jang430 Posted July 10, 2018 Posted July 10, 2018 Unfortunately, my ISP tries to block whatever they can, and no other way to get them to cooperate. Quote
Fma965 Posted July 10, 2018 Author Posted July 10, 2018 2 minutes ago, jang430 said: Unfortunately, my ISP tries to block whatever they can, and no other way to get them to cooperate. run the nginx docker (by linuxserver without all the SSL letsnecrypt stuff) and map it as port 81 in docker then see if you can access the nginx web page from your ip and from your duckdns domain. Quote
jang430 Posted July 10, 2018 Posted July 10, 2018 I guess this means it's working. So Duckdns is having issue? Got to go, but please leave me a message if you see this. Quote
Fma965 Posted July 10, 2018 Author Posted July 10, 2018 (edited) 9 minutes ago, jang430 said: I guess this means it's working. So Duckdns is having issue? Got to go, but please leave me a message if you see this. no you need to access it from your external IP or from your DNS not from the 192.168.1.104 address so you need to forward port 80 on your router to 85 and then try it from your duck dns address Edited July 10, 2018 by Fma965 1 Quote
JonathanM Posted July 10, 2018 Posted July 10, 2018 Also, your example url shows the webserver answering on port 85, so for this test to be valid you need to change the internal port forward to 85 so it maps to the working server. 1 Quote
Fma965 Posted July 10, 2018 Author Posted July 10, 2018 Just now, jonathanm said: Also, your example url shows the webserver answering on port 85, so for this test to be valid you need to change the internal port forward to 85 so it maps to the working server. just edited to say that before you posted but yeah Quote
jang430 Posted July 10, 2018 Posted July 10, 2018 Hi. It works! I forwarded port 80 to internal port 85, and shows the same display screen above. I accessed from outside the house, via IP, and via jxxxxx1.duckdns.org, with same successful result. May I know what to do next? Quote
JonathanM Posted July 10, 2018 Posted July 10, 2018 2 hours ago, jang430 said: Hi. It works! I forwarded port 80 to internal port 85, and shows the same display screen above. I accessed from outside the house, via IP, and via jxxxxx1.duckdns.org, with same successful result. May I know what to do next? Without changing anything in the router, try changing your LE docker to map container 80 to host 85 and see if it starts correctly. Obviously the plain nginx docker will need to be shut down. 1 Quote
jang430 Posted July 11, 2018 Posted July 11, 2018 Yup, it starts correctly. But, not accessible. Not the same as just plain Nginx Quote
JonathanM Posted July 11, 2018 Posted July 11, 2018 6 minutes ago, jang430 said: Yup, it starts correctly. But, not accessible. Not the same as just plain Nginx I take that to mean the LE logs no longer have the error about the certificate that you posted earlier? Quote
jang430 Posted July 11, 2018 Posted July 11, 2018 Still the same. Failed authorization procedure. jxxxxx1.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://jxxxxx1.duckdns.org/.well-known/acme-challenge/boKxf6D_5_zgK27HQt2LSwowiMaHcicSWgtnm12EDbY: Connection refusedIMPORTANT NOTES:- The following errors were reported by the server:Domain: jxxxxx1.duckdns.orgType: connectionDetail: Fetchinghttp://jxxxxx1.duckdns.org/.well-known/acme-challenge/boKxf6D_5_zgK27HQt2LSwowiMaHcicSWgtnm12EDbY:Connection refusedTo fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address. Additionally, please check thatyour computer has a publicly routable IP address and that nofirewalls are preventing the server from communicating with theclient. If you're using the webroot plugin, you should also verifythat you are serving files from the webroot path you provided.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote
Fma965 Posted July 11, 2018 Author Posted July 11, 2018 7 hours ago, jang430 said: Still the same. Failed authorization procedure. jxxxxx1.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://jxxxxx1.duckdns.org/.well-known/acme-challenge/boKxf6D_5_zgK27HQt2LSwowiMaHcicSWgtnm12EDbY: Connection refusedIMPORTANT NOTES:- The following errors were reported by the server:Domain: jxxxxx1.duckdns.orgType: connectionDetail: Fetchinghttp://jxxxxx1.duckdns.org/.well-known/acme-challenge/boKxf6D_5_zgK27HQt2LSwowiMaHcicSWgtnm12EDbY:Connection refusedTo fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address. Additionally, please check thatyour computer has a publicly routable IP address and that nofirewalls are preventing the server from communicating with theclient. If you're using the webroot plugin, you should also verifythat you are serving files from the webroot path you provided.ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container you need to ask in the letsencrypt docker thread. also make sure all your values are right in the docker such as domain name and stuff, no simple typo's, also try setting it to not use subdomains and put your domain jxxxxx1.duckdns.org as the main url/domain Quote
RockDawg Posted July 14, 2018 Posted July 14, 2018 I am trying to follow the guide and I got through step 4 in setting up the Letsencrypt container but when I type 192.168.1.42:81 (unraidip:81) in my browser it just takes me to a page that says "This page can't be reached" instead of the nginx home page. 192.168.1.42 is my internal IP for unraid HTTP set to 81 HTTPS set to 444 No ports forwarded yet since this is only internal at this point What could I be doing wrong? Quote
Fma965 Posted July 14, 2018 Author Posted July 14, 2018 49 minutes ago, RockDawg said: I am trying to follow the guide and I got through step 4 in setting up the Letsencrypt container but when I type 192.168.1.42:81 (unraidip:81) in my browser it just takes me to a page that says "This page can't be reached" instead of the nginx home page. 192.168.1.42 is my internal IP for unraid HTTP set to 81 HTTPS set to 444 No ports forwarded yet since this is only internal at this point What could I be doing wrong? you cant use letsencrypt without public ip access you need to forward those ports Quote
RockDawg Posted July 14, 2018 Posted July 14, 2018 I went into to pfsense and forwarded port 80 to 192.168.1.42:81 and 443 to 192.168.1.42:444. When I type 192.168.1.81 I still get the "Site can't be reached" page. If I type mysubdomain.duckdns,org I get a Chrome "not secure" page and if I click proceed I get a pfsense error page that says "Potential DNS Rebind attack detected". I also get this in my Letsencryot container log: tls-sni validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container I'm sure I have something stupid wrong but I can;t figure out what. Quote
Fma965 Posted July 14, 2018 Author Posted July 14, 2018 5 minutes ago, RockDawg said: I went into to pfsense and forwarded port 80 to 192.168.1.42:81 and 443 to 192.168.1.42:444. When I type 192.168.1.81 I still get the "Site can't be reached" page. If I type mysubdomain.duckdns,org I get a Chrome "not secure" page and if I click proceed I get a pfsense error page that says "Potential DNS Rebind attack detected". I also get this in my Letsencryot container log: tls-sni validation is selected Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container I'm sure I have something stupid wrong but I can;t figure out what. VALIDATION http you need to add that value to the docker Quote
RockDawg Posted July 14, 2018 Posted July 14, 2018 That seems to have fixed the error in the log but 192.168.1.42:81 still does not take me to the nginx default page. Quote
Fma965 Posted July 14, 2018 Author Posted July 14, 2018 13 minutes ago, RockDawg said: That seems to have fixed the error in the log but 192.168.1.42:81 still does not take me to the nginx default page. its https you need to go to https://192.168.1.43:444 but really you should be accessing it from a domain externally even when internal Quote
RockDawg Posted July 14, 2018 Posted July 14, 2018 (edited) I was doing that because step 4 of your guide says: Quote Since we have set the internal docker port to be 81 you can currently visit the nginx default webpage by going to your UnRAID ip at port 81. For me it would be this http://192.168.1.3:81 or https://192.168.1.3 So I was doing the same to test functionality. I went ahead and downloaded your nginx file and substituted my server's IP for yours. I don't use most of the apps you have configured in it but I do use Sonarr at the default port of 8989 the same as in your file so I figured that should work. I deleted the original default file and replaced it with yours. I restarted both the Letsencrypt and Sonarr containers and went to mysubdomain.duckdna.org/sonarr. Chrome changed the address to HTTPS://mysubdomain.duckdns.org/sonarr but the HTTPS is crossed out and says Not Secure. The page loaded is an nginx page saying 404 Not Found. Edited July 14, 2018 by RockDawg Quote
RockDawg Posted July 14, 2018 Posted July 14, 2018 (edited) Here are a few screenshots showing my settings. I showed the NAt ans rule reated for HTTP. The HTTPS entries are the same except 443 forwarded to 444. Edited July 14, 2018 by RockDawg Quote
RockDawg Posted July 15, 2018 Posted July 15, 2018 Since I am getting the nginx 404 page, doesn't that mean that the request is getting through to the Letsencrypt container and therefore my port forwarding is working correctly? Quote
jang430 Posted July 16, 2018 Posted July 16, 2018 Almost there, but not quite. I'm following this guide up to here: Configuring Nginx as a reverse proxy. Now that we have both DuckDNS and Letsencrypt set up it’s time to configure Nginx as a reverse proxy. The first thing we need to do is access your appdata folder on windows, for me this is \\192.168.1.3\appdata. Once in your appdata folder go to the folder called letsencrypt then nginx then site-conf (so for me this is \\192.168.1.3\appdata\letsencrypt-\nginx\site-confs). This docker is pretty good for getting the configuration right automatically, however i have configured it to work with sonarr, radarr, htpc, deluge, plex, nextcloud and even netdata. the file can be downloaded from here. (i plan on explaining this file further in the future) Now simple delete the existing default file and replace it with the one linked above, make sure to rename it to default if it’s called default.txt. you may also need to run newperms to allow you to replace it. Next open the file in notepad++ or similar and change any references to 192.168.1.3 to your UnRAID server IP and also make sure the port numbers match your services. You also need to set the settings for these services, the webdir, webroot or base directory need to be set to the relevant paths. HTPC-Manager is /htpc and the port is 8085 Sonarr is /sonarr and the port is 8989 Couchpotato is /couchpotato and the port is 5050 Radarr is /radarr and the port is 7878 Deluge is /downloads (could be changed to deluge if preferred) and the port is 8112 Plex requires the advanced setting “Server > Network >Custom server access URLs” to include “https://YOURSUBDOMAIN.duckdns.org”. Nextcloud is /nextcloud, the port is 444 and requires manual modification (see section below) Netdata is /netdata and the port is 19999 (slightly different syntax in the nginx config file) Once this is done you can restart the dockers for these services and you should be able to access your services from https://YOURSUBDOMAIN.duckdns.org/service, if you need help with additional services or having any issues at all let me know in the comments below. I downloaded file from link above, clicked on it, and selected download. It gave me a text file. Put the text file onto the folder mentioned above ....\site-confs, then renamed it to default, without any file extension. Used Notepad++ to edit all IP address from 192.168.1.3 to 192.168.1.104 (mine). Since I am using sonarr anyway, I just restarted the sonarr docker container, and accessed https://jxxxx1.duckdns.org/sonarr , and I arrived to the page that says: Welcome to our server The website is currently being setup under this address. For help and support, please contact: [email protected] I also changed radarr to couchpotato, and changed port number to 5050, upon accessing https://jxxxx1.duckdns.org/couchpotato, I also reach the same "Welcome to our server" page. Don't know what's wrong. Please help. Quote
RockDawg Posted July 16, 2018 Posted July 16, 2018 Still trying to work this out. @Fma965 - I'm looking at the default file contents you lined to and I have a question about the first few lines: upstream backend { server 192.168.1.3:19999; keepalive 64; } I know you say to change the IP to our unriad IP and I did that, but what about that port 19999? Should that stay? What's it for? Quote
Fma965 Posted July 16, 2018 Author Posted July 16, 2018 5 minutes ago, RockDawg said: Still trying to work this out. @Fma965 - I'm looking at the default file contents you lined to and I have a question about the first few lines: upstream backend { server 192.168.1.3:19999; keepalive 64; } I know you say to change the IP to our unriad IP and I did that, but what about that port 19999? Should that stay? What's it for? thats only to do with netdata, tbh i need to update my config example as mine is so much cleaner now. Quote
Fma965 Posted July 16, 2018 Author Posted July 16, 2018 2 hours ago, jang430 said: Almost there, but not quite. I'm following this guide up to here: Configuring Nginx as a reverse proxy. Now that we have both DuckDNS and Letsencrypt set up it’s time to configure Nginx as a reverse proxy. The first thing we need to do is access your appdata folder on windows, for me this is \\192.168.1.3\appdata. Once in your appdata folder go to the folder called letsencrypt then nginx then site-conf (so for me this is \\192.168.1.3\appdata\letsencrypt-\nginx\site-confs). This docker is pretty good for getting the configuration right automatically, however i have configured it to work with sonarr, radarr, htpc, deluge, plex, nextcloud and even netdata. the file can be downloaded from here. (i plan on explaining this file further in the future) Now simple delete the existing default file and replace it with the one linked above, make sure to rename it to default if it’s called default.txt. you may also need to run newperms to allow you to replace it. Next open the file in notepad++ or similar and change any references to 192.168.1.3 to your UnRAID server IP and also make sure the port numbers match your services. You also need to set the settings for these services, the webdir, webroot or base directory need to be set to the relevant paths. HTPC-Manager is /htpc and the port is 8085 Sonarr is /sonarr and the port is 8989 Couchpotato is /couchpotato and the port is 5050 Radarr is /radarr and the port is 7878 Deluge is /downloads (could be changed to deluge if preferred) and the port is 8112 Plex requires the advanced setting “Server > Network >Custom server access URLs” to include “https://YOURSUBDOMAIN.duckdns.org”. Nextcloud is /nextcloud, the port is 444 and requires manual modification (see section below) Netdata is /netdata and the port is 19999 (slightly different syntax in the nginx config file) Once this is done you can restart the dockers for these services and you should be able to access your services from https://YOURSUBDOMAIN.duckdns.org/service, if you need help with additional services or having any issues at all let me know in the comments below. I downloaded file from link above, clicked on it, and selected download. It gave me a text file. Put the text file onto the folder mentioned above ....\site-confs, then renamed it to default, without any file extension. Used Notepad++ to edit all IP address from 192.168.1.3 to 192.168.1.104 (mine). Since I am using sonarr anyway, I just restarted the sonarr docker container, and accessed https://jxxxx1.duckdns.org/sonarr , and I arrived to the page that says: Welcome to our server The website is currently being setup under this address. For help and support, please contact: [email protected] I also changed radarr to couchpotato, and changed port number to 5050, upon accessing https://jxxxx1.duckdns.org/couchpotato, I also reach the same "Welcome to our server" page. Don't know what's wrong. Please help. did you restart the letsencrypt docker? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.