Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

managed to get this from the logs, I understand about the registration error, but not sure on the other errors

 

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
2048 bit DH parameters present
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d ******.duckdns.org
E-mail address entered: *******@gmail.com
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
There were too many requests of a given type :: Error creating new registration :: too many registrations for this IP
Please see the logfiles in /var/log/letsencrypt for more details.
/var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory
[cont-init.d] 50-config: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

well, I just removed the docker and the folder and set it up again, seems to be working now

Edit: I'm a dumbass - port 443 wasn't forwarded....... :$

 

I too am having issues with this docker.  I've removed it and reinstalled it several times (including removing the appdata folder for letsencrypt).  I've tried different ports.  I'm getting the following error:

 

Failed authorization procedure. technologiq.duckdns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout

I've double checked and made sure my port forwarding (Ubiquiti ER3) is working correctly.  It appears that NGINX isn't even starting up to respond to the request in the first place.   

 

Any ideas?

 

Edited by technologiq

For the record, none of the problems people are having are the container, each and every one has been config.

Yours looks like letsencrypt can't validate your domain so without that nginx won't start.

Sent from my LG-H815 using Tapatalk

  • 2 weeks later...

Hello All!

 

New to the community but not new to unRAID. I am currently trying to setup Letsencrypt and keep running into this error every time it goes thru. Its seems as though the folders are not getting created. Here is what I receive just before the docker shuts down:

 

GID/UID
-------------------------------------
User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
generating self-signed keys in /config/keys, you can replace these with your own keys if required
Generating a 2048 bit RSA private key
...........+++
.....................+++
writing new private key to '/config/keys/cert.key'
-----
Subject Attribute /C has no known NID, skipped
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time


DH parameters successfully created - 2048 bits
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d ***********.ddns.net
E-mail address entered: ******.*******@outlook.com
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
There were too many requests of a given type :: Error creating new registration :: too many registrations for this IP
Please see the logfiles in /var/log/letsencrypt for more details.
/var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory
[cont-init.d] 50-config: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

 

When I attempt to go look at the log files listed as /var/log/letsencrypt/letsencrypt.log, the /var/log/letsencrypt folder does not seem to exist......

Edited by unraid_countryboy

Hello All!

 

New to the community but not new to unRAID. I am currently trying to setup Letsencrypt and keep running into this error every time it goes thru. Its seems as though the folders are not getting created. Here is what I receive just before the docker shuts down:

 

GID/UID
-------------------------------------
User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
generating self-signed keys in /config/keys, you can replace these with your own keys if required
Generating a 2048 bit RSA private key
...........+++
.....................+++
writing new private key to '/config/keys/cert.key'
-----
Subject Attribute /C has no known NID, skipped
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time



DH parameters successfully created - 2048 bits
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d ***********.ddns.net
E-mail address entered: ******.*******@outlook.com
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
There were too many requests of a given type :: Error creating new registration :: too many registrations for this IP
Please see the logfiles in /var/log/letsencrypt for more details.
/var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory
[cont-init.d] 50-config: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

 

When I attempt to go look at the log files listed as /var/log/letsencrypt/letsencrypt.log, the /var/log/letsencrypt folder does not seem to exist......

The certs weren't generated properly (could be a port forwarding or a dns issue) them you tried it too many times unsuccessfully and now letsencrypt servers are throttling you.

 

Try putting in your custom domain (including your custom subdomain) as the url, and enter a subdomain like www, don't set only subdomains to true. Sometimes when you change the subdomains around you can get around the throttling issue.

 

You still have to fix the dns or port issue.

 

If that doesn't work, you'll have to wait until letsencrypt accepts requests from you again

 

Any way the php7-phar package can be added in the next build? There are a number of flat-file CMS systems like 'grav' and 'pico' that use composer/phar to perform installation.

I've been getting cert errors in firefox the last few days, dunno if its me, firefox or letsencrypt, but Ive deleted my keys folder and rebuilt and it still happeneing, works fine in chrome/edge though.

 

f175723891dbab1d9000bfb281d57730.png

 

 

 

I've got this working for plrx, ombi and calibre-web from external locations, but on my home network I can't access mydomain.com/plex - is this normal or am I missing something fundamental?  

 

In my pfsense router I've forwarded all WAN traffic to 443 to unRAID, and I'm guessing I need to find a way to forward local traffic to my mydomain.com/plex to unraid as well?

 

Thanks in advance

 

# listening on port 80 disabled by default, remove the "#" signs to enable
# redirect all traffic to https
#server {
#	listen 80;
#	server_name _;
#	return 301 https://$host$request_uri;
#}

# main server block
server {
	listen 443 ssl default_server;

	root /config/www;
	index index.html index.htm index.php;

	server_name _;

	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers 'XXXXXXXX';
	ssl_prefer_server_ciphers on;

	client_max_body_size 0;

	location / {
		try_files $uri $uri/ /index.html /index.php?$args =404;

	}

	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		# With php7-cgi alone:
		fastcgi_pass 127.0.0.1:9000;
		# With php7-fpm:
		#fastcgi_pass unix:/var/run/php7-fpm.sock;
		fastcgi_index index.php;
		include /etc/nginx/fastcgi_params;
	}
	
#calibre-web

            location /books {
                proxy_bind              $server_addr;
                proxy_pass              http://172.30.12.2:8086;
                proxy_set_header        Host            $http_host;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Scheme        $scheme;
                proxy_set_header        X-Script-Name   /books;
        }

#PLEX

	location /web {
		# serve the CSS code
		proxy_pass http://172.30.12.2:32400;
	}

	# Main /plex rewrite
	location /plex {
		# proxy request to plex server
		proxy_pass http://172.30.12.2:32400/web;
	}
	
#Ombi
	
	location /plexrequest {
		include /config/nginx/proxy.conf;
		proxy_pass http://172.30.12.97:3579/plexrequest;
	}	

 

3 hours ago, jonathanm said:

Well, that was easy when you know where to look!!!

 

I followed the link and used Method 2 for Split DNS by adding a host override for my domain in DNS Resolver pointing the domain to my unRAID box's IP.  Works much better than it did via my BT HH5 router, which used to send the request out to the internet and then receive it back, to send out again...now it's super-fast as loading locally.  If only every webpage was this fast!

 

Thanks @jonathanm - another reason to love the control of pfsense

Hi guys,

 

I keep seeing these errors during cert renewal even though the certs are renewed successfully.

 

cronjob running on Mon Sep 4 16:07:17 AEST 2017
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.XXX.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Running pre-hook command: s6-svc -d /var/run/s6/services/nginx
Hook command "s6-svc -d /var/run/s6/services/nginx" returned error code 111
Error output from s6-svc:
s6-svc: fatal: unable to control /var/run/s6/services/nginx: No such file or directory

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/www.XXX.com/fullchain.pem
-------------------------------------------------------------------------------

Congratulations, all renewals succeeded. The following certs have been renewed:

 

Has anyone encountered these before and what's the resolution please?

 

Cheers.

Edited by doremi
More info added.

Hi guys,
 
I keep seeing these errors during cert renewal even though the certs are renewed successfully.
 
cronjob running on Mon Sep 4 16:07:17 AEST 2017Running certbot renewSaving debug log to /var/log/letsencrypt/letsencrypt.log-------------------------------------------------------------------------------Processing /etc/letsencrypt/renewal/www.XXX.com.conf-------------------------------------------------------------------------------Cert is due for renewal, auto-renewing...Running pre-hook command: s6-svc -d /var/run/s6/services/nginxHook command "s6-svc -d /var/run/s6/services/nginx" returned error code 111Error output from s6-svc:s6-svc: fatal: unable to control /var/run/s6/services/nginx: No such file or directory-------------------------------------------------------------------------------new certificate deployed without reload, fullchain is/etc/letsencrypt/live/www.XXX.com/fullchain.pem-------------------------------------------------------------------------------Congratulations, all renewals succeeded. The following certs have been renewed:

 
Has anyone encountered these before and what's the resolution please?
 
Cheers.

That's harmless.

It's trying to reload nginx after cert renewal but failing, because nginx is not running yet, since the renewal script is running during container start. Nginx will be started later with the new certs loaded.

If the script was running via cron at 2am, nginx would have been running, and would have been reloaded properly.

Either way everything works fine.

Every time this updates itself, it fails to load as I don't have a www subdomain. The only way I can then get it to work is to edit the container and remove the subdomains section. Nothing in my setup changed so I'm assuming something in the way the docker works changed.

 

How can I get around this?

Every time this updates itself, it fails to load as I don't have a www subdomain. The only way I can then get it to work is to edit the container and remove the subdomains section. Nothing in my setup changed so I'm assuming something in the way the docker works changed.
 
How can I get around this?
If you remove the subdomains field in the container settings, that change should persist through updates. If it doesn't, it's an unraid gui issue.

Yes it seems to reinstate it when there is an update for the docker.

 

What would you suggest? Remove the container and reinstall (without removing the config directory?).

I'm kind of stuck. I'm using this container's nginx to proxy some things (including directories), and then using another url to reverse proxy again. When I do this, I get an auth prompt. Accessing the DDNS url directly, there's no auth prompt. Reversing proxying from my other server's url does.

 

Is this a fail2ban thing? I tried disabling fail2ban completely to no avail, and there's no lines in my config (on either server) that would prompt for authentication.

 

EDIT: Nevermind, I was pointing it to http instead of https in the second server's proxy config. Whoops!

Edited by Crash

Sounds like there's some auth function in there somewhere and I don't think it's anything to do with fail2ban.  Why not post some redacted config files?

If I want to continue using this container for reverse proxy, combined with the new RC with LetsEncrypt support, I'm going to need to use my second NIC and assign all my Docker containers their own IPs in order to not have a port 443 conflict, right? I'm having some trouble visualizing how best to move forward...

If I want to continue using this container for reverse proxy, combined with the new RC with LetsEncrypt support, I'm going to need to use my second NIC and assign all my Docker containers their own IPs in order to not have a port 443 conflict, right? I'm having some trouble visualizing how best to move forward...
If the unraid rc truly requires port 443, then you would only need a new ip with port 443 open for the letsencrypt container, not the rest of the containers.

I believe the new unraid rc uses a limetech hosted ddns and gets the certs for the addresses on their server (everyone gets a randomized unique string added to limetech's address). The certs would not be for your own domain, but the custom domain limetech assigns you. Theoretically they should be able to let you use a different port for the connection between their server and yours, although I'm not sure if that's implemented.
19 hours ago, kaiguy said:

If I want to continue using this container for reverse proxy, combined with the new RC with LetsEncrypt support, I'm going to need to use my second NIC and assign all my Docker containers their own IPs in order to not have a port 443 conflict, right? I'm having some trouble visualizing how best to move forward...

 

Seeing the same issue on rc8q;

 

Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (~): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use
Error: failed to start containers: letsencrypt

2 hours ago, upthetoon said:

 

Seeing the same issue on rc8q;

 

Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (~): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use
Error: failed to start containers: letsencrypt

 

Your issue is that unraid gui is using port 443

 

See if you can turn off https in unraid settings. Then you should be fine

14 hours ago, aptalca said:

 

Your issue is that unraid gui is using port 443

 

See if you can turn off https in unraid settings. Then you should be fine

 

I couldn't see an obvious way to turn off https in unraid. I changed the secure port number in unraid which I don't think is a long term solution but has done the trick for now!

an other way would be, to assign some other port number to your letsencrypt container (for example: container port 443 -> host port 8062). then change the port forwarding in your router to incoming port 443 -> 8062 on your unraid machine

 

then the reverse proxy should work as before

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.