tuxbass Posted January 6, 2017 Share Posted January 6, 2017 Not sure if this belongs here, but have you guys encountered a situation where you're unable to access pages from within your LAN? My nginx config routes all http traffic to https. When some machine in the LAN tries to access the server via mydomain.com, then the protocol can be seen to change to https (meaning server is reached), but then request times out. Everything is OK from outside the LAN and target service is reached. Checked router config - NAT loopback is enabled. What gives? Quote Link to comment
CHBMB Posted January 6, 2017 Share Posted January 6, 2017 Not sure if this belongs here, but have you guys encountered a situation where you're unable to access pages from within your LAN? My nginx config routes all http traffic to https. When some machine in the LAN tries to access the server via mydomain.com, then the protocol can be seen to change to https (meaning server is reached), but then request times out. Everything is OK from outside the LAN and target service is reached. Checked router config - NAT loopback is enabled. What gives? I can access pages from my LAN just fine, but I know some people can't, it may well be something your ISP has implemented and out of your control. Could test by using a VPN client out your LAN and then access your site. Quote Link to comment
JonathanM Posted January 6, 2017 Share Posted January 6, 2017 Not sure if this belongs here, but have you guys encountered a situation where you're unable to access pages from within your LAN? My nginx config routes all http traffic to https. When some machine in the LAN tries to access the server via mydomain.com, then the protocol can be seen to change to https (meaning server is reached), but then request times out. Everything is OK from outside the LAN and target service is reached. Checked router config - NAT loopback is enabled. What gives? I've seen that issue with loopback. Some routers don't like to play nice, do you have any loopback options you can play with? Try disabling loopback and see what happens. Quote Link to comment
tuxbass Posted January 6, 2017 Share Posted January 6, 2017 Not sure if this belongs here, but have you guys encountered a situation where you're unable to access pages from within your LAN? My nginx config routes all http traffic to https. When some machine in the LAN tries to access the server via mydomain.com, then the protocol can be seen to change to https (meaning server is reached), but then request times out. Everything is OK from outside the LAN and target service is reached. Checked router config - NAT loopback is enabled. What gives? I've seen that issue with loopback. Some routers don't like to play nice, do you have any loopback options you can play with? Try disabling loopback and see what happens. Interesting. Turned NAT loopback off and now mydomain.eu resolves. But - no cert is detected and browser deems the page insecure. Edit: scrap that - just tried from incognito window & another device - now it routes to router configuration landing page. Quote Link to comment
CHBMB Posted January 6, 2017 Share Posted January 6, 2017 Not sure if this belongs here, but have you guys encountered a situation where you're unable to access pages from within your LAN? My nginx config routes all http traffic to https. When some machine in the LAN tries to access the server via mydomain.com, then the protocol can be seen to change to https (meaning server is reached), but then request times out. Everything is OK from outside the LAN and target service is reached. Checked router config - NAT loopback is enabled. What gives? I've seen that issue with loopback. Some routers don't like to play nice, do you have any loopback options you can play with? Try disabling loopback and see what happens. Interesting. Turned NAT loopback off and now mydomain.eu resolves. But - no cert is detected and browser deems the page insecure. Edit: scrap that - just tried from incognito window & another device - now it routes to router configuration landing page. That's loopback in action..... try entering https://domain.com:443/ Quote Link to comment
tuxbass Posted January 6, 2017 Share Posted January 6, 2017 Not sure if this belongs here, but have you guys encountered a situation where you're unable to access pages from within your LAN? My nginx config routes all http traffic to https. When some machine in the LAN tries to access the server via mydomain.com, then the protocol can be seen to change to https (meaning server is reached), but then request times out. Everything is OK from outside the LAN and target service is reached. Checked router config - NAT loopback is enabled. What gives? I've seen that issue with loopback. Some routers don't like to play nice, do you have any loopback options you can play with? Try disabling loopback and see what happens. Interesting. Turned NAT loopback off and now mydomain.eu resolves. But - no cert is detected and browser deems the page insecure. Edit: scrap that - just tried from incognito window & another device - now it routes to router configuration landing page. That's loopback in action..... try entering https://domain.com:443/ Loopback turned off and navigating directly to https address does resolve the service again, but as mentioned previously, no certs are detected. And after entering the exception to enter anyways, I'm yet again greeted by the router landing page. Quote Link to comment
CHBMB Posted January 6, 2017 Share Posted January 6, 2017 You rebooted the router? Only other thing I can think of. Might be your ISP is the issue not your router settings? Quote Link to comment
tuxbass Posted January 6, 2017 Share Posted January 6, 2017 You rebooted the router? Only other thing I can think of. Might be your ISP is the issue not your router settings? Didn't reboot, as toggling the loopback obviously had an effect. Wouldn't ISP be to suspect when the service wasn't accessible from the WAN side, which is not my case? Quote Link to comment
CHBMB Posted January 6, 2017 Share Posted January 6, 2017 You rebooted the router? Only other thing I can think of. Might be your ISP is the issue not your router settings? Didn't reboot, as toggling the loopback obviously had an effect. Wouldn't ISP be to suspect when the service wasn't accessible from the WAN side, which is not my case? I dunno? But if it's not working from changing the router setting then I can't think of anything else. Quote Link to comment
Fma965 Posted January 10, 2017 Share Posted January 10, 2017 ok so im using the old docker by alptaca fine, i move over this to this (no copying of files etc) and all i get is this. Generating new certificate Failed authorization procedure. remote.cyanlabs.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for remote.cyanlabs.net IMPORTANT NOTES: - If you lose your account credentials, you can recover through e-mails sent to [email protected]. - The following errors were reported by the server: Domain: remote.cyanlabs.net Type: connection Detail: DNS problem: SERVFAIL looking up A for remote.cyanlabs.net To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. /var/run/s6/etc/cont-init.d/50-config: line 105: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. now if i stop this docker and launch the old one everything works fine still, i don't use A records though as i use CNAME's pointing to my own DDNS service running on a VPS edit: port 80 external is forwarded to 81 internal and 443 to 443. edit2: ok it seems letsencrypt or docker doesn't like cnames. any way around this? i'll add a A record each time certificate expires if required but if there is a automated way let me know. final edit: ok so my DDNS was being weird, switched to duckdns and all good. Quote Link to comment
aptalca Posted January 10, 2017 Share Posted January 10, 2017 The old one was still working fine because the certs didn't need to be renewed yet. It would likely break when they expired unless the ddns issue was resolved Quote Link to comment
jfrancais Posted January 11, 2017 Share Posted January 11, 2017 What version of nginx is included with this? does it support stream? I'd like to use this same docker to handle non http traffic as well. I'd like to have this handle vnc and ssh for certain domains. Is this possible? Quote Link to comment
aptalca Posted January 11, 2017 Share Posted January 11, 2017 What version of nginx is included with this? does it support stream? I'd like to use this same docker to handle non http traffic as well. I'd like to have this handle vnc and ssh for certain domains. Is this possible? https://pkgs.alpinelinux.org/package/v3.4/main/x86_64/nginx No stream mod in this version, but the next version will include it. No eta yet (currently testing it) Quote Link to comment
jfrancais Posted January 11, 2017 Share Posted January 11, 2017 Perfect, I look forward to it. Thanks for the great Docker! Quote Link to comment
razor Posted January 13, 2017 Share Posted January 13, 2017 In Aptalca's docker I was able to load simplexml_load_file() but in this version it does not appear to be enabled. I get the following error: "PHP message: PHP Warning: simplexml_load_file(): Unable to find the wrapper "https" - did you forget to enable it when you configured PHP?" Can this be enabled? Quote Link to comment
aptalca Posted January 13, 2017 Share Posted January 13, 2017 In Aptalca's docker I was able to load simplexml_load_file() but in this version it does not appear to be enabled. I get the following error: "PHP message: PHP Warning: simplexml_load_file(): Unable to find the wrapper "https" - did you forget to enable it when you configured PHP?" Can this be enabled? It seems you need the php5-openssl package/module. We'll add it shortly. Quote Link to comment
razor Posted January 13, 2017 Share Posted January 13, 2017 Awesome. Thanks for the quick reply. I manually added it and that was what I was missing. Sent from my SM-G930U using Tapatalk Quote Link to comment
endiz Posted January 14, 2017 Share Posted January 14, 2017 anyone have location settings for putting unraid behind nginx? Quote Link to comment
CHBMB Posted January 14, 2017 Share Posted January 14, 2017 anyone have location settings for putting unraid behind nginx? No, and if you're thinking of publishing your Unraid webui over the internet. Don't do it. Setup a VPN instead. Quote Link to comment
endiz Posted January 14, 2017 Share Posted January 14, 2017 Yea good point, I'll just ssh tunnel in if I need it. Thanks for your devoted support CHBMB, appreciate it. Quote Link to comment
endiz Posted January 15, 2017 Share Posted January 15, 2017 Has anyone tried creating a webdav folder using this docker? Would you mind sharing your nginx config for the webdav location? I'm looking to share a few unraid shares behind an htpasswd file. Quote Link to comment
jfrancais Posted January 16, 2017 Share Posted January 16, 2017 any chance stream got added to this new version? Still looking to be able to proxy connect to my VNC, etc. Quote Link to comment
mattekure Posted January 16, 2017 Share Posted January 16, 2017 I am trying to setup Nextcloud. I used the configuration below with the minor changes in port. When I try to access it at my subdomain, it forwards me to the default "Welcome to our server" page. In the nginx error log I see a bunch of 2017/01/16 14:58:51 [error] 329#0: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 192.168.1.1, serv 1 er: _, request: "GET /status.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "owncloud.mattekure.com" The nginx documentation here https://docs.nextcloud.com/server/9/admin_manual/installation/nginx_examples.html suggests a lot of fastcgi configs in the server {} block. I didnt see these in the config below, so I havnt put any in yet. Edit: didnt need to see the whole quoted topic. Quote Link to comment
CHBMB Posted January 16, 2017 Share Posted January 16, 2017 I am trying to setup Nextcloud. I used the configuration below with the minor changes in port. When I try to access it at my subdomain, it forwards me to the default "Welcome to our server" page. In the nginx error log I see a bunch of 2017/01/16 14:58:51 [error] 329#0: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 192.168.1.1, serv 1 er: _, request: "GET /status.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "owncloud.mattekure.com" The nginx documentation here https://docs.nextcloud.com/server/9/admin_manual/installation/nginx_examples.html suggests a lot of fastcgi configs in the server {} block. I didnt see these in the config below, so I havnt put any in yet. Be more helpful if you posted more of your own config files than mine, I know those ones, I use them, Quote Link to comment
mattekure Posted January 16, 2017 Share Posted January 16, 2017 Edit, I just saw a stupid mistake, disregard for now Sorry, I didnt change much, but here goes. I didnt make any changes to nginx.conf File "nextcloud" in nginx site-confs 1 server { 2 listen 80; 3 server_name owncloud.server.com; 4 return 301 https://$server_name$request_uri; 5 } 6 7 server { 8 listen 443 ssl; 9 server_name owncloud.server.com; 10 11 root /config/www; 12 index index.html index.htm index.php; 13 14 ###SSL Certificates 15 ssl_certificate /config/keys/letsencrypt/fullchain.pem; 16 ssl_certificate_key /config/keys/letsencrypt/privkey.pem; 17 18 ###DiffieHellman key exchange ### 19 ssl_dhparam /config/nginx/dhparams.pem; 20 21 ###SSL Ciphers 22 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-S 22 HA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SH 22 A384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA2 22 56:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNU 22 LL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 23 24 ###Extra Settings### 25 ssl_prefer_server_ciphers on; 26 ssl_session_cache shared:SSL:10m; 27 28 ### Add HTTP Strict Transport Security ### 29 add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; 30 add_header Front-End-Https on; 31 32 client_max_body_size 0; 33 34 location / { 35 proxy_pass https://192.168.0.1:4433/; 36 } 37 } config.php from nextcloud 1 <?php 2 $CONFIG = array ( 3 'memcache.local' => '\\OC\\Memcache\\APCu', 4 'datadirectory' => '/data', 5 'instanceid' => 'ocoh2ii67wmp', 6 'passwordsalt' => 'i+gdNt8CcyS8B+D7EKwTldfUxUDhYb', 7 'secret' => 'xxxx', 8 'trusted_domains' => 9 array ( 10 0 => '192.168.1.9:4433', 11 1 => 'owncloud.mattekure.com', 12 ), 13 'overwrite.cli.url' => 'https://owncloud.mattekure.com', 14 'overwritehost' => 'owncloud.mattekure.com', 15 'overwriteprotocol' => 'https', 16 'dbtype' => 'mysql', 17 'version' => '9.1.0.16', 18 'dbname' => 'nextcloud', 19 'dbhost' => '192.168.1.9', 20 'dbport' => '', 21 'dbtableprefix' => 'oc_', 22 'dbuser' => 'nextcloud', 23 'dbpassword' => 'xxxxxx', 24 'logtimezone' => 'UTC', 25 'installed' => true, 26 'mail_smtpmode' => 'smtp', 27 'mail_smtpsecure' => 'tls', 28 'mail_from_address' => 'xxxxxx', 29 'mail_domain' => 'gmail.com', 30 'mail_smtpauthtype' => 'LOGIN', 31 'mail_smtpauth' => 1, 32 'mail_smtphost' => 'xxxx', 33 'mail_smtpport' => '587', 34 'mail_smtpname' => 'xxxx', 35 'mail_smtppassword' => 'xxxxx', 36 ); Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.