wayner Posted June 9, 2017 Share Posted June 9, 2017 Is anyone able to get reverse proxying working for the Unifi docker? I have this working for other dockers but not for Unifi. From my LAN, before trying reverse proxying, hitting http://tower:8080 or https://tower:8443 will redirect to https://tower:8443/manage/account/login?redirect=%2Fmanage. When I try the following in my default file I will get a 404 error from Apache Tomcat. location ^~ /unifi { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.99:8080; } Same thing when I try location ^~ /unifi { include /config/nginx/proxy.conf; proxy_pass https://192.168.1.99:8443 } I also tried both of the above with trailing slashes after unifi. Any ideas on how to get this working? Quote Link to comment
aptalca Posted June 9, 2017 Share Posted June 9, 2017 Is anyone able to get reverse proxying working for the Unifi docker? I have this working for other dockers but not for Unifi. From my LAN, before trying reverse proxying, hitting http://tower:8080 or https://tower:8443 will redirect to https://tower:8443/manage/account/login?redirect=%2Fmanage. When I try the following in my default file I will get a 404 error from Apache Tomcat. location ^~ /unifi { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.99:8080; } Same thing when I try location ^~ /unifi { include /config/nginx/proxy.conf; proxy_pass https://192.168.1.99:8443 } I also tried both of the above with trailing slashes after unifi. Any ideas on how to get this working? Base url to root reverse proxy often causes issues. Try the subdomain method. Or see if there is a way to have unifi use a base url as well Quote Link to comment
wayner Posted June 9, 2017 Share Posted June 9, 2017 What's the subdomain method? I did have to change rutorrent to use a base url of /rutorrent/ rather than the root but I don't know if that can be changed with the Unifi controller. It doesn't seem to have a nginx.conf file the way that rutorrent did. Quote Link to comment
aptalca Posted June 9, 2017 Share Posted June 9, 2017 Check the end of the default config file. There is a sample Quote Link to comment
truetype Posted June 10, 2017 Share Posted June 10, 2017 (edited) I have a complete working setup today with my domain.com, and I got nextcloud.domain.com. How do I add another subdomain? Like foobar.domain.com? Can I do this with a certbot command? ~TrueType Edited June 10, 2017 by truetype Quote Link to comment
CHBMB Posted June 10, 2017 Share Posted June 10, 2017 26 minutes ago, truetype said: I have a complete working setup today with my domain.com, and I got nextcloud.domain.com. How do I add another subdomain? Like foobar.domain.com? Can I do this with a certbot command? ~TrueType Just edit the template and add it in. Quote Link to comment
truetype Posted June 10, 2017 Share Posted June 10, 2017 Just now, CHBMB said: Just edit the template and add it in. I tried that but got a lot of errors in the log and the docker shutdown itself. Quote Link to comment
CHBMB Posted June 10, 2017 Share Posted June 10, 2017 11 minutes ago, truetype said: I tried that but got a lot of errors in the log and the docker shutdown itself. It should work, but seeing as you haven't posted the logs or any screenshots of your setup or the docker run command, can't really help. Quote Link to comment
truetype Posted June 10, 2017 Share Posted June 10, 2017 5 hours ago, CHBMB said: It should work, but seeing as you haven't posted the logs or any screenshots of your setup or the docker run command, can't really help. I am sorry, here comes the log for docker. Notice that every subdomain worked before, until I added home.domain.com. ------------------------------------- _ _ _ | |___| (_) ___ | / __| | |/ _ \ | \__ \ | | (_) | |_|___/ |_|\___/ |_| Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d www.domain.com -d nextcloud.domain.com -d couchpotato.domain.com -d sickbeard.domain.com -d muxi.domain.com -d guacamole.domain.com -d sabnzbd.domain.com -d plexpy.domain.com -d home.domain.com Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created Saving debug log to /var/log/letsencrypt/letsencrypt.log An unexpected error occurred: The request message was malformed :: Certificate already revoked Please see the logfiles in /var/log/letsencrypt for more details. Generating new certificate WARNING: The standalone specific supported challenges flag is deprecated. Please use the --preferred-challenges flag instead. Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for domain.com tls-sni-01 challenge for www.domain.com tls-sni-01 challenge for nextcloud.domain.com tls-sni-01 challenge for couchpotato.domain.com tls-sni-01 challenge for sickbeard.domain.com tls-sni-01 challenge for muxi.domain.com tls-sni-01 challenge for guacamole.domain.com tls-sni-01 challenge for sabnzbd.domain.com tls-sni-01 challenge for plexpy.domain.com tls-sni-01 challenge for home.domain.com Waiting for verification... Cleaning up challenges Failed authorization procedure. guacamole.domain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to XX.XXX.XXX.XXX:443 for tls-sni-01 challenge IMPORTANT NOTES: - The following errors were reported by the server: Domain: guacamole.domain.com Type: connection Detail: Failed to connect to XX.XXX.XXX.XXX:443 for tls-sni-01 challenge To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. /var/run/s6/etc/cont-init.d/50-config: line 108: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. And after this I try to go back to the template and delete "home" in order to get back to as it were. But then the log looks like this. ------------------------------------- _ _ _ | |___| (_) ___ | / __| | |/ _ \ | \__ \ | | (_) | |_|___/ |_|\___/ |_| Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d www.domain.com -d nextcloud.domain.com -d couchpotato.domain.com -d sickbeard.domain.com -d muxi.domain.com -d guacamole.domain.com -d sabnzbd.domain.com -d plexpy.domain.com Generating new certificate WARNING: The standalone specific supported challenges flag is deprecated. Please use the --preferred-challenges flag instead. Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for domain.com tls-sni-01 challenge for www.domain.com tls-sni-01 challenge for nextcloud.domain.com tls-sni-01 challenge for couchpotato.domain.com tls-sni-01 challenge for sickbeard.domain.com tls-sni-01 challenge for muxi.domain.com tls-sni-01 challenge for guacamole.domain.com tls-sni-01 challenge for sabnzbd.domain.com tls-sni-01 challenge for plexpy.domain.com Waiting for verification... Cleaning up challenges Failed authorization procedure. plexpy.domain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to XX.XXX.XXX.XXX:443 for tls-sni-01 challenge IMPORTANT NOTES: - The following errors were reported by the server: Domain: plexpy.domain.com Type: connection Detail: Failed to connect to XX.XXX.XXX.XXX:443 for tls-sni-01 challenge To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. /var/run/s6/etc/cont-init.d/50-config: line 108: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. In order to get it working as it was before, I have to delete the letsencrypt folder in Appdata and replace it with my backup which I luckily did right before I tried to add home in the template. Quote Link to comment
CHBMB Posted June 10, 2017 Share Posted June 10, 2017 Looks to me like your DNS is out of date, a backup will work as if the certs are valid it won't attempt to recertify, look at these lines here. It tells you what is wrong. Failed authorization procedure. guacamole.domain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to XX.XXX.XXX.XXX:443 for tls-sni-01 challenge Failed authorization procedure. plexpy.domain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to XX.XXX.XXX.XXX:443 for tls-sni-01 challenge Quote Link to comment
truetype Posted June 10, 2017 Share Posted June 10, 2017 (edited) 7 minutes ago, CHBMB said: Looks to me like your DNS is out of date, a backup will work as if the certs are valid it won't attempt to recertify, look at these lines here. It tells you what is wrong. Failed authorization procedure. guacamole.domain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to XX.XXX.XXX.XXX:443 for tls-sni-01 challenge Failed authorization procedure. plexpy.domain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to XX.XXX.XXX.XXX:443 for tls-sni-01 challenge Ok, but that's really strange because my other subdomains are configured all the same with A-records at my domain provider, and it gave no errors when I did it for the first time yesterday. You think I should just delete the A-records and readd them again and see if that solves it? Edited June 10, 2017 by truetype Quote Link to comment
CHBMB Posted June 10, 2017 Share Posted June 10, 2017 Post your docker run command for me. Quote Link to comment
truetype Posted June 10, 2017 Share Posted June 10, 2017 (edited) 6 minutes ago, CHBMB said: Post your docker run command for me. Please look at the screenshot I took before. Edited June 10, 2017 by truetype Quote Link to comment
CHBMB Posted June 10, 2017 Share Posted June 10, 2017 6 minutes ago, truetype said: Please look at the screenshot I took before. You using Cloudflare? Quote Link to comment
truetype Posted June 10, 2017 Share Posted June 10, 2017 (edited) 2 minutes ago, CHBMB said: You using Cloudflare? Nope, no Cloudflare, just straight to the domain. Edited June 10, 2017 by truetype Quote Link to comment
truetype Posted June 11, 2017 Share Posted June 11, 2017 1 hour ago, CHBMB said: You using Cloudflare? If anyone else out there sees this. CHBMB and I tried alot of different approaches and finally solved it by reinstalling it completely. Quote Link to comment
ebnerjoh Posted June 12, 2017 Share Posted June 12, 2017 Hi, I have now installed LetsEncrpyt and Nextcloud on my UnRaid installation following the instruction here. I have 2 questions: 1) When i connect to "cloud.domain.at" from my internal Subnet, then the URL is rewritten to "https://cloud.domain.at". If I do the same from public, then I am getting "https://_" in my url field and an error message "ERR_NAME_NOT_RESOLVED".. 2) Can I use the same NextCloud and LetsEncrypt Docker installation with two different Domains? I have a private domain and I am also supporting an NGO with a seperate domain. Br, Johannes Quote Link to comment
aptalca Posted June 12, 2017 Share Posted June 12, 2017 Hi, I have now installed LetsEncrpyt and Nextcloud on my UnRaid installation following the instruction here. I have 2 questions: 1) When i connect to "cloud.domain.at" from my internal Subnet, then the URL is rewritten to "https://cloud.domain.at". If I do the same from public, then I am getting "https://_" in my url field and an error message "ERR_NAME_NOT_RESOLVED".. 2) Can I use the same NextCloud and LetsEncrypt Docker installation with two different Domains? I have a private domain and I am also supporting an NGO with a seperate domain. Br, Johannes1) post your site config and we'll take a look. Likely you have a faulty url rewrite2) letsencrypt will only work with one, but you can use both of them in nginx through creating separate server blocks in the site config Quote Link to comment
ebnerjoh Posted June 12, 2017 Share Posted June 12, 2017 Hi, Here is the Site-Conf: server { listen 443 ssl; server_name cloud.my-domain.at; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie▒..Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA- AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA -AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:! aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://192.168.1.252:443; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } } 192.168.1.252 is the nextcloud docker. This docker is installed with "Host = none" and running on a dedicated IP (like LetsEncrypt as well). Ad 2) "letsencrypt will only work with one, but you can use both of them in nginx through creating separate server blocks in the site config" What does this mean? I can use reverseproxy with two domains but not SSL? Quote Link to comment
aptalca Posted June 12, 2017 Share Posted June 12, 2017 Hi, Here is the Site-Conf: server { listen 443 ssl; server_name cloud.my-domain.at; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie▒..Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://192.168.1.252:443; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; }} 192.168.1.252 is the nextcloud docker. This docker is installed with "Host = none" and running on a dedicated IP (like LetsEncrypt as well). Ad 2) "letsencrypt will only work with one, but you can use both of them in nginx through creating separate server blocks in the site config" What does this mean? I can use reverseproxy with two domains but not SSL? I believe you need to modify the nextcloud site config to set the external domain. Letsencrypt in this docker image is set to work with one domain only. You can use two domains with this container as long as you do the cert retrieval and renewal manually for the second domain Quote Link to comment
ebnerjoh Posted June 12, 2017 Share Posted June 12, 2017 12 minutes ago, aptalca said: Letsencrypt in this docker image is set to work with one domain only. You can use two domains with this container as long as you do the cert retrieval and renewal manually for the second domain Manual Process is always bad... Then another question as I am new with UnRaid and Docker. I have a DSL with multiple static IP Adresses. Can I install the Letsencrypt Docker a second time with a different internal (+mapped external) IP Adress for my second domain? Br, Johannes Quote Link to comment
ebnerjoh Posted June 12, 2017 Share Posted June 12, 2017 (edited) 1 hour ago, ebnerjoh said: Manual Process is always bad... Then another question as I am new with UnRaid and Docker. I have a DSL with multiple static IP Adresses. Can I install the Letsencrypt Docker a second time with a different internal (+mapped external) IP Adress for my second domain? Br, Johannes Ok, I solved it by "TRial and Error". I setup a second LetsEncrypt Docker on a seperate internal IP with a seperate static public IP and forwarding the requests to the Nextcloud-Docker. The Nextcloud-Docker I am using for both domains. Just added both domains as "trusted domains" and it is working now. But I still have issues with an Apache Docker together with LetsEncrypt. I have already posted my configs on the apache thread: Linuxserver.io Apache Br, Johannes Edited June 12, 2017 by ebnerjoh Quote Link to comment
ebnerjoh Posted June 12, 2017 Share Posted June 12, 2017 Hi, Maybe I am thinking to complicated... So I try to explain again what I want to achieve with my public domain: 1) One Nextcloud installation 2) A Webserver Installation to host multiple other sites (e.g. wordpress, joomla,...) I have installed the nextcloud and the letsencrypt docker like described here in the thread. This is working like a charme. But now I am struggeling with the additional websites. So now questions: 1) As I have already running LetsEncrypt do I then need another apache docker or could I use the letsencrpyt docker for presenting wordpress and joomla? 2) If yes, how does a simple config looks like to catch subdomain.domain.com and point to the webspace /www/subdomain ? Br, Johannes Quote Link to comment
CHBMB Posted June 13, 2017 Share Posted June 13, 2017 I'm not exactly clear on what you want to accomplish. Is it 1. nextcloud.server.com, wordpress.server.com, joomla.server.com? 2. nextcloud.server.com, wordpress.server1.com, joomla.server2.com? The first is possible, the second is not.... Quote Link to comment
ebnerjoh Posted June 13, 2017 Share Posted June 13, 2017 1 minute ago, CHBMB said: I'm not exactly clear on what you want to accomplish. Is it 1. nextcloud.server.com, wordpress.server.com, joomla.server.com? 2. nextcloud.server.com, wordpress.server1.com, joomla.server2.com? The first is possible, the second is not.... nextcloud.server.com --> letsencrypt-docker --> nextcloud-docker (already working) wordpress.server.com --> letsencrypt-docker joomla.server.com --> letsencrypt-docker or alternativaly nextcloud.server.com --> letsencrypt-docker --> nextcloud-docker (already working) wordpress.server.com --> letsencrypt-docker --> apache-docker joomla.server.com --> letsencrypt-docker --> apache-docker Br, Johannes Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.