker.mydomain.com asks for a user name and password, none of which are accepted and result in a "403 forbidden" error. Thinking it may be related to a previous htpasswd configuration, I reinstalled swag (copying over only the proxy-conf files I am using and the entire dns-conf directory to the new installation). Still no access. I don't have an .htaccess file in config/nginx. Where do I being to look for a fix? I am stumped.

go to each proxy.conf and # out 

 

 

# enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

 

Edited by H2O_King89
Link to post
18 hours ago, MMeirolas said:

hello guys, total noob here...

 

i followed SpaceInvaderOnes tutorials on youtube to create a certificate using duckdns.org and swag

i did it before on a ubuntu server, but on unraid everything fails.

i did exactly as he was telling:

 

- created proxynet

- created 3 domains on duckdns (let's say jelly.duckdns.org, nextcloud.duckdns.org and syncthing.duckdns.org)

- put my email adress

- duckdns.org is the domain name

- jelly,nextcloud,syncthing are the subdomains

- true only subdomains

- validation http

- duckdns token entered

 

on duckdns docker:

 

- jelly.duckdns.org (tried only jell, tried putting all 3, etc.)

- entered the token

 

tried many other ways with wildcards and such, still it's being refused...

i think the issue might be my router (port forwarding) but now i've already reached the limit of tries for this week :(

i attached a screenshot of my router setup, which again followed on youtube.

 

now i don't know if i should put 1443 or 443 on the swag docker... according to SpaceInvaderOne 1443 but that has already failed.

at the point of giving up unless someone has an idea what could be wrong. would be so glad if someone could help...

 

cheers guys

 

 

20201020_203748.jpg

 

Don't use duckdns.org as the domain. You don't own it. you need to use whateveruseryoucreated.duckdns.org as the domain and then the subdomains are subdomains.whateveruseryoucreated.duckdns.org

 

You might also have the port forwarding wrong. You need to forward port 80 also since you are doing http validation.

External port is 443 and internal port is 1443. Hard to say what you have in your screenshot as it's in german ;)

Also port forward external port 80 to whatever port you have on the swag container.

Link to post
On 10/20/2020 at 9:00 AM, saarg said:

You still have to use youruser.duckdns.org in the domain as you do not have control over duckdns.org. Subdomains are subdomain.youruser.duckdns.org.

If you only have one subdomain, you don't need that comma after it, but you shouldn't have anything there for now, unless you want subdomains also.

 

It might be that your ISP is blocking port 80. Go through this troubleshooting guide https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/

ok, as i said in the post before, the problem is the same. I have tried to make the config as you suggest, and i got the same error.

I have made a check on the ports, they are open.

Udklip swag config.JPG

docker log swag rev. 1.txt

Link to post
44 minutes ago, zanion said:

ok, as i said in the post before, the problem is the same. I have tried to make the config as you suggest, and i got the same error.

I have made a check on the ports, they are open.

Udklip swag config.JPG

docker log swag rev. 1.txt 2.69 kB · 0 downloads

What exactly did you do from the link I posted and what were the results?

You got to the nginx landing page using both http and https?

You did add your duckdns token?

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.