Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

Ok, so can you post your docker config?  Redact out your email address and domain name.

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

I am new with Unraid and Docker (since one week). 

 

I guess you mean the docker exec section which is displayed when installing or changing a docker within unraid and not the web-config-section?

 

If yes, where can I find how the docker was started without modifying the docker?

 

I know stupid questions... but I am learning.

Either would do, but edit the container, make a change to a parameter, add and delete a space and click apply.  

1 minute ago, CHBMB said:

Either would do, but edit the container, make a change to a parameter, add and delete a space and click apply.  

 

haha, sometimes it is too simple...

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="none" --privileged="true" -e TZ="Europe/Berlin" -e HOST_OS="unRAID" -e "EMAIL"="[email protected]" -e "URL"="my-domain.at" -e "SUBDOMAINS"="nextcloud,wordpress," -e "ONLY_SUBDOMAINS"="true" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -v "/mnt/user/appdata/letsencrypt":"/config":rw --network homenet --ip 192.168.1.250 linuxserver/letsencrypt
7febf75fc4495e72d6ab452387cd1c6fda9ebffb2f4bf23afdc89f1b1e8df271

 

Yes, this is clear. First I wanted to get wordpress working before going ahead with joomla.

 

The question is: How would the site-conf look like for Wordpress if the wordpress is in the "wordpress"-subdirectory of the www directory.

 

Br,

johannes

13 minutes ago, ebnerjoh said:

Yes, this is clear. First I wanted to get wordpress working before going ahead with joomla.

 

The question is: How would the site-conf look like for Wordpress if the wordpress is in the "wordpress"-subdirectory of the www directory.

 

Br,

johannes

 

Create a new file called wordpress in appdata/letsencrypt/nginx/site-confs/ then just use a copy of defaults and change the servername to wordpress.server.com after that it should be the same as any other nginx install of wordpress.

 

No success at all.

 

I made now the following tests:

 

1) Copied default to wordpress and changed servername and directory --> letsencrypt didnt start and got errormessage "duplicate default server"

2) removed default and moved wordpress to default --> got at least somehow the wordpress page but completley unformated

3) recovered original default and took the receipt and saved as wordpress. changed servername and directory and CGI part (as this is different to the letsencrypt-Docker). After accessing the site I am always getting the index.html from the /config/www, instead of /config/www/wordpress...

 

This is driving me crazy...

1 minute ago, ebnerjoh said:

After accessing the site I am always getting the index.html from the /config/www, instead of /config/www/wordpress...

 

You need to change the 

 

root /config/www;

to 

root /config/www/wordpress;

 

I have done this...

 

# Upstream to abstract backend connection(s) for php
upstream php {
        server unix:/tmp/php-cgi.socket;
        server 127.0.0.1:9000;
}

server {
        ## Your website name goes here.
        server_name wordpress.my-domain.at;
        ## Your only path reference.
        root /var/www/wordpress;
        ## This should be in your http block and if it is, it's not needed here.
        index index.php;

        ssl_certificate /config/keys/letsencrypt/fullchain.pem;
        ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
        ssl_dhparam /config/nginx/dhparams.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        location / {
                # This is cool because no php is touched for static content.
                # include the "?$args" part so non-default permalinks doesn't break when using query string
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                #include fastcgi.conf;
                #fastcgi_intercept_errors on;
                #fastcgi_pass php;
                #fastcgi_split_path_info ^(.+\.php)(/.+)$;
                # With php7-cgi alone:
                fastcgi_pass 127.0.0.1:9000;
                # With php7-fpm:
                #fastcgi_pass unix:/var/run/php7-fpm.sock;
                fastcgi_index index.php;
                include /etc/nginx/fastcgi_params;

        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
}

 

You can't just copy and paste the whole config.  You need to edit it to reflect your config.

 

Wordpress isn't in the root so location \ is wrong.  You need something like this.

 

location /wordpress {
        try_files $uri $uri/ /wordpress/index.php?$args;
}

location ~ \.php$ {
        fastcgi_split_path_info ^(/wordpress)(/.*)$;
}

I know that it's possible to do as I've done so in the past.  And get rid of that initial php block.

Edited by CHBMB

I just added the above to my default file, changed the root parameter, unzipped wordpress.

 

8EPoNPq.png

If you're serving a few different subdomains, you may even want to change the

root /config/www to something like
root/config/www/default

root /config/www/wordpress 
root /config/www/joomla

to avoid confusion between the directories and alter your directory structure as such

Hi,

 

This is my default "default" file:

# listening on port 80 disabled by default, remove the "#" signs to enable
# redirect all traffic to https
#server {
#       listen 80;
#       server_name _;
#       return 301 https://$host$request_uri;
#}

# main server block
server {
        listen 443 ssl default_server;

        root /config/www;
        index index.html index.htm index.php;

        server_name _;

        ssl_certificate /config/keys/letsencrypt/fullchain.pem;
        ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
        ssl_dhparam /config/nginx/dhparams.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;

        client_max_body_size 0;

        location / {
                try_files $uri $uri/ /index.html /index.php?$args =404;
        }

        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                # With php7-cgi alone:
                fastcgi_pass 127.0.0.1:9000;
                # With php7-fpm:
                #fastcgi_pass unix:/var/run/php7-fpm.sock;
                fastcgi_index index.php;
                include /etc/nginx/fastcgi_params;
        }

# sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
# notice this is within the same server block as the base
# don't forget to generate the .htpasswd file as described on docker hub
#       location ^~ /cp {
#               auth_basic "Restricted";
#               auth_basic_user_file /config/nginx/.htpasswd;
#               include /config/nginx/proxy.conf;
#               proxy_pass http://192.168.1.50:5050/cp;
#       }

}

# sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
# notice this is a new server block, you need a new server block for each subdomain
#server {
#       listen 443 ssl;
#
#       root /config/www;
#       index index.html index.htm index.php;
#
#       server_name cp.*;
#
#       ssl_certificate /config/keys/letsencrypt/fullchain.pem;
#       ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
#       ssl_dhparam /config/nginx/dhparams.pem;
#       ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
#       ssl_prefer_server_ciphers on;
#
#       client_max_body_size 0;
#
#       location / {
#               auth_basic "Restricted";
#               auth_basic_user_file /config/nginx/.htpasswd;
#               include /config/nginx/proxy.conf;
#               proxy_pass http://192.168.1.50:5050;
#       }
#}

 

Here is now my updated "wordpress" file:

server {
        ## Your website name goes here.
        server_name wordpress.my-domain.at;
        ## Your only path reference.
        root /var/www/wordpress;
        ## This should be in your http block and if it is, it's not needed here.
        index index.php;

        ssl_certificate /config/keys/letsencrypt/fullchain.pem;
        ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
        ssl_dhparam /config/nginx/dhparams.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        location /wordpress {
                # This is cool because no php is touched for static content.
                # include the "?$args" part so non-default permalinks doesn't break when using query string
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                #include fastcgi.conf;
                #fastcgi_intercept_errors on;
                #fastcgi_pass php;
                #fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_split_path_info ^(/wordpress)(/.*)$;
                # With php7-cgi alone:
                fastcgi_pass 127.0.0.1:9000;
                # With php7-fpm:
                #fastcgi_pass unix:/var/run/php7-fpm.sock;
                fastcgi_index index.php;
                include /etc/nginx/fastcgi_params;

        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
}

 

Still getting connected to the default index.html.

Call this file wordpress....

 

server {
        listen 80;
        server_name wordpress.server.com;
        return 301 https://server.com$request_uri;
}

server {

	listen 443 ssl;
	server_name wordpress.server.com;

	add_header Front-End-Https on;

	root /config/www/wordpress;
	index index.html index.htm index.php;

        ssl_certificate /config/keys/letsencrypt/fullchain.pem;
        ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
        ssl_dhparam /config/nginx/dhparams.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;

	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		# With php5-cgi alone:
		fastcgi_pass 127.0.0.1:9000;
		# With php5-fpm:
		#fastcgi_pass unix:/var/run/php5-fpm.sock;
		fastcgi_index index.php;
		include /etc/nginx/fastcgi_params;
	}
	
	location / {
        try_files $uri $uri/ /wordpress/index.php?$args;
	}

	location ~ \.php$ {
        fastcgi_split_path_info ^(/wordpress)(/.*)$;
	}
}

Easy.....

Edited by CHBMB

Hi,

 

Ok, one step ahead.

 

I can access the website now but it is not correctly formated.

It seems when using without SSL everything is correctly formated, but when using SSL then not...

 

I will send you the real link per PM. Maybe you have an idea?

 

Br,

Johannes

I've just tried the above and it's working fine,  try clearing your browser cache etc.

Many, many thanks again!

 

One last question: I tried to do a Media-Upload in Wordpress. It tells me that there is a 2MB Upload Limit. 

I guess this is set somewhere in nginx?

 

Br,

Johannes

1 hour ago, ebnerjoh said:

Many, many thanks again!

 

One last question: I tried to do a Media-Upload in Wordpress. It tells me that there is a 2MB Upload Limit. 

I guess this is set somewhere in nginx?

 

Br,

Johannes

 

 

In addition to my "upload_max_filesize" question I have now another question:

 

I want to run on my nginx-instance also phpmyadmin to configure my MySQL-DB. This website shouldnt be exposed to the public network.

If I store phpmyadmin to /config/www/phpmyadmin can I access it then via "https://internal-ip/phpmyadmin"? 

As it is internal I do not care about the certificate.

 

I guess this is working with "location" but to be honest, I still do not understand the concept of nginx.

 

I tried to add the following to my default site-conf:

 

        location /phpmyadmin {
				root /config/www/phpmyadmin;
                try_files $uri $uri/ /index.html /index.php?$args =404;
        }

but then I get the default page.

 

Br,

Johannes

12 hours ago, ebnerjoh said:

Many, many thanks again!

 

One last question: I tried to do a Media-Upload in Wordpress. It tells me that there is a 2MB Upload Limit. 

I guess this is set somewhere in nginx?

 

Br,

Johannes

 

Not sure, you sure it's not a setting in WP?

Hi,

 

Yes, this are PHP Settings. 

I found them already in the docker and changed them manually wth the disadvantage that I have to do this again after an update of the docker.

 

Br,

Johannes

Still having trouble with this.

THESE are my current domain settings.  I've tried having both 'www' and '@' before .mydomain.com and still noting.

This is my default config:

server {
    listen 443 ssl;
    
    root /config/www/unifi;
    index index.html index.htm index.php;
    
    server_name unifi.*;
    
    ssl_certificate LOCATION_REDACTED;    
    ssl_certificate_key LOCATION_REDACTED;    
    ssl_dhparam LOCATION_REDACTED;    
    ssl_ciphers 'CIPHER_REDACTED';    
    ssl_prefer_server_ciphers on; 
    
    client_max_body_size 0;
    
    location = / {
        include /config/nginx/proxy.conf;
        proxy_pass https://192.168.2.100:8443/manage/account/login;
    }
}


EDIT:

So I added the CNAME records for www + unifi and sending them to @.  I then pulled up http://unifi.mydomain.com/ on my mac and get nothing.  I tried my phone on wifi and it timed out.  I tried my phone on 4G and am getting THIS:

Outdated Browser
You are using an outdated browser. Please upgrade your browser to improve your experience.

{{toast.message}}

Partial success as it's prompting to open the unifi app....now how do I get it to work?

Edited by poldim

Thanks for all of the work here.  I've got nextcloud/letsencrypt working with duckdns, which I wouldn't have tried without the support here and tutorials.  One annoyance - is there an easy way to get unset urls (https://mydomain.duckdns.org/random_garbage) to map to 404 instead of the default "Welcome to our server?"

 

Google searches for 404 and "welcome to our server" don't help...

Thanks for all of the work here.  I've got nextcloud/letsencrypt working with duckdns, which I wouldn't have tried without the support here and tutorials.  One annoyance - is there an easy way to get unset urls (https://mydomain.duckdns.org/random_garbage) to map to 404 instead of the default "Welcome to our server?"
 
Google searches for 404 and "welcome to our server" don't help...


Google nginx 404 redirect

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.