Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

Featured Replies

Thank you that was it. I changed the ports to 444 and 84 and they are forwarded. The Docker does start now, but I can't reach the webui.

I'm trying to follow the cyanlabs guide and I'm also cross reading the dockerhub documentation. But I can't figure out why I can't reach the webui.

Is the cyanlabs guide still up to date?

  • Replies 6.2k
  • Views 1.5m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

  • I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

  • BigBoyMarky
    BigBoyMarky

    I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

Just curious...does this auto renew the cert?

1 hour ago, mkono87 said:

Just curious...does this auto renew the cert?

Yes. 

4 hours ago, Heciruam said:

Thank you that was it. I changed the ports to 444 and 84 and they are forwarded. The Docker does start now, but I can't reach the webui.

I'm trying to follow the cyanlabs guide and I'm also cross reading the dockerhub documentation. But I can't figure out why I can't reach the webui.

Is the cyanlabs guide still up to date?

 

I'm guessing it fails because you are trying to add www.duckdns.org

3 hours ago, GilbN said:

 

I'm guessing it fails because you are trying to add www.duckdns.org

@Heciruam

I say it over and over again. Please read the instructions. It literally says underneath that field that if you're using a ddns, it should be set to customsubdomain.ddnsprovider.com

 

If you're following a guide, please ask for help from the guide's author, and if you're following our instructions, please read them.

I assume there is some kind of special configuration needed to use UniFi behind the Letsencrypt reverse proxy?  I have my cert and domain name (unifi.domain.com) working fine.  Typing in https://unifi.domain.com redirects me to https://unifi.domain.com/manage/account/login?redirect=%2Fmanage.  Then when I try to login I get a login error.  I assume the issue is because it's not redirecting me to unifi.domain.com:8443 even though that's what is listed in my site-conf file for unifi.

 

I must be missing something simple...

4 minutes ago, IamSpartacus said:

I assume there is some kind of special configuration needed to use UniFi behind the Letsencrypt reverse proxy?  I have my cert and domain name (unifi.domain.com) working fine.  Typing in https://unifi.domain.com redirects me to https://unifi.domain.com/manage/account/login?redirect=%2Fmanage.  Then when I try to login I get a login error.  I assume the issue is because it's not redirecting me to unifi.domain.com:8443 even though that's what is listed in my site-conf file for unifi.

 

I must be missing something simple...

 

This is what works for me


 

server {
       listen         80;
       server_name    unifi.server.com;
       return         301 https://$server_name$request_uri;
}

server {

    listen 443 ssl;
    server_name unifi.server.com;

    include /config/nginx/ssl.conf;
    
        location / {
        proxy_pass https://192.168.0.1:8443/;
        include /config/nginx/proxy.conf;
        proxy_set_header X-Real-IP $remote_addr;
        }
}

 

11 minutes ago, CHBMB said:

 

This is what works for me


 


server {
       listen         80;
       server_name    unifi.server.com;
       return         301 https://$server_name$request_uri;
}

server {

    listen 443 ssl;
    server_name unifi.server.com;

    include /config/nginx/ssl.conf;
    
        location / {
        proxy_pass https://192.168.0.1:8443/;
        include /config/nginx/proxy.conf;
        proxy_set_header X-Real-IP $remote_addr;
        }
}

 

 

LE definitely doesn't like that as I get the following error over and over once I add that to my site-conf and restart LE.

 

nginx: [emerg] the size 52428800 of shared memory zone "SSL" conflicts with already declared size 10485760 in /config/nginx/ssl.conf:3

 

Found a conf that works:

 

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    listen [::]:80 ipv6only=on;
    listen 443 ssl;
    listen [::]:443 ipv6only=on ssl;

    server_name unifi.MYDOMAIN.COM;
    client_max_body_size 2G;

    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    location / {
        proxy_pass https://localhost:8443;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_buffering off;
    }

    # These are managed by certbot.
    # ssl_certificate /etc/letsencrypt/live/YOUR_FQDN/fullchain.pem;
    # ssl_certificate_key /etc/letsencrypt/live/YOUR_FQDN/privkey.pem;
}

 

Can you use multiple domains with this?

3 hours ago, aptalca said:

 

Yes

Would this be done via the docker config the nginx config?

4 hours ago, Earache said:

Would this be done via the docker config the nginx config?

 

Read the Readme on github for info. Link in first post. 

After that you can modify the container template with the second domain. 

Hey all,

 

I'm new here, but I'm at the point where I really need to stop bashing my head against the wall and seek help for this. I'm doing my best to set up an automated media server from my home pc. I've gotten it to the point where it works pretty much perfectly... internally. I have containers for Transmission-vpn, Sonarr, Radarr, Jackett, Ombi, etc.

 

However, I really want to be able to access some of these containers externally as well (ombi) or view the status of my downloads in an android app like nzb360 (which supports sonarr, radar, transmission). 

 

I was really excited when I came across the linuxserver/letsencrypt image (as I am on a Win10 pc and am unable to use alternatives like Traefik because I can't chmod permissions for the ssl key file -- but that's another topic), and the setup/config for it seemed pretty straightforward.

 

In terms of the domain itself, I purchased a domain name from google domains and transferred it to Cloudflare DNS. There I set up some A records (www.*, *.domain.net) and CNAME records for the subdomains for each container I want to make available externally. 

 

I have also forwarded both ports 80 and 443 on my dd-wrt router. 

 

I'm using docker-compose to make it a lot easier to test changes and bring up/down the containers as I go. Here is the compose entry for letsencrypt (minus sensitive info [email, domain name, etc]):

  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: le
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ${CONFIG}/letsencrypt:/config
    restart: always
    depends_on:
      - transmission-vpn
      - sonarr
      - radarr
      - ombi
      - jackett
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - [email protected]
      - URL=domain.net
      - SUBDOMAINS=tv,movies,downloads,requests,ombi,transmission,radarr,sonarr,jackett
      - ONLY_SUBDOMAINS=false
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
      - DHLEVEL=4096
      - TZ=America/Los_Angeles

 My \letsencrypt\nginx\site-confs\default file looks like this:

# main server block
server {
	listen 443 ssl default_server;

	root /config/www;
	index index.html index.htm index.php;

	server_name domain.net;

	# enable subfolder method reverse proxy confs
	include /config/nginx/proxy-confs/*.subfolder.conf;

	# all ssl related config moved to ssl.conf
	include /config/nginx/ssl.conf;

	client_max_body_size 0;

	location / {
		try_files $uri $uri/ /index.html /index.php?$args =404;
	}

	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		# With php7-cgi alone:
		fastcgi_pass 127.0.0.1:9000;
		# With php7-fpm:
		#fastcgi_pass unix:/var/run/php7-fpm.sock;
		fastcgi_index index.php;
		include /etc/nginx/fastcgi_params;
	}


# sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
# notice this is within the same server block as the base
# don't forget to generate the .htpasswd file as described on docker hub
#	location ^~ /cp {
#		auth_basic "Restricted";
#		auth_basic_user_file /config/nginx/.htpasswd;
#		include /config/nginx/proxy.conf;
#		proxy_pass http://192.168.1.50:5050/cp;
#	}

}

# sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
# notice this is a new server block, you need a new server block for each subdomain
#server {
#	listen 443 ssl;
#
#	root /config/www;
#	index index.html index.htm index.php;
#
#	server_name cp.*;
#
#	include /config/nginx/ssl.conf;
#
#	client_max_body_size 0;
#
#	location / {
#		auth_basic "Restricted";
#		auth_basic_user_file /config/nginx/.htpasswd;
#		include /config/nginx/proxy.conf;
#		proxy_pass http://192.168.1.50:5050;	
#	}
#}


# enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf;

And I've renamed the subdomain files I want to use under \proxy-confs\ and they look like this (sonarr example):

# make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url
# to enable password access, uncomment the two auth_basic lines

server {
    listen         80;
    server_name    sonarr.domain.net;
    return         301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name sonarr.domain.net;

    access_log /var/log/nginx/sonarr.domain.net.log;

    location / {
        proxy_pass        http://127.0.0.1:8989;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_redirect off;
        proxy_buffering off;

    }
}

To my eye, all of that looks like it *should* be working and allowing me to access sonarr from "sonarr.domain.net" -- but instead I get "ERR_CONNECTION_TIMED_OUT" page.

 

I can ping sonarr.domain.net -- and it returns a reply, along with my valid WAN IP. But I can't reach it in a browser window, and I have no idea what the cause of the issue is.

 

If anyone can help me figure this out, I would be eternally grateful. I've spent the past week or two staying up late trying to get all of this set up correctly, and I feel like I'm *SO CLOSE*! 

 

Thanks in advance!

-Adam

 

 

3 hours ago, ablaine said:

Hey all,

 

I'm new here, but I'm at the point where I really need to stop bashing my head against the wall and seek help for this. I'm doing my best to set up an automated media server from my home pc. I've gotten it to the point where it works pretty much perfectly... internally. I have containers for Transmission-vpn, Sonarr, Radarr, Jackett, Ombi, etc.

 

However, I really want to be able to access some of these containers externally as well (ombi) or view the status of my downloads in an android app like nzb360 (which supports sonarr, radar, transmission). 

 

I was really excited when I came across the linuxserver/letsencrypt image (as I am on a Win10 pc and am unable to use alternatives like Traefik because I can't chmod permissions for the ssl key file -- but that's another topic), and the setup/config for it seemed pretty straightforward.

 

In terms of the domain itself, I purchased a domain name from google domains and transferred it to Cloudflare DNS. There I set up some A records (www.*, *.domain.net) and CNAME records for the subdomains for each container I want to make available externally. 

 

I have also forwarded both ports 80 and 443 on my dd-wrt router. 

 

I'm using docker-compose to make it a lot easier to test changes and bring up/down the containers as I go. Here is the compose entry for letsencrypt (minus sensitive info [email, domain name, etc]):


  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: le
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ${CONFIG}/letsencrypt:/config
    restart: always
    depends_on:
      - transmission-vpn
      - sonarr
      - radarr
      - ombi
      - jackett
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - [email protected]
      - URL=domain.net
      - SUBDOMAINS=tv,movies,downloads,requests,ombi,transmission,radarr,sonarr,jackett
      - ONLY_SUBDOMAINS=false
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
      - DHLEVEL=4096
      - TZ=America/Los_Angeles

 My \letsencrypt\nginx\site-confs\default file looks like this:


# main server block
server {
	listen 443 ssl default_server;

	root /config/www;
	index index.html index.htm index.php;

	server_name domain.net;

	# enable subfolder method reverse proxy confs
	include /config/nginx/proxy-confs/*.subfolder.conf;

	# all ssl related config moved to ssl.conf
	include /config/nginx/ssl.conf;

	client_max_body_size 0;

	location / {
		try_files $uri $uri/ /index.html /index.php?$args =404;
	}

	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		# With php7-cgi alone:
		fastcgi_pass 127.0.0.1:9000;
		# With php7-fpm:
		#fastcgi_pass unix:/var/run/php7-fpm.sock;
		fastcgi_index index.php;
		include /etc/nginx/fastcgi_params;
	}


# sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
# notice this is within the same server block as the base
# don't forget to generate the .htpasswd file as described on docker hub
#	location ^~ /cp {
#		auth_basic "Restricted";
#		auth_basic_user_file /config/nginx/.htpasswd;
#		include /config/nginx/proxy.conf;
#		proxy_pass http://192.168.1.50:5050/cp;
#	}

}

# sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
# notice this is a new server block, you need a new server block for each subdomain
#server {
#	listen 443 ssl;
#
#	root /config/www;
#	index index.html index.htm index.php;
#
#	server_name cp.*;
#
#	include /config/nginx/ssl.conf;
#
#	client_max_body_size 0;
#
#	location / {
#		auth_basic "Restricted";
#		auth_basic_user_file /config/nginx/.htpasswd;
#		include /config/nginx/proxy.conf;
#		proxy_pass http://192.168.1.50:5050;	
#	}
#}


# enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf;

And I've renamed the subdomain files I want to use under \proxy-confs\ and they look like this (sonarr example):


# make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url
# to enable password access, uncomment the two auth_basic lines

server {
    listen         80;
    server_name    sonarr.domain.net;
    return         301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name sonarr.domain.net;

    access_log /var/log/nginx/sonarr.domain.net.log;

    location / {
        proxy_pass        http://127.0.0.1:8989;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_redirect off;
        proxy_buffering off;

    }
}

To my eye, all of that looks like it *should* be working and allowing me to access sonarr from "sonarr.domain.net" -- but instead I get "ERR_CONNECTION_TIMED_OUT" page.

 

I can ping sonarr.domain.net -- and it returns a reply, along with my valid WAN IP. But I can't reach it in a browser window, and I have no idea what the cause of the issue is.

 

If anyone can help me figure this out, I would be eternally grateful. I've spent the past week or two staying up late trying to get all of this set up correctly, and I feel like I'm *SO CLOSE*! 

 

Thanks in advance!

-Adam

 

 

 

Why did you completely modify the preset proxy conf? They are supposed to work out of the box as long as you followed the readme in that folder

 

Also, did you even confirm that letsencrypt cert generation worked successfully? I recommend doing all of those things step by step. Don't go from scratch to reverse proxying something at once. 

 

Also, post a log

Edited by aptalca

I would like to limit the upload speed of my server to the outside world for specific dockers. Is this possible to do? I'm currently running Nextcloud and Plex for which I would like to limit the upload speed. I've found some articles about rate limiting in NGINX, but I can't make much sense of it to apply it.

 

Would be nice to make sure other people are not collapsing my full bandwidth.

34 minutes ago, Kaizac said:

I would like to limit the upload speed of my server to the outside world for specific dockers. Is this possible to do? I'm currently running Nextcloud and Plex for which I would like to limit the upload speed. I've found some articles about rate limiting in NGINX, but I can't make much sense of it to apply it.

 

Would be nice to make sure other people are not collapsing my full bandwidth.

 

Plex has a built in setting for that

53 minutes ago, aptalca said:

 

Plex has a built in setting for that

 

That only works with a Plex Pass AFAIK, which I do not have. And since I also have Nextcloud I would like to be able to limit it from within NGINX (or maybe there is an other and better solution).

15 hours ago, aptalca said:

 

Why did you completely modify the preset proxy conf? They are supposed to work out of the box as long as you followed the readme in that folder

 

Also, did you even confirm that letsencrypt cert generation worked successfully? I recommend doing all of those things step by step. Don't go from scratch to reverse proxying something at once. 

 

Also, post a log

 

Thanks for the response. Re: the proxy conf file, I made those changes after the default wasn't working, after seeing some example versions of that file online. I was worried that the ($upstream_sonarr) value wasn't working properly. I've reverted my changes (deleted my conf and renamed the clean sample version), but the issue still exists.

 

Letsencrypt certification does appear to be working correctly. Here's a log from the le container viewed within Kitematic (with email/domain edited out):

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \ 
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/
2018-06-18T04:50:38.547439400Z 
2018-06-18T04:50:38.547441200Z 
Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------
2018-06-18T04:50:38.589599400Z 
User uid:    1000
User gid:    1000
-------------------------------------
2018-06-18T04:50:38.589618200Z 
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing... 
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing... 
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing... 
Variables set:
PUID=1000
PGID=1000
TZ=America/Los_Angeles
URL=domain.net
SUBDOMAINS=tv,movies,downloads,requests,ombi,transmission,radarr,sonarr,jackett
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
DHLEVEL=4096
VALIDATION=dns
DNSPLUGIN=cloudflare
[email protected]
STAGING=
2018-06-18T04:50:44.317418600Z 
Backwards compatibility check. . .
No compatibility action needed
4096 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are:  -d tv.domain.net -d movies.domain.net -d downloads.domain.net -d requests.domain.net -d ombi.domain.net -d transmission.domain.net -d radarr.domain.net -d sonarr.domain.net -d jackett.domain.net
E-mail address entered: [email protected]
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; attempting renewal
<------------------------------------------------->
2018-06-18T04:50:48.076788400Z 
<------------------------------------------------->
cronjob running on Sun Jun 17 21:50:48 PDT 2018
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-06-18T04:51:03.055017000Z 
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/domain.net.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
Plugins selected: Authenticator dns-cloudflare, Installer None
2018-06-18T04:51:03.198860000Z 
-------------------------------------------------------------------------------
2018-06-18T04:51:03.198871200Z 
The following certs are not due for renewal yet:
  /etc/letsencrypt/live/domain.net/fullchain.pem expires on 2018-09-15 (skipped)
No renewals were attempted.
No hooks were run.
-------------------------------------------------------------------------------
[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready

Unless you were referring to another log? 

 

I'm starting to think it's not an issue with the reverse proxy setup as much as it is a firewall/gateway issue. I'm not sure how to even go about testing things on that end though. I've already added port forwards for 80, 443, 8080 through the windows firewall settings (and my router), and I don't have any other form of firewall/antivirus on my system. 

2 hours ago, ablaine said:

 

Thanks for the response. Re: the proxy conf file, I made those changes after the default wasn't working, after seeing some example versions of that file online. I was worried that the ($upstream_sonarr) value wasn't working properly. I've reverted my changes (deleted my conf and renamed the clean sample version), but the issue still exists.

 

Letsencrypt certification does appear to be working correctly. Here's a log from the le container viewed within Kitematic (with email/domain edited out):


-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \ 
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/
2018-06-18T04:50:38.547439400Z 
2018-06-18T04:50:38.547441200Z 
Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------
2018-06-18T04:50:38.589599400Z 
User uid:    1000
User gid:    1000
-------------------------------------
2018-06-18T04:50:38.589618200Z 
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing... 
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing... 
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing... 
Variables set:
PUID=1000
PGID=1000
TZ=America/Los_Angeles
URL=domain.net
SUBDOMAINS=tv,movies,downloads,requests,ombi,transmission,radarr,sonarr,jackett
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
DHLEVEL=4096
VALIDATION=dns
DNSPLUGIN=cloudflare
[email protected]
STAGING=
2018-06-18T04:50:44.317418600Z 
Backwards compatibility check. . .
No compatibility action needed
4096 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are:  -d tv.domain.net -d movies.domain.net -d downloads.domain.net -d requests.domain.net -d ombi.domain.net -d transmission.domain.net -d radarr.domain.net -d sonarr.domain.net -d jackett.domain.net
E-mail address entered: [email protected]
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; attempting renewal
<------------------------------------------------->
2018-06-18T04:50:48.076788400Z 
<------------------------------------------------->
cronjob running on Sun Jun 17 21:50:48 PDT 2018
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-06-18T04:51:03.055017000Z 
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/domain.net.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
Plugins selected: Authenticator dns-cloudflare, Installer None
2018-06-18T04:51:03.198860000Z 
-------------------------------------------------------------------------------
2018-06-18T04:51:03.198871200Z 
The following certs are not due for renewal yet:
  /etc/letsencrypt/live/domain.net/fullchain.pem expires on 2018-09-15 (skipped)
No renewals were attempted.
No hooks were run.
-------------------------------------------------------------------------------
[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready

Unless you were referring to another log? 

 

I'm starting to think it's not an issue with the reverse proxy setup as much as it is a firewall/gateway issue. I'm not sure how to even go about testing things on that end though. I've already added port forwards for 80, 443, 8080 through the windows firewall settings (and my router), and I don't have any other form of firewall/antivirus on my system. 

 

Go to https://yourdomain.com from your cell phone while on cell connection (wifi turned off). If you get the default homepage then you confirm port 443 is forwarded correctly. If not, is a port issue (or the ip on cloudflare is not correct) 

I installed ioncube and did a force update (not sure if it's the same thing) and it uninstalled it :(

Should I copy the file  ioncube_loader_lin_7.1.so into appdata folder and add the entry to install the module in php.ini ?

Yes! I fixed it :)

copied the file to /php/

and added to php.ini the following line

 

zend_extension = "/config/php/ioncube_loader_lin_7.1.so"

 

Ok next problem now!

I needed https://www.imagemagick.org/script/index.php

So I got into the docker and installed it using

apk add imagemagick

 

Now as I have already found from previous posts :)

after an update everything is cleared.

So I put the command in post arguments field but I get an error even it's being installed during docker start

 

(I didn't include the beginning of the log)

Quote

No renewals were attempted.
No hooks were run.
-------------------------------------------------------------------------------
[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/APKINDEX.tar.gz
Server ready
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/community/x86_64/APKINDEX.tar.gz
(1/33) Installing fontconfig (2.12.6-r0)
(2/33) Installing libgomp (6.4.0-r5)
(3/33) Installing lcms2 (2.8-r1)
(4/33) Installing libltdl (2.4.6-r4)
(5/33) Installing imagemagick-libs (7.0.7.11-r1)
(6/33) Installing libxrender (0.9.10-r2)
(7/33) Installing pixman (0.34.0-r3)
(7/33) Installing pixman (0.34.0-r3)
(8/33) Installing cairo (1.14.10-r0)
(9/33) Installing libintl (0.19.8.1-r1)
(10/33) Installing libblkid (2.31-r0)
(11/33) Installing libmount (2.31-r0)
(9/33) Installing libintl (0.19.8.1-r1)
(10/33) Installing libblkid (2.31-r0)
(11/33) Installing libmount (2.31-r0)
(12/33) Installing glib (2.54.2-r0)
(13/33) Installing dbus-libs (1.10.24-r0)
(14/33) Installing avahi-libs (0.6.32-r4)
(13/33) Installing dbus-libs (1.10.24-r0)
(14/33) Installing avahi-libs (0.6.32-r4)
(15/33) Installing gmp (6.1.2-r1)
(16/33) Installing nettle (3.3-r0)
(17/33) Installing libtasn1 (4.12-r3)
(18/33) Installing p11-kit (0.23.2-r2)
(19/33) Installing libunistring (0.9.7-r0)
(20/33) Installing gnutls (3.6.1-r0)
(20/33) Installing gnutls (3.6.1-r0)
(21/33) Installing cups-libs (2.2.5-r0)
(22/33) Installing jbig2dec (0.14-r0)
(23/33) Installing tiff (4.0.9-r4)
(24/33) Installing ghostscript (9.22-r0)
(25/33) Installing libxft (2.3.2-r2)
(25/33) Installing libxft (2.3.2-r2)
(26/33) Installing graphite2 (1.3.10-r0)
(27/33) Installing harfbuzz (1.6.3-r0)
(28/33) Installing pango (1.40.14-r0)
(29/33) Installing libcroco (0.6.12-r0)
(30/33) Installing shared-mime-info (1.9-r0)
(31/33) Installing gdk-pixbuf (2.36.10-r0)
(32/33) Installing librsvg (2.40.19-r0)
(31/33) Installing gdk-pixbuf (2.36.10-r0)
(32/33) Installing librsvg (2.40.19-r0)
(33/33) Installing imagemagick (7.0.7.11-r1)
Executing busybox-1.27.2-r11.trigger
Executing fontconfig-2.12.6-r0.trigger
Executing glib-2.54.2-r0.trigger
Executing shared-mime-info-1.9-r0.trigger
Executing gdk-pixbuf-2.36.10-r0.trigger
OK: 283 MiB in 240 packages
[cmd] apk exited 0
Signal handled: Terminated.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

 

1 hour ago, karateo said:

Ok next problem now!

I needed https://www.imagemagick.org/script/index.php

So I got into the docker and installed it using

apk add imagemagick

 

Now as I have already found from previous posts :)

after an update everything is cleared.

So I put the command in post arguments field but I get an error even it's being installed during docker start

 

(I didn't include the beginning of the log)

 

 

If you use a command in post arguments like that, the container executes that command and when the command exits, container shuts down

That's a docker thing.

 

Try mapping a file named 80-config into /etc/cont-init.d/ and in that file, put your apk add command

 

ie. "-v /path/to/80-config:/etc/cont-init.d/80-config" equivalent in dockerman

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.