May 14, 20179 yr Hello, after solving issues with Pydio I am facing strange things with a wordpress container which should be accessed similar. I am using same conf file as for pydio/nextcloud for wordpress. localhost access is working perfectly. if I am adding subdomain.myserver.de browsertools show me a address like this subdomain:90 90 is the port I want to forward to but I can not figure out why it is not using my proxy_pass http://192.168.100.10:90/; command? Does anybody has an idea what is wrong or a working nginx-rev-proxy-config for wordpress container? many thanks, and I am promising, after that my whole server is setup completely
May 14, 20179 yr 2 hours ago, Homer-S said: Hello, after solving issues with Pydio I am facing strange things with a wordpress container which should be accessed similar. I am using same conf file as for pydio/nextcloud for wordpress. localhost access is working perfectly. if I am adding subdomain.myserver.de browsertools show me a address like this subdomain:90 90 is the port I want to forward to but I can not figure out why it is not using my proxy_pass http://192.168.100.10:90/; command? Does anybody has an idea what is wrong or a working nginx-rev-proxy-config for wordpress container? many thanks, and I am promising, after that my whole server is setup completely Couple of things. Pydio others have been having trouble with so if you could post your config that may be helpful for others. Secondly, no way can I work out what the hell is going on with that wordpress container. Got a link to the container you're using?
May 15, 20179 yr He comes my Pydio config server { listen 443 ssl; server_name pydio.dyndns.myserver.com; root /config/www; index index.html index.htm index.php; access_log /config/log/nginx/access_pydio.log; error_log /config/log/nginx/error_pydio.log; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass http://192.168.1.11:84/; } } Now back to my wordpress issue. This is the official container from wordpress: docker run -it -d \ --name wordpress \ --restart=always \ -p 90:80 \ -e PUID=33 -e PGID=33 \ -e TZ=Europe/Berlin \ -v /docker/data/wordpress:/var/www/html \ wordpress it is working with local ip 192.168.1.11:90 mariadb is successfully set up with wordpress db if I am going to access it via nginx reverse proxy I am entering this https://subdomain.myserver.de and this is after a short time displayed in url bar: subdomain:90 and a "server not found" page appears. this is my wordpress config file: server { listen 443 ssl; server_name wordpress.dyndns.myserver.com; root /config/www; index index.html index.htm index.php; access_log /config/log/nginx/access_wordpress.log; error_log /config/log/nginx/error_wordpress.log; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass http://192.168.1.11:90/; } }
May 15, 20179 yr This is the Unraid forum. We only support Unraid stuff here, as they're hosting it. We've got our own forums for other operating systems and IRC. I'll take a look at Wordpress when I get a minute.
May 17, 20179 yr Hi! I´m trying to use this nice container but it kills itself because of an error right after start Failed authorization procedure. xxx.4irc.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested Does any1 have a tipp for me? I´ve entered "4irc.com" in the domain field of the template and xxx into the subdomain field. I´ve also set only subdomains to true. Thx! b0mb
May 17, 20179 yr I could be mistaken but I can't find an A record for your sub domain...https://mxtoolbox.com/SuperTool.aspx?action=a%3axxx.4irc.com&run=toolpageI would make sure you can lookup your sub domain then try restarting letsencrypt so it can try again.Sent from my iPad using Tapatalk
May 17, 20179 yr The XXX was just a placeholder ... The domain it's listed on the site you've posted Gesendet von meinem Redmi Note 3 mit Tapatalk
May 17, 20179 yr I was hoping it wasn't that simple and should have done some more checking before I posted and went to bed lol. 4irc.com is just a dynamic dns service? If that is the case I believe you would use xxx.4irc.com as the domain with no sub domain for it?
May 17, 20179 yr 2 hours ago, Malykai said: I was hoping it wasn't that simple and should have done some more checking before I posted and went to bed lol. 4irc.com is just a dynamic dns service? If that is the case I believe you would use xxx.4irc.com as the domain with no sub domain for it? Got it working now Port 443 was in use fore remote service of my router... changed the port now and forwarded 443 to the unraid server
May 17, 20179 yr Remote access of a router should be banished in my opinion. One of the parts of my network I'll never expose to any form of remote admin....
May 17, 20179 yr Just now, CHBMB said: Remote access of a router should be banished in my opinion. One of the parts of my network I'll never expose to any form of remote admin.... you might be right
May 17, 20179 yr 1 hour ago, CHBMB said: Remote access of a router should be banished in my opinion. One of the parts of my network I'll never expose to any form of remote admin.... Keys to the kingdom. The router is the only thing keeping the baddies out, yet tends to be one of the least maintained pieces of equipment. I've migrated to pfsense, at least I can be reasonably sure it's being updated in a timely fashion, unlike netgear, linksys, etc.
May 18, 20179 yr Hello, another question (not related to reverse proxying I received an email from letsencrypt that my man URI will expire within 9 days. I exec then letsencrypt container with bash /app/le-renew.sh by hand and it tells me The following certs are not due for renewal yet: /path/path/path/fullchain.pem The option subdomain only is set to false. Do you have any idea?
May 18, 20179 yr Hello, another question (not related to reverse proxying [emoji4] I received an email from letsencrypt that my man URI will expire within 9 days. I exec then letsencrypt container with bash /app/le-renew.sh by hand and it tells me The following certs are not due for renewal yet: /path/path/path/fullchain.pem The option subdomain only is set to false. Do you have any idea?The email is for a cert that is no longer used. You likely reinstalled this container and deleted the old appdata without revoking the old certs. Nothing to worry about. Letsencrypt lets you get multiple certs for the same domain without revoking the old ones (albeit with limits on number and frequency)
May 26, 20179 yr On 4/18/2017 at 5:57 PM, heytcass said: Hey guys, I've been banging my head against the wall trying to get this going. But I'm having a bear of a time. I checked in the logs and found a couple errors: certbot: error: argument --cert-path: No such file or directory and Detail: Failed to connect to 192.64.119.116:443 for tls-sni-01 I have ports 443 and 80 passed to 81 on my unRAID box, so that shouldn't be an issue. Is there a way to test that those are going through fine? Any thoughts? Thanks in advance. I have this same issue and have not been able to figure it out how to fix it?
May 26, 20179 yr 12 hours ago, CHBMB said: Or DNS is not correct. Sent from my LG-H815 using Tapatalk Dang it - you are right. I just checked my Alias in the firewall and I typo'd the IP address now it shows it up and running. Thx. Edited May 26, 20179 yr by StanC
May 29, 20179 yr FOUND MY FIX! It was issue of not knowing NGINX very well and I've learned a lot more. The correct usage should be: server { listen 443 ssl; server_name shaarli.domain.com; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers xxxxxxxxxxxxxx; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { proxy_pass http://192.168.1.1:8383; add_header X-Frame-Options "ALLOW-FROM https://domain.com/"; } } -----------------------------------------------(Original Post)----------------------------- OK - so I'm not sure if I have a letsencrypt issue or if I'm just unsure of how to make nginx work. I've been working with a new docker called Shaarli, which is interesting, but Shaarli's chrome extension keeps getting blocked due to x-frame headers being denied. One of the comments on the Shaarli Chrome plugin noted: Quote I had the same issue. Traced the problem to the fact that my Shaarli server (running nginx) had "add x-frame-options DENY" set. I needed to set the nginx settings to not add that header, in order for this chrome extension to load the shaarli interface. So I ran through what I could on Google and generally failed. Currently, I've added: server { listen 443 ssl; server_name shaarli.domain.com; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'xxxxxxxxxxxxxxxxxx'; ssl_prefer_server_ciphers on; add_header X-Frame-Options SAMEORIGIN; client_max_body_size 0; location / { proxy_pass http://192.168.1.1:8383; } } However, I've also tried changing that X-Frame-Options to ALLOW-FROM https://domain.com/ and ALLOW-FROM https://shaarli.domain.com/ Both of those options keep generating an error in the docker and don't allow access to the webpage. First, is my issue with the docker since it won't start with that "ALLOW-FROM" option? Or do I need to keep learning nginx? Second, anyone have a good idea? Thank you! Edited May 30, 20179 yr by noja
May 29, 20179 yr Hi Guys, I'm trying to initially power the docker container but its giving me the error: Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the cert. certbot: error: argument --cert-path: No such file or directory Generating new certificate WARNING: The standalone specific supported challenges flag is deprecated. any ideas ?
May 29, 20179 yr harmless, mentioned a few days ago if you look back.Sent from my LG-H815 using Tapatalk
May 30, 20179 yr This looks very promising. I'm completely new to Nginx and reverse proxy. I have a static ip at my ISP and have my own domain name. Can you guys recommend any reading material/Guides to learn how to set up reverse proxy. As I understand it when I have a static ip a DDNS is obsolete. Currently my domain's DNS is hosted at Cloudflare with only DNS activated. Can someone if possible briefly explain or link to an article or guide etc on what to add on my domains DNS record (how it works). I assume DNS A records pointing to my public ip. Thanks in advance Which DNS would you guys recommend im only using Google for business and reverse proxy through this docker As followup to my original question every application this docker need to make reverse proxy is hosted in containers on my unraid machine Edited May 30, 20179 yr by fc0712
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.