November 22, 20169 yr @aptalca Is curl already installed or would I have to install it manually? can't remember off the top of my head but if it's not we will push an update Until then you can install with apk add --update curl if it's missing Thanks! Looks like today's update added curl. Can you also add GD? cURL and GD are the most used features and i'm surprised they were not included. In the meantime, I'll add gd manually. Thanks again! Yeah, there are a whole lot of php modules out there. I personally host an html5 site and a bunch of reverse proxies so don't really use php at all. If there are other modules that are commonly used and needed, let us know and we'll add them to this container. I'll go ahead and add php5-gd Thanks for adding GD. Will let you know if any other modules are needed but so far webpage is working great now! I would like to donate some money to you as a thank you for adding them so quickly and helping me out PM me your Paypal address. Thanks again!!
November 22, 20169 yr @aptalca Is curl already installed or would I have to install it manually? can't remember off the top of my head but if it's not we will push an update Until then you can install with apk add --update curl if it's missing Thanks! Looks like today's update added curl. Can you also add GD? cURL and GD are the most used features and i'm surprised they were not included. In the meantime, I'll add gd manually. Thanks again! Yeah, there are a whole lot of php modules out there. I personally host an html5 site and a bunch of reverse proxies so don't really use php at all. If there are other modules that are commonly used and needed, let us know and we'll add them to this container. I'll go ahead and add php5-gd Thanks for adding GD. Will let you know if any other modules are needed but so far webpage is working great now! I would like to donate some money to you as a thank you for adding them so quickly and helping me out PM me your Paypal address. Thanks again!! No need for a PM, address is here... https://www.linuxserver.io/donations/
November 22, 20169 yr @aptalca Is curl already installed or would I have to install it manually? can't remember off the top of my head but if it's not we will push an update Until then you can install with apk add --update curl if it's missing Thanks! Looks like today's update added curl. Can you also add GD? cURL and GD are the most used features and i'm surprised they were not included. In the meantime, I'll add gd manually. Thanks again! Yeah, there are a whole lot of php modules out there. I personally host an html5 site and a bunch of reverse proxies so don't really use php at all. If there are other modules that are commonly used and needed, let us know and we'll add them to this container. I'll go ahead and add php5-gd Thanks for adding GD. Will let you know if any other modules are needed but so far webpage is working great now! I would like to donate some money to you as a thank you for adding them so quickly and helping me out PM me your Paypal address. Thanks again!! No need for a PM, address is here... https://www.linuxserver.io/donations/ I would like to send it to him directly. Thanks
November 23, 20169 yr Thanks for adding GD. Will let you know if any other modules are needed but so far webpage is working great now! I would like to donate some money to you as a thank you for adding them so quickly and helping me out PM me your Paypal address. Thanks again!! No need for a PM, address is here... https://www.linuxserver.io/donations/ I would like to send it to him directly. Thanks I recently joined the linuxserver team and this container was truly a team effort (still is). Feel free to donate to the team if you like. But I don't accept donations personally. Thanks
November 23, 20169 yr Trying to get Deluge and Transmission working... CHBMB provided me a configuration, but it doesn't use .htpasswd, and when I tried to modify the script it 404. Of course, the same setup doesn't work at all for Transmission. #HTPC server { listen 443 ssl; root /config/www; index index.html index.htm index.php; server_name htpc.*; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers ***** ssl_prefer_server_ciphers on; client_max_body_size 0; #Muximux location / { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.1:38095; } #Sonarr location ^~ /tv { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.1:38082/tv; } #Couchpotato location ^~ /movies { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.1:38083/movies; } #Deluge location ^~ /deluge { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.1:38085; proxy_set_header X-Deluge-Base "/deluge/"; } #PlexPy location ^~ /stats { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.1:38090/stats; } } Sonarr, CP, and PlexPy work fine within Muximux, and at /address on their own. Any ideas?
November 23, 20169 yr Deux, you can use .htpasswd with it. I do myself. Sent from my LG-H815 using Tapatalk
November 23, 20169 yr Use the examples under "Setting up nginx" for Transmission. http://krisko210.blogspot.nl/2013/10/transmission-daemon-with-proxy-forward.html
November 24, 20169 yr Back to the VPN question. The VPN itself works fine (using OpenVPN-AS), but there is a possibility to have a webpage where I can login and get my configuration files when required. However, when I try to log in to it at vpn.example.com I get a "502 Bad Gateway". Here is the setup: server { listen 443 ssl; root /config/www; index index.html index.htm index.php; server_name vpn.*; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { auth_basic off; include /config/nginx/proxy.conf; proxy_pass http://192.168.80.1:9443; } } I TRIED WITH 943 SAME ISSUE I'll post this in the OpenVPN-AS thread as well if it is determined that this isn't an NGINX issue. Thanks y'all!
November 24, 20169 yr Security wise I think it's a bad idea. Essentially you end up securing your VPN via a Nginx reverse proxy which kind of removes the point of a VPN in the first place which is to provide more security to access certain services on your LAN than you would get from a reverse proxy. Sent from my LG-H815 using Tapatalk
November 24, 20169 yr I'm not sure I follow. I don't want VPN access through NGINX, I'm trying to get access to the OpenVPN-AS login page so that if I need to I can download the config file if I need it. If you go to the admin page you can set it up so that if you are outside your network you can only use the user login and not the admin one.
November 24, 20169 yr I'm not sure I follow. I don't want VPN access through NGINX, I'm trying to get access to the OpenVPN-AS login page so that if I need to I can download the config file if I need it. If you go to the admin page you can set it up so that if you are outside your network you can only use the user login and not the admin one. I could be wrong, but what I think the bald one was getting at was the "out of band" encryption issue. If you allow your secret key to be accessible through an externally available web page, you have just potentially weakened your VPN by allowing a hack that penetrated NGINX to also access your VPN secret key. With any encryption scheme using a public / private key system, you should restrict access to the private key to the absolute minimum possible.
November 24, 20169 yr That's exactly what the bald one was thinking... Sent from my LG-H815 using Tapatalk
November 24, 20169 yr I'm being stupid sorry. I still don't understand. You're saying that giving access to the login page is a potential security hole?
November 24, 20169 yr Yes. You want to give access to your OpenVPN key via a reverse proxy. The weakest link in that chain is the reverse proxy. Get through that and potentially they have access to your VPN. Sent from my LG-H815 using Tapatalk
November 24, 20169 yr Just looking into this for future use. How would I handle having multiple domains pointing to the same server? Ex: My current nginx setup has 4 totally different domains, all coming in on the same ip/port then gets sorted out by nginx. Is something like that possible with this container? (I'm 100% new to letsencypt, only switching because of chrome/google no longer recognizing startssl)
November 25, 20169 yr Just looking into this for future use. How would I handle having multiple domains pointing to the same server? Ex: My current nginx setup has 4 totally different domains, all coming in on the same ip/port then gets sorted out by nginx. Is something like that possible with this container? (I'm 100% new to letsencypt, only switching because of chrome/google no longer recognizing startssl) That's possible with letsencrypt, but not this container. This container only supports one domain with multiple subdomains
November 28, 20169 yr Got them both working and with login requirement. Thanks. How did you end up getting Transmission to work? Did you modify Transmission to support a sub-directory? What did your Nginx config end up looking like? Thanks!
November 28, 20169 yr Got them both working and with login requirement. Thanks. How did you end up getting Transmission to work? Did you modify Transmission to support a sub-directory? What did your Nginx config end up looking like? Thanks! Try this: location /transmission/ { proxy_pass_header X-Transmission-Session-Id; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://10.1.1.3:9091/transmission/web/; } location /rpc { proxy_pass http://10.1.1.3:9091/transmission/rpc; }
November 30, 20169 yr managed to get myself completely confused here trying to set up a reverse proxy. have managed to get nginx setup and running and managed to configure the password security but cannot for the life of me seem to setup the reverse proxy. I have tried to use the examples in the default config file and also tried to copy over the ones from htpcguides but either way keep getting 502 bad gateway - I can't see what I am doing wrong! I have just spent 3 hours trying different options and am starting to feel like pulling why hair out! I can get to the site fine using the base url which displays the index.html page. Here is my config file: # redirect all traffic to https server { listen 80; server_name _; return 301 https://$host$request_uri; } # main server block server { listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name [removed].duckdns.org 192.168.1.28; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; # With php5-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php5-fpm: #fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp" # notice this is within the same server block as the base # don't forget to generate the .htpasswd file as described on docker hub location ^~ /plexpy { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.28:8181/; } } # sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above # notice this is a new server block #server { # listen 443 ssl; # # root /config/www; # index index.html index.htm index.php; # # server_name cp.*; # # ssl_certificate /config/keys/letsencrypt/fullchain.pem; # ssl_certificate_key /config/keys/letsencrypt/privkey.pem; # ssl_dhparam /config/nginx/dhparams.pem; # ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; # ssl_prefer_server_ciphers on; # # client_max_body_size 0; # # location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050; # } #}
November 30, 20169 yr You generated the .htpasswd file? Some apps are more difficult than others, try this for plexpy location /plexpy/ { proxy_pass http://192.168.1.28:8181; include /config/nginx/proxy.conf; proxy_bind $server_addr; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Ssl on; auth_basic "Restricted"; auth_basic_user_file /config/.htpasswd; }
November 30, 20169 yr Thanks for your help! Sorry for being thick Managed to get CouchPotato working using the default one and muximux as the homepage but can't seem to get other apps working The apps I wanted were Sonarr PlexPy PlexRequests NetData Deluge I've tried the PlexPy command and getting a 404 error, I think this might be down to my plexpy settings though
November 30, 20169 yr Thanks for your help! Sorry for being thick Managed to get CouchPotato working using the default one and muximux as the homepage but can't seem to get other apps working The apps I wanted were Sonarr PlexPy PlexRequests NetData Deluge I've tried the PlexPy command and getting a 404 error, I think this might be down to my plexpy settings though # Sonar # https://github.com/linuxserver/docker-sonarr # # Edit the settings and set # Url Base to /sonarr location ^~ /sonarr { proxy_pass http://192.168.1.28:8989/sonarr; include /config/nginx/proxy.conf; } # PlexyPy # https://github.com/linuxserver/docker-plexpy # # Settings => Web Interface # Change http root to /plexpy # location ^~ /plexpy/ { proxy_pass http://192.168.1.28:8181; include /config/nginx/proxy.conf; proxy_bind $server_addr; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Ssl on; } # PlexRequests # https://github.com/linuxserver/docker-plexrequests # # Run container with -e "URL_BASE"="/plexrequests" # location ^~ /requests { proxy_pass http://192.168.1.28:3000/requests; include /config/nginx/proxy.conf; } # Deluge # https://github.com/linuxserver/docker-deluge # # No extra settings required # location ^~ /deluge { proxy_pass http://192.168.1.28:8112/; proxy_set_header X-Deluge-Base "/deluge/"; include /config/nginx/proxy.conf; } Netdata i've never heard of, you'll have to figure that one out yourself I'm afraid.
November 30, 20169 yr Perhaps you could include the relevant apache and nginx sample reverse proxy configs in the documentation of each of the containers? Maybe even in the overview section of the template?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.