Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

@aptalca

 

Is curl already installed or would I have to install it manually?

can't remember off the top of my head but if it's not we will push an update

 

Until then you can install with

apk add --update curl

if it's missing

 

Thanks! Looks like today's update added curl. Can you also add GD? cURL and GD are the most used features and i'm surprised they were not included. In the meantime, I'll add gd manually. Thanks again!

 

Yeah, there are a whole lot of php modules out there. I personally host an html5 site and a bunch of reverse proxies so don't really use php at all.

 

If there are other modules that are commonly used and needed, let us know and we'll add them to this container.

 

I'll go ahead and add php5-gd

 

Thanks for adding GD. Will let you know if any other modules are needed but so far webpage is working great now!

I would like to donate some money to you as a thank you for adding them so quickly and helping me out

 

PM me your Paypal address. Thanks again!!

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

@aptalca

 

Is curl already installed or would I have to install it manually?

can't remember off the top of my head but if it's not we will push an update

 

Until then you can install with

apk add --update curl

if it's missing

 

Thanks! Looks like today's update added curl. Can you also add GD? cURL and GD are the most used features and i'm surprised they were not included. In the meantime, I'll add gd manually. Thanks again!

 

Yeah, there are a whole lot of php modules out there. I personally host an html5 site and a bunch of reverse proxies so don't really use php at all.

 

If there are other modules that are commonly used and needed, let us know and we'll add them to this container.

 

I'll go ahead and add php5-gd

 

Thanks for adding GD. Will let you know if any other modules are needed but so far webpage is working great now!

I would like to donate some money to you as a thank you for adding them so quickly and helping me out

 

PM me your Paypal address. Thanks again!!

 

 

No need for a PM, address is here...  ;)

 

https://www.linuxserver.io/donations/

@aptalca

 

Is curl already installed or would I have to install it manually?

can't remember off the top of my head but if it's not we will push an update

 

Until then you can install with

apk add --update curl

if it's missing

 

Thanks! Looks like today's update added curl. Can you also add GD? cURL and GD are the most used features and i'm surprised they were not included. In the meantime, I'll add gd manually. Thanks again!

 

Yeah, there are a whole lot of php modules out there. I personally host an html5 site and a bunch of reverse proxies so don't really use php at all.

 

If there are other modules that are commonly used and needed, let us know and we'll add them to this container.

 

I'll go ahead and add php5-gd

 

Thanks for adding GD. Will let you know if any other modules are needed but so far webpage is working great now!

I would like to donate some money to you as a thank you for adding them so quickly and helping me out

 

PM me your Paypal address. Thanks again!!

 

 

No need for a PM, address is here...  ;)

 

https://www.linuxserver.io/donations/

 

I would like to send it to him directly. Thanks

Thanks for adding GD. Will let you know if any other modules are needed but so far webpage is working great now!

I would like to donate some money to you as a thank you for adding them so quickly and helping me out

 

PM me your Paypal address. Thanks again!!

 

 

No need for a PM, address is here...  ;)

 

https://www.linuxserver.io/donations/

 

I would like to send it to him directly. Thanks

 

 

I recently joined the linuxserver team and this container was truly a team effort (still is). Feel free to donate to the team if you like. But I don't accept donations personally. Thanks

Trying to get Deluge and Transmission working...

 

CHBMB provided me a configuration, but it doesn't use .htpasswd, and when I tried to modify the script it 404.

Of course, the same setup doesn't work at all for Transmission.

 

#HTPC
server {
listen 443 ssl;
root /config/www;
index index.html index.htm index.php;
server_name htpc.*;
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 
*****
ssl_prefer_server_ciphers on;
client_max_body_size 0;

#Muximux
location / {
	auth_basic "Restricted";
	auth_basic_user_file /config/nginx/.htpasswd;
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.1.1:38095;
}

#Sonarr
location ^~ /tv {
	auth_basic "Restricted";
	auth_basic_user_file /config/nginx/.htpasswd;
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.1.1:38082/tv;
}	

#Couchpotato
location ^~ /movies {
	auth_basic "Restricted";
	auth_basic_user_file /config/nginx/.htpasswd;
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.1.1:38083/movies;
}	

#Deluge
location ^~ /deluge {
	auth_basic "Restricted";
	auth_basic_user_file /config/nginx/.htpasswd;
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.1.1:38085; 
	proxy_set_header  X-Deluge-Base "/deluge/";
}	

#PlexPy
location ^~ /stats {
	auth_basic "Restricted";
	auth_basic_user_file /config/nginx/.htpasswd;
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.1.1:38090/stats;
}	

}

 

Sonarr, CP, and PlexPy work fine within Muximux, and at /address on their own.

 

Any ideas?

Deux, you can use .htpasswd with it.  I do myself.

 

Sent from my LG-H815 using Tapatalk

 

 

Got them both working and with login requirement.

 

Thanks.

Back to the VPN question.

 

The VPN itself works fine (using OpenVPN-AS), but there is a possibility to have a webpage where I can login and get my configuration files when required.

However, when I try to log in to it at vpn.example.com I get a "502 Bad Gateway".

 

Here is the setup:

server {
listen 443 ssl;
root /config/www;
index index.html index.htm index.php;
server_name vpn.*;
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
client_max_body_size 0;

location / {
	auth_basic off;
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.80.1:9443;
}
}

I TRIED WITH 943 SAME ISSUE

 

 

I'll post this in the OpenVPN-AS thread as well if it is determined that this isn't an NGINX issue.

 

Thanks y'all!

Security wise I think it's a bad idea.  Essentially you end up securing your VPN via a Nginx reverse proxy which kind of removes the point of a VPN in the first place which is to provide more security to access certain services on your LAN than you would get from a reverse proxy.

 

Sent from my LG-H815 using Tapatalk

 

 

I'm not sure I follow.

 

I don't want VPN access through NGINX, I'm trying to get access to the OpenVPN-AS login page so that if I need to I can download the config file if I need it. If you go to the admin page you can set it up so that if you are outside your network you can only use the user login and not the admin one.

I'm not sure I follow.

 

I don't want VPN access through NGINX, I'm trying to get access to the OpenVPN-AS login page so that if I need to I can download the config file if I need it. If you go to the admin page you can set it up so that if you are outside your network you can only use the user login and not the admin one.

I could be wrong, but what I think the bald one was getting at was the "out of band" encryption issue. If you allow your secret key to be accessible through an externally available web page, you have just potentially weakened your VPN by allowing a hack that penetrated NGINX to also access your VPN secret key.

 

With any encryption scheme using a public / private key system, you should restrict access to the private key to the absolute minimum possible.

That's exactly what the bald one was thinking...

 

Sent from my LG-H815 using Tapatalk

 

 

I'm being stupid sorry.

 

I still don't understand.

 

You're saying that giving access to the login page is a potential security hole?

Yes.  You want to give access to your OpenVPN key via a reverse proxy.  The weakest link in that chain is the reverse proxy.  Get through that and potentially they have access to your VPN. 

 

Sent from my LG-H815 using Tapatalk

 

 

Just looking into this for future use.  How would I handle having multiple domains pointing to the same server?

 

Ex: My current nginx setup has 4 totally different domains, all coming in on the same ip/port then gets sorted out by nginx.

 

Is something like that possible with this container? (I'm 100% new to letsencypt, only switching because of chrome/google no longer recognizing startssl)

Just looking into this for future use.  How would I handle having multiple domains pointing to the same server?

 

Ex: My current nginx setup has 4 totally different domains, all coming in on the same ip/port then gets sorted out by nginx.

 

Is something like that possible with this container? (I'm 100% new to letsencypt, only switching because of chrome/google no longer recognizing startssl)

That's possible with letsencrypt, but not this container. This container only supports one domain with multiple subdomains

Got them both working and with login requirement.

 

Thanks.

 

How did you end up getting Transmission to work?  Did you modify Transmission to support a sub-directory?  What did your Nginx config end up looking like?  Thanks!

Got them both working and with login requirement.

 

Thanks.

 

How did you end up getting Transmission to work?  Did you modify Transmission to support a sub-directory?  What did your Nginx config end up looking like?  Thanks!

 

Try this:

 

location /transmission/ {
    proxy_pass_header X-Transmission-Session-Id;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://10.1.1.3:9091/transmission/web/;
}

location /rpc {
    proxy_pass http://10.1.1.3:9091/transmission/rpc;
}

managed to get myself completely confused here trying to set up a reverse proxy.

 

have managed to get nginx setup and running and managed to configure the password security but cannot for the life of me seem to setup the reverse proxy.

 

I have tried to use the examples in the default config file and also tried to copy over the ones from htpcguides but either way keep getting 502 bad gateway - I can't see what I am doing wrong! I have just spent 3 hours trying different options and am starting to feel like pulling why hair out!

 

I can get to the site fine using the base url which displays the index.html page.

 

Here is my config file:

 

# redirect all traffic to https
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}

# main server block
server {
listen 443 ssl default_server;

root /config/www;
index index.html index.htm index.php;

server_name [removed].duckdns.org 192.168.1.28;

ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

client_max_body_size 0;

location / {
	try_files $uri $uri/ /index.html /index.php?$args =404;
}

location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	# With php5-cgi alone:
	fastcgi_pass 127.0.0.1:9000;
	# With php5-fpm:
	#fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	include /etc/nginx/fastcgi_params;
}

# sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
# notice this is within the same server block as the base
# don't forget to generate the .htpasswd file as described on docker hub
location ^~ /plexpy {
	auth_basic "Restricted";
	auth_basic_user_file /config/nginx/.htpasswd;
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.1.28:8181/;
}

}

# sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
# notice this is a new server block
#server {
#	listen 443 ssl;
#
#	root /config/www;
#	index index.html index.htm index.php;
#
#	server_name cp.*;
#
#	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
#	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
#	ssl_dhparam /config/nginx/dhparams.pem;
#	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
#	ssl_prefer_server_ciphers on;
#
#	client_max_body_size 0;
#
#	location / {
#		auth_basic "Restricted";
#		auth_basic_user_file /config/nginx/.htpasswd;
#		include /config/nginx/proxy.conf;
#		proxy_pass http://192.168.1.50:5050;
#	}
#}

You generated the .htpasswd file?

 

Some apps are more difficult than others, try this for plexpy

 

    	location /plexpy/ {
   		proxy_pass http://192.168.1.28:8181;
	include /config/nginx/proxy.conf;
      		proxy_bind $server_addr;
      		proxy_set_header X-Forwarded-Host $server_name;
	proxy_set_header X-Forwarded-Ssl     on;
	auth_basic "Restricted";
      		auth_basic_user_file /config/.htpasswd;
	}

Thanks for your help!

 

Sorry for being thick :)

 

Managed to get CouchPotato working using the default one and muximux as the homepage but can't seem to get other apps working

 

The apps I wanted were

 

Sonarr

PlexPy

PlexRequests

NetData

Deluge

 

I've tried the PlexPy command and getting a 404 error, I think this might be down to my plexpy settings though

Thanks for your help!

 

Sorry for being thick :)

 

Managed to get CouchPotato working using the default one and muximux as the homepage but can't seem to get other apps working

 

The apps I wanted were

 

Sonarr

PlexPy

PlexRequests

NetData

Deluge

 

I've tried the PlexPy command and getting a 404 error, I think this might be down to my plexpy settings though

 

# Sonar
# https://github.com/linuxserver/docker-sonarr
#
# Edit the settings and set 
# Url Base to /sonarr

location ^~ /sonarr {
    proxy_pass http://192.168.1.28:8989/sonarr;
    include /config/nginx/proxy.conf;
}

 

# PlexyPy
# https://github.com/linuxserver/docker-plexpy
#
# Settings => Web Interface
# Change http root to /plexpy
#

location ^~ /plexpy/ {
    proxy_pass http://192.168.1.28:8181;
    include /config/nginx/proxy.conf;
    proxy_bind $server_addr;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Ssl     on;
}

 

# PlexRequests
# https://github.com/linuxserver/docker-plexrequests
#
# Run container with -e "URL_BASE"="/plexrequests"
#

location ^~ /requests {
    proxy_pass http://192.168.1.28:3000/requests;
    include /config/nginx/proxy.conf;
}

 

# Deluge
# https://github.com/linuxserver/docker-deluge
#
# No extra settings required
#

location ^~ /deluge {
    proxy_pass http://192.168.1.28:8112/;
    proxy_set_header  X-Deluge-Base "/deluge/";
    include /config/nginx/proxy.conf;
}

 

Netdata i've never heard of, you'll have to figure that one out yourself I'm afraid.

Perhaps you could include the relevant apache and nginx sample reverse proxy configs in the documentation of each of the containers? Maybe even in the overview section of the template?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.