November 30, 20169 yr Perhaps you could include the relevant apache and nginx sample reverse proxy configs in the documentation of each of the containers? Maybe even in the overview section of the template? Stay tuned... where'd you think I got all them from so quick...
November 30, 20169 yr Thank you, This community is amazing! All up and running now the last query I had was if I could set up multiple 'htpasswd' files. I want the server to be encrypted but it would be good if I could allow access to plexrequests with a separate password that way I could allow my users to make requests without giving them an overall admin logon which could be use to change settings etc.
November 30, 20169 yr Thank you, This community is amazing! All up and running now the last query I had was if I could set up multiple 'htpasswd' files. I want the server to be encrypted but it would be good if I could allow access to plexrequests with a separate password that way I could allow my users to make requests without giving them an overall admin logon which could be use to change settings etc. IIRC plex requests links to a plex username. So probably best just to leave that without .htpasswd. You can setup different .htpasswd files. But you need one per "group"
December 1, 20169 yr Thank you, This community is amazing! All up and running now the last query I had was if I could set up multiple 'htpasswd' files. I want the server to be encrypted but it would be good if I could allow access to plexrequests with a separate password that way I could allow my users to make requests without giving them an overall admin logon which could be use to change settings etc. IIRC plex requests links to a plex username. So probably best just to leave that without .htpasswd. You can setup different .htpasswd files. But you need one per "group" You can also add multiple user pass combos to the same htpasswd file
December 3, 20169 yr I converted from aptalca's Letsencrypt container over to this one today, thanks aptalca and the rest of LSIO for all your work on this! A few questions: 1) In the old container, I could docker exec into it and run nginx -t to have it check the config. But in the new container I have to specify which config file to test: nginx -c /config/nginx/nginx.conf -t Is there any way to make this the default? 2) In the old container I could restart nginx with "service nginx restart". How do you restart nginx in the new container, without actually restarting the whole container? 3) In /etc/init.d/nginx, the pid is defined as /run/nginx/nginx.pid. I think that should be /run/nginx.pid? Hmm, when I try to exec that script it says: /sbin/openrc-run: bad interpreter: No such file or directory Is /etc/init.d/nginx even used then? 4) Since most people are using this for reverse proxy and not hosting a public website, it might make sense to drop a basic robots.txt file in the default www directory to keep search engines away: User-agent: * Disallow: /
December 4, 20169 yr I converted from aptalca's Letsencrypt container over to this one today, thanks aptalca and the rest of LSIO for all your work on this! A few questions: 1) In the old container, I could docker exec into it and run nginx -t to have it check the config. But in the new container I have to specify which config file to test: nginx -c /config/nginx/nginx.conf -t Is there any way to make this the default? 2) In the old container I could restart nginx with "service nginx restart". How do you restart nginx in the new container, without actually restarting the whole container? 3) In /etc/init.d/nginx, the pid is defined as /run/nginx/nginx.pid. I think that should be /run/nginx.pid? Hmm, when I try to exec that script it says: /sbin/openrc-run: bad interpreter: No such file or directory Is /etc/init.d/nginx even used then? 4) Since most people are using this for reverse proxy and not hosting a public website, it might make sense to drop a basic robots.txt file in the default www directory to keep search engines away: User-agent: * Disallow: / 1) Not that I know of. Old container used a lot of symlinks, which aren't ideal. New container defines files in place. 2) s6-svc -h /var/run/s6/services/nginx 3) Nginx is started by the s6 service manager. Check out the file /etc/services.d/nginx/run 4) Some people host public wordpress sites. We design for the lowest common denominator, but you can always put whatever you need in the www folder as the container doesn't touch that as long as it exists
December 5, 20169 yr Hello everyone, first of all, i'd like to thank everyone for making this container. I do, however have a problem. When I try to run it, it gives me an error in the logs. nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] still could not bind() nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) This is going on indefinitely. I managed to set it up by killing the webgui process from the command line. Iset up the network as host and forwarded the right ports but unless i kill the webgui i can't reach the webserver. When I set the network to bridge it does not give me the errors but I still can't reach the websites. I hope someone can help me.
December 5, 20169 yr Hello everyone, first of all, i'd like to thank everyone for making this container. I do, however have a problem. When I try to run it, it gives me an error in the logs. nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] still could not bind() nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) This is going on indefinitely. I managed to set it up by killing the webgui process from the command line. Iset up the network as host and forwarded the right ports but unless i kill the webgui i can't reach the webserver. When I set the network to bridge it does not give me the errors but I still can't reach the websites. I hope someone can help me. Post your docker run command. You can't set the host port to 80 as that the default port Unraid webui uses, instead set it to 81 and then port forward 80 on your router to 81 on your Unraid machine. And have you made any changes to any of the files that are in your appdata folder? I'm unclear if this is a fresh pull or trying to run a container you've already attempted to configure further.
December 5, 20169 yr Wow, thanks for the fast reply. I wasn expecting this. The command that unraid is doing is this(after i now changed the port to 81): Command: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="letsencrypt" --net="host" --privileged="true" -e TZ="Europe/Berlin" -e HOST_OS="unRAID" -e "TCP_PORT_81"="81" -e "EMAIL"="[email protected]" -e "URL"="oliverengelhardt.de" -e "SUBDOMAINS"="www," -e "ONLY_SUBDOMAINS"="false" -e "DHLEVEL"="2048" -e "PUID"="99" -e "PGID"="100" -v "/mnt/user/appdata/letsencrypt":"/config":rw linuxserver/letsencrypt 7b66d45a4077800d8590c2576907b3490a09d36ddb27bc3191233fa57ce73a7f The command finished successfully! It's a fresh pull. I have not yet touched anything in appdata. I made a screenshot of my config page: It still appears to try to bind to port 80 though. the log is unchanged.
December 5, 20169 yr OK, map port 443 to 443 and make sure that you've got port forwards in your router to forward 81 ==> 80 and 443 ==>443
December 5, 20169 yr Ok, i have done that. It's still the same in the log. Still can't connect. Got teamviewer? I got a spare ten minutes...
December 5, 20169 yr Ok, i have done that. It's still the same in the log. Still can't connect. Got teamviewer? I got a spare ten minutes... Oh my god, I now set the network back to bridge and it works. I got no idea why, but it does. Thank you so much for your time though.
December 5, 20169 yr Ok, i have done that. It's still the same in the log. Still can't connect. Got teamviewer? I got a spare ten minutes... Oh my god, I now set the network back to bridge and it works. I got no idea why, but it does. Thank you so much for your time though. Begs the question why you set it to host? Glad you got it working.
December 5, 20169 yr Ok, i have done that. It's still the same in the log. Still can't connect. Got teamviewer? I got a spare ten minutes... Oh my god, I now set the network back to bridge and it works. I got no idea why, but it does. Thank you so much for your time though. Begs the question why you set it to host? Glad you got it working. I don't really know
December 5, 20169 yr Ok, i have done that. It's still the same in the log. Still can't connect. Got teamviewer? I got a spare ten minutes... Oh my god, I now set the network back to bridge and it works. I got no idea why, but it does. Thank you so much for your time though. Begs the question why you set it to host? Glad you got it working. I don't really know I admire the honesty of that answer..... lol
December 7, 20169 yr Just got this docker setup for my domain, real simple thanks guys. However, I have no experience with nginx (coming from Apache docker). Can someone point me to a good reference for how to configure this docker to redirect say my requests.domain.com to my PlexRequests docker?
December 7, 20169 yr Just got this docker setup for my domain, real simple thanks guys. However, I have no experience with nginx (coming from Apache docker). Can someone point me to a good reference for how to configure this docker to redirect say my requests.domain.com to my PlexRequests docker? Save this as requests in the same folder as default. server { listen 80; server_name requests.server.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name requests.server.com; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://192.168.0.1:3000/; } } Alternatively, paste this into default to access plexrequests at server.com/requests (You will need to set the URLBASE to /requests) location /requests { proxy_pass http://192.168.0.1:3000/requests; include /config/nginx/proxy.conf; } Obviously for both you'll need to change the IP address +/- port
December 7, 20169 yr Just got this docker setup for my domain, real simple thanks guys. However, I have no experience with nginx (coming from Apache docker). Can someone point me to a good reference for how to configure this docker to redirect say my requests.domain.com to my PlexRequests docker? Save this as requests in the same folder as default. server { listen 80; server_name requests.server.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name requests.server.com; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://192.168.0.1:3000/; } } Alternatively, paste this into default to access plexrequests at server.com/requests (You will need to set the URLBASE to /requests) location /requests { proxy_pass http://192.168.0.1:3000/requests; include /config/nginx/proxy.conf; } Obviously for both you'll need to change the IP address +/- port The second method works probably because I already had the URLBASE set for PlexRequests to /requests. The first method gets me a 502 Bad Gateway. I'm guessing this is because my URLBASE is set?
December 7, 20169 yr Yep Sent from my LG-H815 using Tapatalk I've taken out my URLBASE for PlexRequests and confirmed it is now accessed via IP:3000 (no longer /requests). I've taken out any reference to mydomain.com/requests in 'default.' I've added a file named 'requests' in the same folder as default containing the following: server { listen 80; server_name requests.MYDOMAIN.COM; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name requests.MYDOMAIN.COM; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://10.0.10.26:3000/; } } Still getting 502 Bad Gateway. Am I missing something in my config or placing the 'requests' file in the wrong location?
December 8, 20169 yr Got some logs? Docker container and the logs from the /config/logs folder? Redact your domain name. Sent from my LG-H815 using Tapatalk
December 8, 20169 yr Got some logs? Docker container and the logs from the /config/logs folder? Redact your domain name. Sent from my LG-H815 using Tapatalk /config/logs folder is empty. Here is the container log: Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/index.php/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 1000 User gid: 1000 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d www.MYDOMAIN -d requests.MYDOMAIN <-------------------------------------------------> <-------------------------------------------------> cronjob running on Wed Dec 7 19:45:01 EST 2016 Running certbot renew ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/MYDOMAIN.conf ------------------------------------------------------------------------------- The following certs are not due for renewal yet: /etc/letsencrypt/live/MYDOMAIN/fullchain.pem (skipped) No renewals were attempted. 2016-12-07 19:45:02,231 fail2ban.server [258]: INFO Starting Fail2ban v0.9.4 2016-12-07 19:45:02,231 fail2ban.server [258]: INFO Starting in daemon mode [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. EDIT: Found the issue. It was the httpS under location /. Had to remove the S.
December 8, 20169 yr Just got home from work and was going to look at this, so glad you've sorted it.
December 8, 20169 yr Are there any guides or tutorials around on how to have Letsencrypt interact with my other dockers on unraid? I understand the general concept behind Letsencrypt, but I'm not sure what files need to be modified, and how to modify these files. My current setup is your standard dynamic IP address provided by my ISP. I have this tracked by duckdns so I can associated the IP with the static name. I'd like to be able to attach to all of my different dockers through https: https://insertname.duckdns.org:2020 - Docker 1c https://insertname.duckdns.org:3030 - Docker 2 https://insertname.duckdns.org:4040 - Docker 3 A few of the dockers I run now are: crashplan owncloud plex plexpy plexrequests couchpotato sonarr Any fingers to point me in the right direction would be greatly appreciated
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.