Timbiotic Posted March 2, 2018 Posted March 2, 2018 On 1/26/2018 at 2:02 AM, unRaide said: Hi @Fma965! I’m looking to take a stab at setting this up based on your guide and I’m wondering if anything’s change with the latest 6.4 release? Do we still need to install the LE docker? Should we use the Unraid UI to provision th SSL certificate? Still trying to figure this all out Any luck? I am not able to get this working with 6.4 so far and I wonder if the new SSL capabilities and native nginx is fighting with it. Quote
cablecutter Posted March 21, 2018 Posted March 21, 2018 Hi @Fma965, Thank you very much for writing this guide. I have reached step 6 on the Nginx configuration page, and was curious what was meant by: "You also need to set the settings for these services, the webdir, webroot or base directory need to be set to the relevant paths." Best, Rob Quote
Fma965 Posted March 22, 2018 Author Posted March 22, 2018 15 hours ago, cablecutter said: Hi @Fma965, Thank you very much for writing this guide. I have reached step 6 on the Nginx configuration page, and was curious what was meant by: "You also need to set the settings for these services, the webdir, webroot or base directory need to be set to the relevant paths." Best, Rob You just need to make sure you have the "URL Base" set correctly, sometimes called a webroot or base url in the settings for the application, e.g sonarr is URL Base Quote
Fma965 Posted March 22, 2018 Author Posted March 22, 2018 On 02/03/2018 at 8:48 PM, Timbiotic said: Any luck? I am not able to get this working with 6.4 so far and I wonder if the new SSL capabilities and native nginx is fighting with it. i have tested this on 6.4 fine, make sure you aren't using ports 80 or 443 and instead use like port 444 and 81 and then in your router forward external port 80/443 to 81/444 on your device ip. Quote
Fma965 Posted March 22, 2018 Author Posted March 22, 2018 GUIDE UPDATED WITH CHANGE TO PORT NUMBERS TO WORK ON 6.4 Described in my post reply above. Quote
Yak Posted March 25, 2018 Posted March 25, 2018 Thanks for updating your guide, but I'm facing an issue with the port numbers. You suggest using port 444 but that is used by Nextcloud. Will any other port number do? Quote
Fma965 Posted March 26, 2018 Author Posted March 26, 2018 (edited) 16 hours ago, Yak said: Thanks for updating your guide, but I'm facing an issue with the port numbers. You suggest using port 444 but that is used by Nextcloud. Will any other port number do? it can be any port so for example 5363 to 443 is fine, but you then need to pass port 443 on your router to 5363 aswell. Edited March 26, 2018 by Fma965 Quote
Sinister Posted April 15, 2018 Posted April 15, 2018 can someone please help i have been headbutting a wall trying to figure out how to setup owncloud with the guide i found here https://blog.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/ everything is smooth until its time to setup the letsencrypt and create the necessary files for this to work im not sure what im doing wrong can someone please chime in im using the dlandon container of owncloud Quote
JonathanM Posted April 15, 2018 Posted April 15, 2018 11 hours ago, Sinister said: can someone please help i have been headbutting a wall trying to figure out how to setup owncloud with the guide i found here https://blog.linuxserver.io/2017/05/10/installing-nextcloud-on-unraid-with-letsencrypt-reverse-proxy/ Does it work if you follow the tutorial precisely and use nextcloud instead of owncloud? Quote
Yak Posted April 15, 2018 Posted April 15, 2018 Well I've been round the houses with this one and it's doing my head in. DuckDNS is set up and I've verified the IP address is correct, ports are all forwarded correctly on the router but when I try to start letsencrypt I get the following: Failed authorization procedure. mydomain.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.duckdns.org/.well-known/acme-challenge/E3ZN95mMHuiQsHBzilKsymto0f6ybp756Ov40EKvXkY: "<html> I've searched the web for days and I'm getting nowhere Any ideas? Quote
Fma965 Posted April 16, 2018 Author Posted April 16, 2018 12 hours ago, Yak said: Well I've been round the houses with this one and it's doing my head in. DuckDNS is set up and I've verified the IP address is correct, ports are all forwarded correctly on the router but when I try to start letsencrypt I get the following: Failed authorization procedure. mydomain.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.duckdns.org/.well-known/acme-challenge/E3ZN95mMHuiQsHBzilKsymto0f6ybp756Ov40EKvXkY: "<html> I've searched the web for days and I'm getting nowhere Any ideas? you either have your domain not working correctly on duckdns or your router ports are not forwarded correctly or your docker ports are not correct. to clarify you need to forward port 80 and 443 to the ports of your letsencrypt docker Quote
adoucette Posted April 24, 2018 Posted April 24, 2018 On 9/14/2017 at 5:08 PM, isvein said: have anyone tried this with the Minio docker and make it work? I get it to work from a browser, but when I try to connect a backup client to the proxy adress I get " cause="Signature does not match" source="[auth-handler.go:122:checkRequestAuthType()]" " Edit: I found the answer here: https://docs.minio.io/docs/setup-nginx-proxy-with-minio so I added this: server { listen 443 ssl default_server; server_name domain.name.; location / { # include /config/nginx/proxy.conf; proxy_set_header Host $http_host; proxy_pass http://192.168.0.2:50001; } I have not made it work with an /location ISvein, Would you be willing to post a screenshot of your LetsEncrypt settings that makes it work with Minio? Thanks, Ari Quote
Yak Posted April 26, 2018 Posted April 26, 2018 On 16/04/2018 at 10:05 AM, Fma965 said: you either have your domain not working correctly on duckdns or your router ports are not forwarded correctly or your docker ports are not correct. to clarify you need to forward port 80 and 443 to the ports of your letsencrypt docker Yeah, had my port forwarding arse about face. All working now, thank you Quote
mbezzo Posted July 1, 2018 Posted July 1, 2018 Hi, I've got all this setup and working great with my own domain - thanks Fma965!! One question I can't seem to find an answer to is simply: Is there a way to force https for all sites? So, right now if I go to my site http://www.mydomain.com/sonarr - it works just fine. Likewise, if I go to https://www.mydomain.com/sonarr - it also works. I want the http to redirect to https for all of my /WhateverAppsAreInstalled - can someone point me in the right direction? I tried changing my default conf file from: location /sonarr { include /config/nginx/proxy.conf; proxy_pass http://10.0.1.21:8989/sonarr; } to location /sonarr { include /config/nginx/proxy.conf; proxy_pass https://10.0.1.21:9898/sonarr; } But that didn't work! Any ideas? Thanks everyone!!!! Quote
aptalca Posted July 1, 2018 Posted July 1, 2018 21 minutes ago, mbezzo said: Hi, I've got all this setup and working great with my own domain - thanks Fma965!! One question I can't seem to find an answer to is simply: Is there a way to force https for all sites? So, right now if I go to my site http://www.mydomain.com/sonarr - it works just fine. Likewise, if I go to https://www.mydomain.com/sonarr - it also works. I want the http to redirect to https for all of my /WhateverAppsAreInstalled - can someone point me in the right direction? I tried changing my default conf file from: location /sonarr { include /config/nginx/proxy.conf; proxy_pass http://10.0.1.21:8989/sonarr; } to location /sonarr { include /config/nginx/proxy.conf; proxy_pass https://10.0.1.21:9898/sonarr; } But that didn't work! Any ideas? Thanks everyone!!!! https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/default#L4 Quote
jang430 Posted July 10, 2018 Posted July 10, 2018 Hi. I can't get this to work. Logs on letsencrypt says: Backwards compatibility check. . .No compatibility action needed2048 bit DH parameters presentSUBDOMAINS entered, processingSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d jxxxx1.duckdns.orgE-mail address entered: [email protected]http validation is selectedGenerating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator standalone, Installer NoneObtaining a new certificatePerforming the following challenges:http-01 challenge for jxxxxx1.duckdns.orgWaiting for verification...Cleaning up challengesFailed authorization procedure. jxxxx1.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://jxxxxx1.duckdns.org/.well-known/acme-challenge/PwoD5ycQWe5M5Azj-oXI-x0v60wOQmwllxm-fXr4Iio: Timeout during connect (likely firewall problem)IMPORTANT NOTES:- The following errors were reported by the server:Domain: jxxxxx1.duckdns.orgType: connectionDetail: Fetchinghttp://jxxxxx1.duckdns.org/.well-known/acme-challenge/PwoD5ycQWe5M5Azj-oXI-x0v60wOQmwllxm-fXr4Iio:Timeout during connect (likely firewall problem)To fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address. Additionally, please check thatyour computer has a publicly routable IP address and that nofirewalls are preventing the server from communicating with theclient. If you're using the webroot plugin, you should also verifythat you are serving files from the webroot path you provided.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Hope some of you can shed some light. Quote
Fma965 Posted July 10, 2018 Author Posted July 10, 2018 12 minutes ago, jang430 said: Hi. I can't get this to work. Logs on letsencrypt says: Backwards compatibility check. . .No compatibility action needed2048 bit DH parameters presentSUBDOMAINS entered, processingSUBDOMAINS entered, processingOnly subdomains, no URL in certSub-domains processed are: -d jxxxx1.duckdns.orgE-mail address entered: [email protected]http validation is selectedGenerating new certificateSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator standalone, Installer NoneObtaining a new certificatePerforming the following challenges:http-01 challenge for jxxxxx1.duckdns.orgWaiting for verification...Cleaning up challengesFailed authorization procedure. jxxxx1.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://jxxxxx1.duckdns.org/.well-known/acme-challenge/PwoD5ycQWe5M5Azj-oXI-x0v60wOQmwllxm-fXr4Iio: Timeout during connect (likely firewall problem)IMPORTANT NOTES:- The following errors were reported by the server:Domain: jxxxxx1.duckdns.orgType: connectionDetail: Fetchinghttp://jxxxxx1.duckdns.org/.well-known/acme-challenge/PwoD5ycQWe5M5Azj-oXI-x0v60wOQmwllxm-fXr4Iio:Timeout during connect (likely firewall problem)To fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address. Additionally, please check thatyour computer has a publicly routable IP address and that nofirewalls are preventing the server from communicating with theclient. If you're using the webroot plugin, you should also verifythat you are serving files from the webroot path you provided.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Hope some of you can shed some light. Firstly thanks for adding so much info You have your port forwards backward. should be 443 to 444 and 80 to 81 not the other way around. 1 Quote
jang430 Posted July 10, 2018 Posted July 10, 2018 Hi. Sorry for adding so much info. BTW, inverted the order, still the same error. Quote
Fma965 Posted July 10, 2018 Author Posted July 10, 2018 11 minutes ago, jang430 said: Hi. Sorry for adding so much info. BTW, inverted the order, still the same error. don't be sorry it's good. Then your dynamic dns may not be up to date with your IP. or your unraid isn't 192.168.1.104 Quote
JonathanM Posted July 10, 2018 Posted July 10, 2018 5 minutes ago, Fma965 said: don't be sorry it's good. Then your dynamic dns may not be up to date with your IP. or your unraid isn't 192.168.1.104 Or your ISP may be blocking port 80 incoming. Quote
jang430 Posted July 10, 2018 Posted July 10, 2018 Hi. But it is. I also restarted my duckdns docker container. Quote
Fma965 Posted July 10, 2018 Author Posted July 10, 2018 6 minutes ago, jang430 said: Hi. But it is. I also restarted my duckdns docker container. yeah it could be your ISP is blocking port 80 / 443 incoming Quote
jang430 Posted July 10, 2018 Posted July 10, 2018 Anything I can do with it? Any other confirmation I can do? I'd really like to get this working. Did I do everything right so far from posts above? Maybe I made some slight mistake Quote
Fma965 Posted July 10, 2018 Author Posted July 10, 2018 7 minutes ago, jang430 said: Anything I can do with it? Any other confirmation I can do? I'd really like to get this working. Did I do everything right so far from posts above? Maybe I made some slight mistake contact your ISP, everything else looks fine, send me a updated screenshot of your router port forwarding just to be sure. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.