Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

2 hours ago, aptalca said:

FYI, the new version of this image supports multiple domains through a new environment variable. Details are on the docker hub page

 

I've updated my docker how do I add the new variable?

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

I do have that, pfsense does it for me. I can do a nslookup from outside my home network and it will reply with the correct ip. But when the docket runs it just says no valid ip for my Google domains.  

If you need help setting this up with Google Domains let me know. I just switched my domains to Google and took me a about a day to figure things out. All good now though

7 hours ago, jrdnlc said:

If you need help setting this up with Google Domains let me know. I just switched my domains to Google and took me a about a day to figure things out. All good now though

 

sure send me the info, i like to use the domain i paid for.

 

7 hours ago, jrdnlc said:

If you need help setting this up with Google Domains let me know. I just switched my domains to Google and took me a about a day to figure things out. All good now though

Thanks!  I'm going to try what ijuarez suggested, but I think it should all be pretty automated right?  I mean, I run a ddclient docker to update my google domain with my current IP.  Then the letsencrypt docker should reference that domain and be good to go.  Right now I'd have to do it manually every time the IP changes.  Appreciate seeing how you managed it!

2 hours ago, ChaOConnor said:

Thanks!  I'm going to try what ijuarez suggested, but I think it should all be pretty automated right?  I mean, I run a ddclient docker to update my google domain with my current IP.  Then the letsencrypt docker should reference that domain and be good to go.  Right now I'd have to do it manually every time the IP changes.  Appreciate seeing how you managed it!

 

I don't use the ddclient docker. I use my router dynamic dns service to update my IP. Let me know how that goes. Feel free to message me

thanks to aptalca for the link, it took me several reads to understand how he set it up but i finally got it. No ip needed.

 

 

on goolge domains, select the domain you want to use, select DNS, create a dynamic dns entry for you domain.

 

us the @. whatever your domain is and add it

 

then create a cname record

 

www cname 1H  yourdomain,com then add it.

 

For DynamicDNS, setup whatever you want router, ddclient, whatever and use the new creds for the dynamic dns

 

run the docker and boom its good

 

 

On 7/4/2017 at 1:12 PM, Ezro said:

Does anyone know how to get this to work with the gitlab docker? (https://forums.lime-technology.com/topic/48653-support-gitlab-ce/)

 

I set my letsencrypt\nginx\site-confs to the following


  location /gitlab {
    include /config/nginx/proxy.conf;
    proxy_pass http://192.168.1.207:9080/gitlab;
  }

 

When I go to my server.duckdns.org/gitlab, I get a '404 not found' error.

 

Anyone have an idea how to fix this?

 

Sorry to bump, but I'm still having issues with Gitlab routing.

 

Also, I tried getting Nextcloud to work using this guide, and when I try to access https://192.168.1.207:444 I receive an "Insecure Connection" error. When I try to access server.duckdns.org/nextcloud/ I get a 502 bad gateway.

 

Does anyone know what I should look at in order to fix the Nextcloud routing?

On 7.7.2017 at 6:11 AM, ijuarez said:

 

I've updated my docker how do I add the new variable?

 

Hi,

 

I am also interested how to add the new variable.

 

Br,

Johannes

 
Hi,
 
I am also interested how to add the new variable.
 
Br,
Johannes


Click on "Add another Path, Port or Variable"
1 hour ago, aptalca said:

 


Click on "Add another Path, Port or Variable"

 

 

Like this?

 

 

Unbenannt.JPG

 
Like this?
 
 
Unbenannt.JPG.9143bc0f5b2da7443ef0638cd3932320.JPG


Key should be EXTRA_DOMAINS and don't forget the underscore in the middle

If you go to edit one of the other variables like the PUID, you can see the format

I want to restart nginx, without restarting the whole docker, prefferably by using 

docker exec letsencrypt nginx -s reload

But all i get is 

nginx: [error] open() "/run/nginx/nginx.pid" failed (2: No such file or directory)

Is there any easy fix i can do on my end?

I want to restart nginx, without restarting the whole docker, prefferably by using 
docker exec letsencrypt nginx -s reload

But all i get is 

nginx: [error] open() "/run/nginx/nginx.pid" failed (2: No such file or directory)

Is there any easy fix i can do on my end?



s6-svc -h /var/run/s6/services/nginx
On 8.7.2017 at 5:41 PM, aptalca said:

 


Key should be EXTRA_DOMAINS and don't forget the underscore in the middle

If you go to edit one of the other variables like the PUID, you can see the format

 

 

Thanks, it is working.

 

Br,

Johannes

All,

First of all ThanX!, I have been watching this thread for a while. it has helped me get letsencrypt/nginx running on my (Unraid)server with no real issues till now. I have a working nextcloud confg and I can get to my index page. (which I have modified slightly just so I know its mine) and can get my instance of couch potato running on my server. So now I am having issues with getting a rev proxy to my instance of home-assistant, I followed a thread bite from feb 17 about this but have tried the included config file with no success. So just looking for a little help. So here is what I have also done: copied my working nextcloud file an changed it accordingly. added the necessary stuff to the ha config file.

 

Now what I get is "502 Bad Gateway" when I go to https://subdomain.my_server.com

 

Here is a portion from the error log file:

2017/07/10 14:47:06 [error] 347#347: *1 SSL_do_handshake() failed (SSL: error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number) while SSL handshaking to upstream, client: ISP, server: SUBDOMAIN.myserver.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://0.0.0.0:port/favicon.ico", host: "SUBDOMAIN.myserver.com", referrer: "https://SUBDOMAIN.myserver.com/"

 

And here is the "site-confs" file:( just the one that seems to be the issue):

# This is the virtual host part that allows a subdomain include

server {  
    listen 443 ssl;
    server_name subdomain.my_server.com;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'there is really a key here';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://0.0.0.0:port/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }
}

 

hopefully I didn't redact too much info for it to make sense but here it is. I am sure it is something that I missed, so I would appreciate some extra eyes. 

 

ThanX in advance 

Mikey

19 hours ago, mikeyw said:

All,

First of all ThanX!, I have been watching this thread for a while. it has helped me get letsencrypt/nginx running on my (Unraid)server with no real issues till now. I have a working nextcloud confg and I can get to my index page. (which I have modified slightly just so I know its mine) and can get my instance of couch potato running on my server. So now I am having issues with getting a rev proxy to my instance of home-assistant, I followed a thread bite from feb 17 about this but have tried the included config file with no success. So just looking for a little help. So here is what I have also done: copied my working nextcloud file an changed it accordingly. added the necessary stuff to the ha config file.

 

Now what I get is "502 Bad Gateway" when I go to https://subdomain.my_server.com

 

Here is a portion from the error log file:


2017/07/10 14:47:06 [error] 347#347: *1 SSL_do_handshake() failed (SSL: error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number) while SSL handshaking to upstream, client: ISP, server: SUBDOMAIN.myserver.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://0.0.0.0:port/favicon.ico", host: "SUBDOMAIN.myserver.com", referrer: "https://SUBDOMAIN.myserver.com/"

 

And here is the "site-confs" file:( just the one that seems to be the issue):


# This is the virtual host part that allows a subdomain include

server {  
    listen 443 ssl;
    server_name subdomain.my_server.com;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'there is really a key here';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://0.0.0.0:port/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }
}

 

hopefully I didn't redact too much info for it to make sense but here it is. I am sure it is something that I missed, so I would appreciate some extra eyes. 

 

ThanX in advance 

Mikey

 

A couple of thing I noticed. . .

I am not sure if 0.0.0.0 is the real ip you are trying to reverse proxy or if that's your redaction. If former, that is incorrect. 0.0.0.0 in net=bridge will refer only to the letsencrypt container, not the host and not other containers. You can use the server ip to connect to a different container.

 

Also, you are trying to reverse proxy an https page. That is likely the reason you are getting the ssl handshake error (or a combination with a nonexistent service on 0.0.0.0 as referenced above). Try to use an http address for the reverse proxy.

Edited by aptalca

15 hours ago, mattekure said:

I just read that LetsEncrypt recently announced that starting in Jan 2018, they will offer wildcard certificates for free.  so you could have one for all the subdomains

 

https://arstechnica.com/information-technology/2017/07/lets-encrypt-to-start-offering-free-wildcard-certificates-for-https/

 

DNS challenge only :|

 

https://community.letsencrypt.org/t/wildcard-certificates-coming-january-2018/37567/8

I just switched back to unRAID, and am working on getting the LE+Nginx docker setup. Nginx starts, but the logs are constantly being populated with the following:

2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:82 failed (98: Address in use)
2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:444 failed (98: Address in use)

No matter what I put the port to in the docker config, or in the nginx.conf, these errors just stream across with the port I specified. Nothing is using those ports except for nginx. I'm able to access most of the proxy_pass (except plex, working on that too), but within just a few minutes, my error.log is growing huge. Anyone come across this before?

I just switched back to unRAID, and am working on getting the LE+Nginx docker setup. Nginx starts, but the logs are constantly being populated with the following:
2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:82 failed (98: Address in use)2017/07/11 16:25:04 [emerg] 366#366: bind() to 0.0.0.0:444 failed (98: Address in use)

No matter what I put the port to in the docker config, or in the nginx.conf, these errors just stream across with the port I specified. Nothing is using those ports except for nginx. I'm able to access most of the proxy_pass (except plex, working on that too), but within just a few minutes, my error.log is growing huge. Anyone come across this before?



I suspect you highly modified the nginx. conf and perhaps removed the "daemon off" setting so it's trying to launch a second instance unsuccessfully.

Did you by any chance copy your nginx settings over from another install? If so, go back to defaults by deleting them and restarting the container. Then modify the defaults as needed.

If that doesn't work, post your container settings along with nginx and site configs and we'll take a look.
1 hour ago, aptalca said:

 


I suspect you highly modified the nginx. conf and perhaps removed the "daemon off" setting so it's trying to launch a second instance unsuccessfully.

Did you by any chance copy your nginx settings over from another install? If so, go back to defaults by deleting them and restarting the container. Then modify the defaults as needed.

If that doesn't work, post your container settings along with nginx and site configs and we'll take a look.

 

 

Should I not be editing the nginx.conf then? Just put my config in the site-confs/default? I use a subdomain map for my proxy pass, with some nifty logic that has worked on other boxes, e.g.:

 

        map $subdomain $proxy_url {
                pr      "http://192.168.1.103:3000";
                py      "http://192.168.1.103:8181";
                cp      "http://192.168.1.103:5050";
                pms     "http://192.168.1.103:32400";
                nzb     "http://192.168.1.103:6789";
                down    "http://192.168.1.103:9091";
        }
  
                 if ($host ~* ^([a-z0-9-\.]+)\.mydomain.tld$) {
                        set $subdomain $1;
                }


                location / {
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "upgrade";

                    if ($subdomain) {
                        proxy_pass $proxy_url;
                    }
                }

                if ($subdomain = "pms") {
                        rewrite ^/$ $1/web;
                }

                if ($subdomain = "down") {
                        rewrite ^/$ $1/transmission;
                }

This has worked on other servers no problem, although I'm not used to running things in a docker, and haven't used unRAID in almost a year.

Edited by sethrd

You can edit the nginx.conf but don't overwrite it with a config from another server or you'll break it. Nginx package from the ubuntu repo has very different defaults than this container which is alpine based, and uses s6 as the supervisor.

What you posted is just a snippet of the site config. And not related to the error you're getting.

Got it. Removed my custom stuff, and added most of my config to the site-confs/default file and the errors are no longer showing. Still working on getting some of the proxy_pass working, mainly for plex access. Thanks aptalca!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.