July 5, 20187 yr I am using the preset. The only thing I changed was the port number of the proxy pass :server { listen 443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:444/;
July 6, 20187 yr 2 hours ago, bmdegraaf said: I am using the preset. The only thing I changed was the port number of the proxy pass : server { listen 443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:444/; You're not supposed to change the port It tells you what you need to do at the top. It does not tell you to change the port ? Edited July 6, 20187 yr by aptalca
July 6, 20187 yr Having troubles with the LE container All i did was edit the site-config/default and uncomment the 80 to 443 redirect with nano. [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 Server ready nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 -edit- Found the culprit. All the proxy-conf subfolder conf files have a /servicename and organizr just has the / Edited July 6, 20187 yr by Tuumke Found the problem
July 6, 20187 yr You're not supposed to change the port It tells you what you need to do at the top. It does not tell you to change the port [emoji6]Changed the port back to 443 ! And it works!Sent from my iPhone using Tapatalk
July 6, 20187 yr 1 hour ago, Tuumke said: Having troubles with the LE container All i did was edit the site-config/default and uncomment the 80 to 443 redirect with nano. [cont-init.d] 50-config: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 Server ready nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 nginx: [emerg] duplicate location "/" in /config/nginx/site-confs/default:28 -edit- Found the culprit. All the proxy-conf subfolder conf files have a /servicename and organizr just has the / https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/proxy-confs/organizr.subfolder.conf.sample#L2 ?
July 6, 20187 yr Yes! Or change the organizr to /organizr? But then i need to see if i can somehow edit the base of organizr..
July 6, 20187 yr Im getting emails from letsencrypt about my certs expiring soon, do i need to do anything or does it take care of it on its own?
July 6, 20187 yr 3 minutes ago, hermy65 said: Im getting emails from letsencrypt about my certs expiring soon, do i need to do anything or does it take care of it on its own? Have you recently made any changes from say registering specific subdomains to now using wildcards? Also, I believe the certs need to renew every 90 days so if you haven't rebooted your container within the past 90 days you may be nearing that deadline.
July 6, 20187 yr 3 minutes ago, IamSpartacus said: Have you recently made any changes from say registering specific subdomains to now using wildcards? Also, I believe the certs need to renew every 90 days so if you haven't rebooted your container within the past 90 days you may be nearing that deadline. no need to reboot the container as there's a cronjob that checks for renewal of the certs
July 6, 20187 yr 22 minutes ago, sparklyballs said: no need to reboot the container as there's a cronjob that checks for renewal of the certs Oh, good to know.
July 13, 20187 yr hi on the instructions it states to forward port you using for this container to the docker host in your router. i have got the container listening on specific ip on bridgemode and my router can see this IP for the container. so got forwarding configured. however nginx does not seem to start at all. i have a custom config in site-config running netstat shows nginx not running any ideas? Edited July 13, 20187 yr by nekromantik
July 13, 20187 yr 25 minutes ago, nekromantik said: hi on the instructions it states to forward port you using for this container to the docker host in your router. i have got the container listening on specific ip on bridgemode and my router can see this IP for the container. so got forwarding configured. however nginx does not seem to start at all. i have a custom config in site-config running netstat shows nginx not running any ideas? Docker run command and logs
July 13, 20187 yr 52 minutes ago, CHBMB said: Docker run command and logs So docker logs show it cant connect to port 80 for validation. Its not my router as other ports I have forwarded from WAN work. Does the container run iptables so blocking all incoming connections?
July 14, 20187 yr 8 hours ago, nekromantik said: So docker logs show it cant connect to port 80 for validation. Its not my router as other ports I have forwarded from WAN work. Does the container run iptables so blocking all incoming connections? No, something else is blocking port 80. Check your ISP isn't blocking port 80. This isn't a container issue, it's an issue outside the container. Nginx won't start unless LetsEncrypt completes validation.
July 14, 20187 yr 7 hours ago, CHBMB said: No, something else is blocking port 80. Check your ISP isn't blocking port 80. This isn't a container issue, it's an issue outside the container. Nginx won't start unless LetsEncrypt completes validation. Got that issue fixed. It was not ISP blocking, it was router not forwarding 80 so changed to 8080 on container and forwarding from 80 to 8080. But now I am getting 404 not found error when it tried to validate. here is log [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=99 PGID=100 TZ=Europe/London URL=nekromantik.io SUBDOMAINS=www,nextcloud EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= [email protected] STAGING= Backwards compatibility check. . . No compatibility action needed 2048 bit DH parameters present SUBDOMAINS entered, processing SUBDOMAINS entered, processing Sub-domains processed are: -d www.nekromantik.io -d nextcloud.nekromantik.io E-mail address entered: [email protected] http validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for nekromantik.io http-01 challenge for nextcloud.nekromantik.io http-01 challenge for www.nekromantik.io Waiting for verification... Cleaning up challenges Failed authorization procedure. www.nekromantik.io (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.nekromantik.io/.well-known/acme-challenge/M7U5BloCEAFN4O9RC8nGjDfF5R_xrIfpQ35lDaKE1x8: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.nekromantik.io Type: unauthorized Detail: Invalid response from http://www.nekromantik.io/.well-known/acme-challenge/M7U5BloCEAFN4O9RC8nGjDfF5R_xrIfpQ35lDaKE1x8: "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
July 14, 20187 yr Got that fixed. Switched to DNS validation via Cloudflare instead. much easier as no need to open port 80 anymore. thanks Edited July 14, 20187 yr by nekromantik
July 16, 20187 yr Quote nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/config/keys/cert.crt" I wondered if anything had changed recently and I've missed it? I am using http validation. The odd thing is, I have not pointed any configs to that cert as the letsencrypt certs are elsewhere.... Thanks Edited July 16, 20187 yr by local.bin
July 19, 20187 yr Request for support for the ngx_stream_geoip module to be added please. load_module modules/ngx_stream_geoip_module.so; --with-stream_geoip_module Thanks for the consideration. Edit: I added apk add nginx-mod-stream-geoip which seamed to solve the module loading issue. Edited July 19, 20187 yr by local.bin
July 19, 20187 yr 2 hours ago, local.bin said: Request for support for the ngx_stream_geoip module to be added please. load_module modules/ngx_stream_geoip_module.so; --with-stream_geoip_module Thanks for the consideration. Edit: I added apk add nginx-mod-stream-geoip which seamed to solve the module loading issue. It's already in there: https://github.com/linuxserver/docker-letsencrypt/blob/master/Dockerfile#L36
July 19, 20187 yr 36 minutes ago, aptalca said: It's already in there: https://github.com/linuxserver/docker-letsencrypt/blob/master/Dockerfile#L36 Mhh that's strange as it failed to load until I added the apk and when I added it again it said it was already installed; which it didn't do the first time.
July 20, 20187 yr Are you supposed to be able to see the default index.html landing page even if there are errors loading certs? I have the ports forwarded on my firewall, but even if I go to the local ip:port I don't get anything like I do if I just load up a plain nginx docker. I just get the default "This site can’t be reached" page in chrome. and I also tried using a custom br0 interface so this docker would get it's own IP and could use port 80 and 443 on it's own and still no landing page. Here's the error I'm getting, but I fear it's because nginx isn't starting up correctly for some reason. Failed authorization procedure. zyphermonkey.strangled.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://zyphermonkey.strangled.net/.well-known/acme-challenge/0FLixOl9CLlYQEihDp7YvgO-I6GnyYZGjM7Jvb2Vvjg: Timeout during connect (likely firewall problem) and Domain: zyphermonkey.strangled.net Type: connection Detail: Fetching http://zyphermonkey.strangled.net/.well-known/acme-challenge/0FLixOl9CLlYQEihDp7YvgO-I6GnyYZGjM7Jvb2Vvjg: Timeout during connect (likely firewall problem)
July 20, 20187 yr 3 minutes ago, zyphermonkey said: Are you supposed to be able to see the default index.html landing page even if there are errors loading certs? No.
July 20, 20187 yr Okay so I got that part fixed. I have no idea how it happened but the "container ports" got changed to match the "host ports" and obviously nothing worked after that. Now I'm trying to set up some subfolder services and the only way I can get them to work without getting a 500 error is to have the following with a lot of the default settings commented out. I don't think I should be doing this. Is there something I need to configure in proxy.conf to get the default way to work? # first go into tautulli settings, under "Web Interface", click on show advanced, set the HTTP root to /tautulli and restart the tautulli container # to enable password access, uncomment the two auth_basic lines location /tautulli { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; # resolver 127.0.0.11 valid=30s; # set $upstream_tautulli tautulli; # proxy_pass http://$upstream_tautulli:8181; proxy_pass http://192.168.1.10:8282; }
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.