Traxxus Posted April 22, 2018 Share Posted April 22, 2018 (edited) So I got the basics setup with the cyanlabs guide, cool stuff. I used the command on github to create the htpasswd file, it does ask for name and password, appears to accept it, then gives me a 403 forbidden error afterwards. Ombi isn't using it in favor of app based auth and is working fine. 2018/04/22 12:46:59 [error] 378#378: *37 open() "/config/.htpasswd" failed (2: No such file or directory), client: xx.xx.xxx.xxx, server: _, request: "GET /movies HTTP/1.1", host: "xxx.duckdns.org" 2018/04/22 12:47:05 [error] 378#378: *37 open() "/config/.htpasswd" failed (2: No such file or directory), client: xx.xx.xxx.xxx, server: _, request: "GET /tv HTTP/1.1", host: "xxx.duckdns.org" 2018/04/22 12:49:04 [error] 378#378: *68 open() "/config/.htpasswd" failed (2: No such file or directory), client: xx.xx.xxx.xxx, server: _, request: "GET /movies HTTP/1.1", host: "xxx.duckdns.org" My default looks like this. location /movies { auth_basic "Restricted"; auth_basic_user_file /config/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.3:7878/movies; Did I miss a step with the htpasswd file? Edited April 22, 2018 by Traxxus Quote Link to comment
GilbN Posted April 22, 2018 Share Posted April 22, 2018 5 hours ago, Traxxus said: So I got the basics setup with the cyanlabs guide, cool stuff. I used the command on github to create the htpasswd file, it does ask for name and password, appears to accept it, then gives me a 403 forbidden error afterwards. Ombi isn't using it in favor of app based auth and is working fine. 2018/04/22 12:46:59 [error] 378#378: *37 open() "/config/.htpasswd" failed (2: No such file or directory), client: xx.xx.xxx.xxx, server: _, request: "GET /movies HTTP/1.1", host: "xxx.duckdns.org" 2018/04/22 12:47:05 [error] 378#378: *37 open() "/config/.htpasswd" failed (2: No such file or directory), client: xx.xx.xxx.xxx, server: _, request: "GET /tv HTTP/1.1", host: "xxx.duckdns.org" 2018/04/22 12:49:04 [error] 378#378: *68 open() "/config/.htpasswd" failed (2: No such file or directory), client: xx.xx.xxx.xxx, server: _, request: "GET /movies HTTP/1.1", host: "xxx.duckdns.org" My default looks like this. location /movies { auth_basic "Restricted"; auth_basic_user_file /config/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://192.168.1.3:7878/movies; Did I miss a step with the htpasswd file? Pretty obvious error. failed (2: No such file or directory Sure the .htpasspw is not in /config/nginx/.htpasswd ? Quote Link to comment
Drider Posted April 22, 2018 Share Posted April 22, 2018 13 hours ago, GilbN said: For Ombi you can setup .htpasswd and have fail2ban ban the ip after x amount of failed logins. Fail2ban is already setup to do that with [nginx-http-auth]. I would add ignoreip = x.x.x.x/24 so you don't ban yourself. Like this. I already have my jail.local configured, as present in my original post. It's just a matter on turning it on. Would .htpasswd be recommended on top of Ombi using Plex account sign in? Would turning on .htpasswd with PLex user authentication in Ombi cause my users to have to sign in twice? If so would .htpasswd be recommended over Ombi Plex user sign on? 13 hours ago, GilbN said: Or you could setup Organizr and use server authentication so that only users that are logged in to organizr can access domain.com/ombi. And setup fail2ban on the organizr login page. With Organizr users that log in will automatically be logged into ombi/plex using SSO. https://imgur.com/a/rcwq6rg You can also setup geoblocking, that will block any country of your choosing. Not sure about organizr, just started looking into it, and it's intriguing, but not quite ready to undertake that project yet.. Referenced in my original post I've setup as subdomain. Not sure how that would play out with your suggestion as domain.com/ombi, and prefer not to use my base business domain. geoblocking is definitely a must, and thank you for referencing this. I had no idea it existed, and will get implemented asap. Quote Link to comment
Traxxus Posted April 23, 2018 Share Posted April 23, 2018 3 hours ago, GilbN said: Pretty obvious error. failed (2: No such file or directory Sure the .htpasspw is not in /config/nginx/.htpasswd ? Indeed it is, it's always the little things it seems. Thanks. Quote Link to comment
GilbN Posted April 23, 2018 Share Posted April 23, 2018 9 hours ago, Drider said: I already have my jail.local configured, as present in my original post. It's just a matter on turning it on. Would .htpasswd be recommended on top of Ombi using Plex account sign in? Would turning on .htpasswd with PLex user authentication in Ombi cause my users to have to sign in twice? If so would .htpasswd be recommended over Ombi Plex user sign on? Not sure about organizr, just started looking into it, and it's intriguing, but not quite ready to undertake that project yet.. Referenced in my original post I've setup as subdomain. Not sure how that would play out with your suggestion as domain.com/ombi, and prefer not to use my base business domain. geoblocking is definitely a must, and thank you for referencing this. I had no idea it existed, and will get implemented asap. Domain.com/ombi was just an example. Ombi.domain.com works just fine. Adding.htpasspw will make users have to log in twice yes. Using organizr they will only log in once with their plex credentials. Quote Link to comment
Drider Posted April 23, 2018 Share Posted April 23, 2018 (edited) 13 hours ago, GilbN said: Domain.com/ombi was just an example. Ombi.domain.com works just fine. Adding.htpasspw will make users have to log in twice yes. Using organizr they will only log in once with their plex credentials. I've been going through your blogs, and I must say thank you. You have a TON of good information in there. It looks like I'll be following 90% of what you've posted, as you're setup is pretty much what I desire. I've installed Organizr, and I've been playing with it a bit, look slike I'll be jumping on the bandwagon. I only have a couple problems with organizr: I get this error at the top of my homepage if I have Ombi request turned on, I'm not sure if it's because Ombi needs an update. (It's the only answer I've found as of end of March 2018 from support posts on GitHub) Notice: Undefined offset: 0 in /config/www/Dashboard/functions.php on line 5067 Notice: Undefined offset: 0 in /config/www/Dashboard/functions.php on line 5067 I'm trying to use unBlurr vBeta as a Theme, and all work except when I try to add: For Plex Users who want the chat button to go to the chat tab instead of the chat sidebar It places a bar over the entire homepage blocking the top of the page and specifically the save button. I have to use adblocker to kill the item in order to regain control. Sorry for the off topic questions, I know they should be placed elsewhere. It looks lie I have a lot more reading, trial and error to go through, but at least I have a good reference point. Don't you take down that blog anytime soon! @aptalca I'm still a bit puzzled on how to get DDNS to update directly to cloudflare, if you could be so kind as to answer: Is there a docker or plugin that I need to install specifically for this, or will I be be needing to go a custom script route? Should I be using a service like DNS-O-Matic ? Maybe I'm just missing it within the LetEncrypt container.. Edited April 23, 2018 by Drider Quote Link to comment
aptalca Posted April 23, 2018 Share Posted April 23, 2018 13 minutes ago, Drider said: I've been going through your blogs, and I must say thank you. You have a TON of good information in there. It looks like I'll be following 90% of what you've posted, as you're setup is pretty much what I desire. I've installed Organizr, and I've been playing with it a bit, look slike I'll be jumping on the bandwagon. I only have a couple problems with organizr: I get this error at the top of my homepage if I have Ombi request turned on, I'm not sure if it's because Ombi needs an update. (It's the only answer I've found as of end of March 2018 from support posts on GitHub) Notice: Undefined offset: 0 in /config/www/Dashboard/functions.php on line 5067 Notice: Undefined offset: 0 in /config/www/Dashboard/functions.php on line 5067 I'm trying to use unBlurr vBeta as a Theme, and all work except when I try to add: For Plex Users who want the chat button to go to the chat tab instead of the chat sidebar It places a bar over the entire homepage blocking the top of the page and specifically the save button. I have to use adblocker to kill the item in order to regain control. Sorry for the off topic questions, I know they should be placed elsewhere. It looks lie I have a lot more reading, trial and error to go through, but at least I have a good reference point. Don't you take down that blog anytime soon! @aptalca I'm still a bit puzzled on how to get DDNS to update directly to cloudflare, if you could be so kind as to answer: Is there a docker or plugin that I need to install specifically for this, or will I be be needing to go a custom script route? Should I be using a service like DNS-O-Matic ? Maybe I'm just missing it within the LetEncrypt container.. To update ip on cloudflare, you need to use a separate app, script or device. I believe you said you had ddwrt on your router. That probably handles that. If not, we have a ddclient docker that will do it. Letsencrypt doesn't update your ip on cloudflare, but it can use cloudflare api to verify domain ownership so you can get letsencrypt certs 1 Quote Link to comment
Drider Posted April 24, 2018 Share Posted April 24, 2018 1 hour ago, aptalca said: To update ip on cloudflare, you need to use a separate app, script or device. I believe you said you had ddwrt on your router. That probably handles that. If not, we have a ddclient docker that will do it. I do have DD-WRT, but as much as I wish I knew the script to place in the router, it looks like I'll go with DDClient, as I'm sure it will be more my pace of understanding to configure. Unless of course you could point me in the right direction ... ? Thanks! Quote Link to comment
Jessie Posted April 24, 2018 Share Posted April 24, 2018 I never resolved my issue with the letsencrypt docker and sbs server. ie it stopped after they banned tls-sni. What I haven't tried yet is the dns approach to authentication. I read somewhere today that this approach might be as simple as placing a txt record in DNS. Could it be that simple? If so, how do I derive/configure the txt string that would work? My other option would be to try to configure letsencrypt via pfsense. Not sure how that would go. Quote Link to comment
aptalca Posted April 24, 2018 Share Posted April 24, 2018 48 minutes ago, Jessie said: I never resolved my issue with the letsencrypt docker and sbs server. ie it stopped after they banned tls-sni. What I haven't tried yet is the dns approach to authentication. I read somewhere today that this approach might be as simple as placing a txt record in DNS. Could it be that simple? If so, how do I derive/configure the txt string that would work? My other option would be to try to configure letsencrypt via pfsense. Not sure how that would go. It is described in the docker description and the github readme Quote Link to comment
Jessie Posted April 24, 2018 Share Posted April 24, 2018 Thanks. I'll have a look. Quote Link to comment
saarg Posted April 24, 2018 Share Posted April 24, 2018 5 hours ago, Drider said: I do have DD-WRT, but as much as I wish I knew the script to place in the router, it looks like I'll go with DDClient, as I'm sure it will be more my pace of understanding to configure. Unless of course you could point me in the right direction ... ? Thanks! You have to wait until I add the template to our repository. For some reason I forgot to add it. Quote Link to comment
dalben Posted April 24, 2018 Share Posted April 24, 2018 On 21/04/2018 at 6:41 PM, dalben said: Is it possible to get the UNRAID GUI working through this letsencrypt / nginx reverse proxy ? I tried but there were some pretty bad formatting errors that made it unusable. Is it possible to add the UNRaid GUI through this letsencrypt/nginx reverse proxy? I've tried but the formatting is all out of whack. I also need to turn off restricted and rely on the unraid WebGui for authentication. Quote Link to comment
Drider Posted April 24, 2018 Share Posted April 24, 2018 1 hour ago, saarg said: You have to wait until I add the template to our repository. For some reason I forgot to add it. Ah I see, I'll keep an eye out. Thanks! Quote Link to comment
GilbN Posted April 24, 2018 Share Posted April 24, 2018 7 hours ago, Drider said: I've been going through your blogs, and I must say thank you. You have a TON of good information in there. It looks like I'll be following 90% of what you've posted, as you're setup is pretty much what I desire. I've installed Organizr, and I've been playing with it a bit, look slike I'll be jumping on the bandwagon. I only have a couple problems with organizr: I get this error at the top of my homepage if I have Ombi request turned on, I'm not sure if it's because Ombi needs an update. (It's the only answer I've found as of end of March 2018 from support posts on GitHub) Notice: Undefined offset: 0 in /config/www/Dashboard/functions.php on line 5067 Notice: Undefined offset: 0 in /config/www/Dashboard/functions.php on line 5067 I'm trying to use unBlurr vBeta as a Theme, and all work except when I try to add: For Plex Users who want the chat button to go to the chat tab instead of the chat sidebar It places a bar over the entire homepage blocking the top of the page and specifically the save button. I have to use adblocker to kill the item in order to regain control. Sorry for the off topic questions, I know they should be placed elsewhere. It looks lie I have a lot more reading, trial and error to go through, but at least I have a good reference point. Don't you take down that blog anytime soon! @aptalca I'm still a bit puzzled on how to get DDNS to update directly to cloudflare, if you could be so kind as to answer: Is there a docker or plugin that I need to install specifically for this, or will I be be needing to go a custom script route? Should I be using a service like DNS-O-Matic ? Maybe I'm just missing it within the LetEncrypt container.. For ombi you need version 3.0.2165 or later. Are you sure the ombi api key is correct? And did you try and add the url base if you use that? You did add it to custom html and not css right? For Organizr support I highly recommend joining the discord. https://organizr.us/discord much easier to support live ? Quote Link to comment
Drider Posted April 24, 2018 Share Posted April 24, 2018 (edited) 1 hour ago, GilbN said: For ombi you need version 3.0.2165 or later. Are you sure the ombi api key is correct? And did you try and add the url base if you use that? You did add it to custom html and not css right? For Organizr support I highly recommend joining the discord. https://organizr.us/discord much easier to support live ? I'm sorry I should've been more clear: I'm not sure if the repo is due for an update. I found a bunch of posts saying they have the same error, and the, (Devs?), replies are it's an Ombi issue and under fix. I am running v3.0.3185, and API key verified correct. No URL Base as I use subdomains, and for now I'm just testing locally, ... (Haven't even gotten to remote testing I might have added to css ... yup .. looking at it, definitely added to css. I may need to slow down just a little.., or less coffee at +2:30AM I believe I will be taking up your discord offer some point this weekend. I love to learn, and grasp on my own, gives a great feeling of accomplishment, but this is just taking too damn long.. Edited April 24, 2018 by Drider Quote Link to comment
GilbN Posted April 25, 2018 Share Posted April 25, 2018 (edited) On 24.4.2018 at 7:41 AM, dalben said: Is it possible to add the UNRaid GUI through this letsencrypt/nginx reverse proxy? I've tried but the formatting is all out of whack. I also need to turn off restricted and rely on the unraid WebGui for authentication. Yes it's possible. But it's not secure at all. You should use a VPN much safer. But if you absolutely want to. ```nginx ##UNRAID INTERFACE ## https://lime-technology.com/forums/topic/49997-reverse-proxy-unraid-dashboard-and-others/ # ## REDIRECT HTTP TRAFFIC TO https://domain.com #server { # listen 80; # server_name unraid.domain.com; # return 301 https://$host$request_uri; # } # #server { # listen 443 ssl http2; # server_name unraid.domain.com; # include /config/nginx/strong-ssl.conf; # # location / { # include /config/nginx/basicauth.conf; # include /config/nginx/proxy.conf; # # proxy_pass http://int.ern.al.ip/; # # # unraid logs do not work if buffering is enabled # proxy_buffering off; # # # see http://shairosenfeld.blogspot.com/2011/03/authorization-header-in-nginx-for.html # proxy_set_header Authorization "Basic redactedbase64code"; # https://www.base64decode.org # # # If you are proxying unRAID 6.4+, uncomment the following lines to support WebSockets # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; # } #} Edited April 28, 2018 by GilbN Quote Link to comment
dalben Posted April 25, 2018 Share Posted April 25, 2018 Thanks. I'll rethink whether I do it or not. Quote Link to comment
sgt_spike Posted April 28, 2018 Share Posted April 28, 2018 Trying to connect mariadb database and was checking the logs. I found this error log from nginx error log folder. can someone explain this error to me and how to resolve it: thrown in /config/www/bacmedia/index.php on line 35" while reading response header from upstream, client: 192.168.1.1, server: bacnet.duckdns.org, request: "GET /bacmedia/index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "bacnet.duckdns.org", referrer: "https://bacnet.duckdns.org/bacmedia/index.php" 2018/04/27 23:34:43 [error] 378#378: *921 FastCGI sent in stderr: "PHP message: PHP Warning: mysqli_connect(): php_network_getaddresses: getaddrinfo failed: Name does not resolve in /config/www/bacmedia/index.php on line 20 PHP message: PHP Warning: mysqli_connect(): (HY000/2002): php_network_getaddresses: getaddrinfo failed: Name does not resolve in /config/www/bacmedia/index.php on line 20 PHP message: PHP Notice: Trying to get property of non-object in /config/www/bacmedia/index.php on line 22 PHP message: PHP Fatal error: Uncaught Error: Call to a member function query() on boolean in /config/www/bacmedia/index.php:35 Stack trace: Quote Link to comment
aptalca Posted April 28, 2018 Share Posted April 28, 2018 1 hour ago, sgt_spike said: Trying to connect mariadb database and was checking the logs. I found this error log from nginx error log folder. can someone explain this error to me and how to resolve it: thrown in /config/www/bacmedia/index.php on line 35" while reading response header from upstream, client: 192.168.1.1, server: bacnet.duckdns.org, request: "GET /bacmedia/index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "bacnet.duckdns.org", referrer: "https://bacnet.duckdns.org/bacmedia/index.php" 2018/04/27 23:34:43 [error] 378#378: *921 FastCGI sent in stderr: "PHP message: PHP Warning: mysqli_connect(): php_network_getaddresses: getaddrinfo failed: Name does not resolve in /config/www/bacmedia/index.php on line 20 PHP message: PHP Warning: mysqli_connect(): (HY000/2002): php_network_getaddresses: getaddrinfo failed: Name does not resolve in /config/www/bacmedia/index.php on line 20 PHP message: PHP Notice: Trying to get property of non-object in /config/www/bacmedia/index.php on line 22 PHP message: PHP Fatal error: Uncaught Error: Call to a member function query() on boolean in /config/www/bacmedia/index.php:35 Stack trace: You didn't enter the right address for mariadb? I don't know, it's your website code. Quote Link to comment
sgt_spike Posted April 28, 2018 Share Posted April 28, 2018 7 hours ago, aptalca said: You didn't enter the right address for mariadb? I don't know, it's your website code. Not sure what other ip to use. I used the tower's ip for the hostname For the looks of it I am getting a successful connection just cannot query the database I created. <?php $sql = "SELECT * FROM movies"; $result = $dbconnect->query($sql); if ($result->num_rows > 0) { echo "<table><tr><th>Movie_ID</th><th>Movie Name</th><th>Media</th></tr>"; // output data of each row while($row = $result->fetch_assoc()) { echo "<tr><td>" . $row["movie_id"]. "</td><td>" . $row["title"]. " " . $row["media"]. "</td></tr>"; } echo "</table>"; } else { echo "0 results"; } $conn->close(); ?> perhaps I have the code wrong here Quote Link to comment
aptalca Posted April 28, 2018 Share Posted April 28, 2018 18 minutes ago, sgt_spike said: Not sure what other ip to use. I used the tower's ip for the hostname For the looks of it I am getting a successful connection just cannot query the database I created. <?php $sql = "SELECT * FROM movies"; $result = $dbconnect->query($sql); if ($result->num_rows > 0) { echo "<table><tr><th>Movie_ID</th><th>Movie Name</th><th>Media</th></tr>"; // output data of each row while($row = $result->fetch_assoc()) { echo "<tr><td>" . $row["movie_id"]. "</td><td>" . $row["title"]. " " . $row["media"]. "</td></tr>"; } echo "</table>"; } else { echo "0 results"; } $conn->close(); ?> perhaps I have the code wrong here Remove https from hostname. Only put in ip:port Quote Link to comment
sgt_spike Posted April 28, 2018 Share Posted April 28, 2018 1 minute ago, aptalca said: Remove https from hostname. Only put in ip:port Got it! That worked. Thx Quote Link to comment
GilbN Posted April 29, 2018 Share Posted April 29, 2018 15 hours ago, sgt_spike said: Got it! That worked. Thx Have you seen this? https://github.com/Tensai75/plpp/blob/master/README.md Quote Link to comment
jon123 Posted April 29, 2018 Share Posted April 29, 2018 Hey all.. I've been running this image for a while now without issue. But, I decided to try changing to a wildcard cert today. I pulled the most recent image, updated my docker compose and dns config and updated the container. It appears to work, but then throws an error saying to check the validation error above - but there are no validation errors. build_version: Linuxserver.io version:- 139 Build-date:- April-27-2018-22:06:54-UTC Any ideas? le log (I've attached the full le log here as well). le | 2018-04-29T16:54:15.228690086Z Performing the following challenges: le | 2018-04-29T16:54:15.238047339Z dns-01 challenge for mydomain le | 2018-04-29T16:54:15.238085071Z dns-01 challenge for mydomain le | 2018-04-29T16:54:15.238090178Z Unsafe permissions on credentials configuration file: /config/dns-conf/digitalocean.ini le | 2018-04-29T16:54:16.523142000Z Waiting 10 seconds for DNS changes to propagate le | 2018-04-29T16:54:26.534836161Z Waiting for verification... le | 2018-04-29T16:54:30.185131883Z Cleaning up challenges le | 2018-04-29T16:54:46.170727929Z IMPORTANT NOTES: le | 2018-04-29T16:54:46.250348556Z - Congratulations! Your certificate and chain have been saved at: le | 2018-04-29T16:54:46.250445899Z /etc/letsencrypt/live/mydomain/fullchain.pem le | 2018-04-29T16:54:46.253021957Z Your key file has been saved at: le | 2018-04-29T16:54:46.253059746Z /etc/letsencrypt/live/mydomain/privkey.pem le | 2018-04-29T16:54:46.253064950Z Your cert will expire on 2018-07-28. To obtain a new or tweaked le | 2018-04-29T16:54:46.253069538Z version of this certificate in the future, simply run certbot le | 2018-04-29T16:54:46.253073599Z again. To non-interactively renew *all* of your certificates, run le | 2018-04-29T16:54:46.253077573Z "certbot renew" le | 2018-04-29T16:54:46.253088918Z - If you like Certbot, please consider supporting our work by: le | 2018-04-29T16:54:46.253097379Z le | 2018-04-29T16:54:46.253101610Z Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate le | 2018-04-29T16:54:46.253106190Z Donating to EFF: https://eff.org/donate-le le | 2018-04-29T16:54:46.253110181Z le | 2018-04-29T16:54:46.261602398Z ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/digitalocean.ini file. The docker compose file: letsencrypt: image: linuxserver/letsencrypt container_name: le ports: - 443:443 - 80:80 volumes: - /opt/appdata/letsencrypt:/config - /opt/appdata/organizr/www:/fail2ban:ro restart: always depends_on: - tautulli - nzbget - sonarr - radarr - delugevpn environment: - PUID=1002 - PGID=1002 - EMAIL=my@email - URL=myserver - SUBDOMAINS=wildcard - ONLY_SUBDOMAINS=true - VALIDATION=dns - DNSPLUGIN=digitalocean - DHLEVEL=4096 - TZ=America/New_York le.log Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.