August 7, 20187 yr 5 minutes ago, CHBMB said: IP addresses and server name do need to be changed satisfy any; allow 192.168.0.0/24; deny all; This bit just means it can only be accessed by clients on the 192.168.0.0 subnet. (My LAN) Yeah i figured i get no errors in the logs but i get the Welcome to our server message i tried both ways. https://unifi.myserver.us:8843/ https://unifi.myserver.us Do you know if there is a way to run both controllers at the same time ???? i cant get to recognize my backup file since the mismatch versions ... and then i am lost dont know what to do
August 7, 20187 yr 1 minute ago, shremi said: Yeah i figured i get no errors in the logs but i get the Welcome to our server message i tried both ways. https://unifi.myserver.us:8843/ https://unifi.myserver.us Do you know if there is a way to run both controllers at the same time ???? i cant get to recognize my backup file since the mismatch versions ... and then i am lost dont know what to do Have you restarted the container?
August 7, 20187 yr 4 minutes ago, CHBMB said: Have you restarted the container? Ya both of them several times XD
August 7, 20187 yr 2 minutes ago, CHBMB said: And you've saved that file as unifi in /config/nginx/site-confs/ Ohhhh that might be the issue i followed eds video but he never mentioned to save the files on the site folder we used the proxy confgs folder..... how should i name the file????
August 7, 20187 yr Just now, shremi said: Ohhhh that might be the issue i followed eds video but he never mentioned to save the files on the site folder we used the proxy confgs folder..... how should i name the file???? 4 minutes ago, CHBMB said: And you've saved that file as unifi
August 7, 20187 yr 12 minutes ago, CHBMB said: And you've saved that file as unifi in /config/nginx/site-confs/ You are a rockstar!!!!! It works...... Thank you so much for this.....
August 8, 20187 yr After latest update letsencrypt tries challenge now on http port not https. https://pastebin.com/1PNLnSwG Edited August 8, 20187 yr by ufo56
August 8, 20187 yr 16 minutes ago, ufo56 said: After latest update letsencrypt tries challenge now on http port not https. https://pastebin.com/1PNLnSwG Post your docker run command, there's nothing wrong with the container. So it's got to be something your end. I suspect you've run into the fact that letsencrypt has changed it's auth protocols. Details in the read me. https://github.com/linuxserver/docker-letsencrypt#parameters Edited August 8, 20187 yr by CHBMB
August 8, 20187 yr 1 hour ago, CHBMB said: Post your docker run command, there's nothing wrong with the container. So it's got to be something your end. I suspect you've run into the fact that letsencrypt has changed it's auth protocols. Details in the read me. https://github.com/linuxserver/docker-letsencrypt#parameters Thank you for link. Auth protocol mistake it is. Changed to cloudflare.
August 8, 20187 yr Firstly great work on the docker, the preconfigured proxy files make NGINX so easy to setup. I did a search but nothing came up so i thought i’d Ask the question, is there an easy way to enable Modsecurity. There are some public dockers intergrating it with nginx and it seems to add an extra layer of protection given it stops some attacks for the end applications being proxied. ModSecurity protects against attacks by looking for: SQL Injection Insuring the content type matches the body data. Protection against malformed POST requests. HTTP Protocol Protection Real-time Blacklist Lookups HTTP Denial of Service Protections Generic Web Attack Protection Error Detection and Hiding Is there an easy way to load in the module myself, maybe someone here has done it before ?
August 9, 20187 yr I am really stumped with this whole project. I'm new to web servers and reverse proxies and don;t know much more than basic networking stuff. But thanks to the tutorial and this forum I have Letsencrypt and nginx running with my own domain and it all works except for one big problem that I mentioned earlier in this thread - I frequently experience a 20-25 second delay before the page loads for any of my sites. It doesn't happen all the time. Sometimes it goes straight to the site but other times after typing the url and hitting enter, nothing happens for 20-25 seconds and then the page loads. I have talked to a couple different people (one on the Emby forums and one on the HardOCP forums) who were very nice and spent quite a bit of time trying to help me with no luck. Since I first started experiencing this problem I have: rebuilt my Unraid server with all new hardware except for the hard drives deleted the Letsencrypt container and appdata folder and reinstalled and configured from scratch used my old Unraid hardware(Xeon E3-1230 with 32GB RAM) to replace my the hardware (old Celeron with 2GB RAM) in my standalone pfSense computer and reinstalled and configured it from scratch None of that changed a thing. The couple people that spent a good deal of time helping me each linked to different posts about nginx being very slow in Docker. I posted one of those here and was told that someone uses nginx in Docker to run production sites and nobody else has commented about experiencing the same thing I am. They suggested that I try installing nginx on a separate machine as a test. My problem is that I really don't know how to do that. Like I said, I was very dependent on tutorials and help to get this working and with Linuxserver bundling Letsencrypt/nginx together and Unraid's nice and easy template system it looks a lot different than a "normal" setup. This is really frustrating and is killing the user experience for my family and friends trying to use Emby and Ombi as both time out a lot due to the delay and they have a hard time accessing either. Any help or ideas would be greatly appreciated. Edited August 9, 20187 yr by RockDawg
August 9, 20187 yr Where is your appdata located on the server? Cache or array? HDD or SSD?Sent from my Mi A1 using Tapatalk
August 9, 20187 yr On 8/6/2018 at 10:05 AM, gridrunner said: Finally, finished making my video on setting up a reverse proxy. Hope it helps people who haven't set it up before Hello @Gridrunner. I have successfully port forwarded the services, mapped the CNAME's to the DNS record in DuckDNS and also verified the certificates are working as per logs. I get the NGINX landing page for both Binhex-Sonarr and Binhex-radarr when I attempt browse to the CNAME's. So quite obviously DNS, CNAME and port fowarding are working. I have double check both config (sonarr.subdomain.conf and radarr.subdomain.conf) files, they appear to be OK. See below extract: # make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url # to enable password access, uncomment the two auth_basic lines server { listen 443 ssl; server_name sonarr.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_sonarr binhex-sonarr; proxy_pass http://$upstream_sonarr:8989; } } Please advise. Enver
August 9, 20187 yr 6 hours ago, CHBMB said: Where is your appdata located on the server? Cache or array? HDD or SSD? Sent from my Mi A1 using Tapatalk If that question was for me, my appdata is on an SSD that is my cache drive. I don't use the mover or anything so the only thing my cache drive does is handle the appdata for my containers. Edited August 9, 20187 yr by RockDawg
August 9, 20187 yr So, would like to get slack notifications from fail2ban. Preferrably with geo lookup. Tried this but to no avail. https://gist.github.com/Dman46/92178d519a7b3ea1e49cbcb7b8fda954 Error messages regarding commands missing. Anyone up and running with slack notifications (with or without geo lookup) on the letsencrypt container that could give some direction? Best regards. Edited August 9, 20187 yr by M203 Spelling.
August 9, 20187 yr 7 hours ago, Enver said: Hello @Gridrunner. I have successfully port forwarded the services, mapped the CNAME's to the DNS record in DuckDNS and also verified the certificates are working as per logs. I get the NGINX landing page for both Binhex-Sonarr and Binhex-radarr when I attempt browse to the CNAME's. So quite obviously DNS, CNAME and port fowarding are working. I have double check both config (sonarr.subdomain.conf and radarr.subdomain.conf) files, they appear to be OK. See below extract: # make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url # to enable password access, uncomment the two auth_basic lines server { listen 443 ssl; server_name sonarr.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_sonarr binhex-sonarr; proxy_pass http://$upstream_sonarr:8989; } } Please advise. Enver 13 Hi @Enver Firstly are sonarr and radarr on a custom user defined docker network? I see that from the above config that you have removed the hash tags before the auth_ parts to use a password. have you created that in the container itself by running htpasswd -c /config/nginx/.htpasswd <yourusername> personally i didnt have luck using both .htpasswd file with sonarr and sonarr's own password system it just didnt seem to work for me. Not sure why? But i am sure the devs here could shed light on as to why. So i only use sonarr's password in that container without .htpasswd. I should try and get it working without the htpasswd first then add that later when you are sure it works fine.
August 9, 20187 yr 3 hours ago, RockDawg said: If that question was for me, my appdata is on an SSD that is my cache drive. I don't use the mover or anything so the only thing my cache drive does is handle the appdata for my containers. Yeah, it was just a thought as the only time I saw this kind of behaviour was when some appdata was on the array and on a spinning rust cache drive, so it took some time to grab the info. Checked the logs in /config/log/nginx?
August 10, 20187 yr 7 hours ago, gridrunner said: Hi @Enver Firstly are sonarr and radarr on a custom user defined docker network? I see that from the above config that you have removed the hash tags before the auth_ parts to use a password. have you created that in the container itself by running htpasswd -c /config/nginx/.htpasswd <yourusername> personally i didnt have luck using both .htpasswd file with sonarr and sonarr's own password system it just didnt seem to work for me. Not sure why? But i am sure the devs here could shed light on as to why. So i only use sonarr's password in that container without .htpasswd. I should try and get it working without the htpasswd first then add that later when you are sure it works fine. Hello @gridrunner For simplicity sake I have added back the hash tags for the auth and password lines. Yes, both dockers are running on the same logical network as the NGINX docker. I have restarted, Letsencrypt, Sonarr and Radarr but the behaviour is the same..... How do I check that DNS resolution between dockers is working? <- Its the only thing I can think of that may be contributing to the problem. I would have assumed the default behavior for unRAID was for the host to manage the DNS resolution between docker containers? Let me know your thoughts. Thanks, Enver Edited August 10, 20187 yr by Enver
August 10, 20187 yr Does anyone know how to set it up one of the following ways, a) using manual mode, so it provides the instructions to setup the dns records to validate that way b) https authentication, not http, as my isp blocks port 80 but don't block 443 c) a dns authentication using a plugin that works would with with dynu.com (dynamic dns provider). I am using my own domain, not just using sub domains on a shared domain. Cheers Edit: I switched over to cloudfare after I learned I could use the dns management on a free account and got this working that way. It would however still be nice to know, maybe for others, if you can do at least a and b. Edited August 10, 20187 yr by GoChris
August 10, 20187 yr 2 hours ago, GoChris said: Does anyone know how to set it up one of the following ways, a) using manual mode, so it provides the instructions to setup the dns records to validate that way b) https authentication, not http, as my isp blocks port 80 but don't block 443 c) a dns authentication using a plugin that works would with with dynu.com (dynamic dns provider). I am using my own domain, not just using sub domains on a shared domain. Cheers Edit: I switched over to cloudfare after I learned I could use the dns management on a free account and got this working that way. It would however still be nice to know, maybe for others, if you can do at least a and b. a) is not supported by this image b) is currently not supported by letsencrypt due to the vulnerability
August 10, 20187 yr a) is not supported by this image b) is currently not supported by letsencrypt due to the vulnerabilityCloudflare is the way to go if the ISP blocks Port 80Sent from my BND-L34 using Tapatalk
August 11, 20187 yr On 8/9/2018 at 1:44 PM, CHBMB said: Yeah, it was just a thought as the only time I saw this kind of behaviour was when some appdata was on the array and on a spinning rust cache drive, so it took some time to grab the info. Checked the logs in /config/log/nginx? It turns out the delay issue turns out to have been Namechep's nameservers. Somebody replied to me on HardOCP that they run a forum and had all kinds of issues when using Namecheap's nameservers. So I signed up for a free account at Cloudflare and entered their nameserver addresses in my Namecheap account and I haven't had an issue since.
August 11, 20187 yr Just now, RockDawg said: It turns out the delay issue turns out to have been Namechep's nameservers. Somebody replied to me on HardOCP that they run a forum and had all kinds of issues when using Namecheap's nameservers. So I signed up for a free account at Cloudflare and entered their nameserver addresses in my Namecheap account and I haven't had an issue since. That's interesting, I use Namecheap and up until this week used their nameservers and never had an issue. Switched to cloudflare now, just so I can get a wildcard cert, nothing to do with performance.
August 11, 20187 yr My reverse proxies just stopped working and it appears that LetsEncrpyt container is to blame. No errors were logged, but I assume it has something to do with the tls-sni validation change. I set up a new container and it was not able to create the cert using http (port 80 is blocked by ISP). I set up this docker long ago before the auth/validation changes and it appears that I will have to use the DNS validation option. I currently host domains with Google domains and Namecheap. I would rather not switch for simplicity and because I use their email forwarding services (and do not want any email interruptions). Is there anyway to setup validation with Google Domains or Namecheap? I couldn't find a README
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.