Jump to content
linuxserver.io

[Support] Linuxserver.io - Heimdall

131 posts in this topic Last Reply

Recommended Posts

14 minutes ago, DZMM said:

I'm struggling to reverse proxy this.  Can someone share their config please.

 

Thanks

 

I've got it running on a dedicated subdomain like this.

 

server {
       listen         80;
       server_name    heimdall.server.com;
       return         301 https://$server_name$request_uri;
}

server {

	listen 443 ssl;
	server_name heimdall.server.com;

	include /config/nginx/ssl.conf;
	
    	location / {
		proxy_pass https://192.168.0.1:9086;
		include /config/nginx/proxy.conf;
		satisfy any;
        	allow 192.168.0.0/24;
        	deny all;
			auth_basic "Restricted";
    		auth_basic_user_file /config/nginx/.htpasswd;
	}
}

 

Share this post


Link to post
16 minutes ago, CHBMB said:

 

I've got it running on a dedicated subdomain like this.

 

 

Thanks - I keep getting this error that breaks LE:

nginx: [emerg] the size 52428800 of shared memory zone "SSL" conflicts with already declared size 10485760 in /config/nginx/ssl.conf:3

Any ideas?

 

server {
       listen         80;
       server_name    home.my-domain.com;
       return         301 https://$server_name$request_uri;
}

server {

	listen 443 ssl;
	server_name home.my-domain.com;

	include /config/nginx/ssl.conf;
	
    	location / {
		proxy_pass https://192.168.30.2:443;
		include /config/nginx/proxy.conf;
		satisfy any;
        	allow 192.168.30.0/24;
        	deny all;
			auth_basic "Restricted";
    		auth_basic_user_file /config/nginx/.htpasswd;
	}
}

 

Share this post


Link to post
17 minutes ago, DZMM said:

Thanks - I keep getting this error that breaks LE:


nginx: [emerg] the size 52428800 of shared memory zone "SSL" conflicts with already declared size 10485760 in /config/nginx/ssl.conf:3

Any ideas?

 


server {
       listen         80;
       server_name    home.my-domain.com;
       return         301 https://$server_name$request_uri;
}

server {

	listen 443 ssl;
	server_name home.my-domain.com;

	include /config/nginx/ssl.conf;
	
    	location / {
		proxy_pass https://192.168.30.2:443;
		include /config/nginx/proxy.conf;
		satisfy any;
        	allow 192.168.30.0/24;
        	deny all;
			auth_basic "Restricted";
    		auth_basic_user_file /config/nginx/.htpasswd;
	}
}

 

 

It's something to do with this line in ssl.conf

ssl_session_cache shared:SSL:50m;

But no idea how to fix it.......

 

Tried obvious things like restarting the container and clearing browser cache? 

 

Maybe @aptalca has an idea?

Share this post


Link to post
1 minute ago, CHBMB said:

 

It's something to do with this line in ssl.conf


ssl_session_cache shared:SSL:50m;

But no idea how to fix it.......

 

Tried obvious things like restarting the container and clearing browser cache? 

 

Maybe @aptalca has an idea?

Tried restarting.  Not sure how browser cache will help starting a docker?

Share this post


Link to post
2 minutes ago, DZMM said:

Tried restarting.  Not sure how browser cache will help starting a docker?

 

Sorry thought the error was in the nginx error log, not the container.  

 

Try working out which file in /config/letsencrypt/nginx/site-confs/ is the offending one.  My guess is there's somewhere else you've defined a parameter that's conflicting if Nginx isn't starting.

Share this post


Link to post
13 minutes ago, CHBMB said:

 

Sorry thought the error was in the nginx error log, not the container.  

 

Try working out which file in /config/letsencrypt/nginx/site-confs/ is the offending one.  My guess is there's somewhere else you've defined a parameter that's conflicting if Nginx isn't starting.

No joy - I removed each of my sub-domains one by one, and then removed all the others in one go from default - still get the errors.

 

Not sure what all the other stuff is in default - pretty sure it's all set at install and I haven't touched

 

# listening on port 80 disabled by default, remove the "#" signs to enable
# redirect all traffic to https
#server {
#	listen 80;
#	server_name _;
#	return 301 https://$host$request_uri;
#}

# main server block
server {
	listen 443 ssl default_server;

	root /config/www;
	index index.html index.htm index.php;

	server_name _;

	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;

	client_max_body_size 0;

	location / {
		try_files $uri $uri/ /index.html /index.php?$args =404;
	}

	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		# With php7-cgi alone:
		fastcgi_pass 127.0.0.1:9000;
		# With php7-fpm:
		#fastcgi_pass unix:/var/run/php7-fpm.sock;
		fastcgi_index index.php;
		include /etc/nginx/fastcgi_params;
	}

# calibre-web
	location /books {
		proxy_bind              $server_addr;
		proxy_pass              http://192.168.30.72:8083;
		proxy_set_header        Host            $http_host;
		proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header        X-Scheme        $scheme;
		proxy_set_header        X-Script-Name   /books;
	}

# deluge
	location /deluge {
		proxy_pass http://192.168.50.73:8112/;
		proxy_set_header X-Deluge-Base "/deluge/";
	}

# jackett
	location /jackett/ {
		rewrite /jackett/(.*) /$1 break;
		proxy_bind $server_addr;
		proxy_pass http://192.168.50.78:9117;
	}

# lazy librarian
	location /lazy {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.50.79:5299/lazy;
	}
	
# Lidarr
	location /lidarr {
		auth_request /auth-admin;
		proxy_pass http://192.168.50.69:8686/lidarr;
		include /config/nginx/proxy.conf;
	}

# nzbget
	location /nzbget {
		proxy_pass http://192.168.30.86:6789;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}

# nzbhydra
	location /nzbhydra {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.50.77:5075/nzbhydra;
	}

# Ombi
	location /plexrequest {		
		return 301 $scheme://$host/plexrequest/;		
	}
	location /plexrequest/ {
		proxy_pass http://192.168.50.87:3579;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-Host $server_name;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Ssl on;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_read_timeout  90;
		proxy_redirect http://192.168.50.87:3579 https://$host;
	}
	if ($http_referer ~* /plexrequest/) {
		rewrite ^/dist/(.*) $scheme://$host/plexrequest/dist/$1 permanent;
	}


# PLEX
	location /web {
		# serve the CSS code
		proxy_pass https://192.168.30.90:32400;
	}

	location /plex {
		# proxy request to plex server
		proxy_pass https://192.168.30.90:32400/web;
	}

# Radarr
	location /radarr {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.50.92:7878/radarr;
	}

# Sonarr
	location /sonarr {
		include /config/nginx/proxy.conf;
		proxy_pass http://192.168.50.95:8989/sonarr;
	}

# tautulli
	location /tautulli {
		proxy_pass http://192.168.50.91:8181;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}

}

# sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
# notice this is a new server block, you need a new server block for each subdomain
#server {
#	listen 443 ssl;
#
#	root /config/www;
#	index index.html index.htm index.php;
#
#	server_name cp.*;
#
#	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
#	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
#	ssl_dhparam /config/nginx/dhparams.pem;
#	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
#	ssl_prefer_server_ciphers on;
#
#	client_max_body_size 0;
#
#	location / {
#		auth_basic "Restricted";
#		auth_basic_user_file /config/nginx/.htpasswd;
#		include /config/nginx/proxy.conf;
#		proxy_pass http://192.168.1.50:5050;	
#	}
#}

 

Share this post


Link to post

Try replacing

ssl_certificate /config/keys/letsencrypt/fullchain.pem; 
ssl_certificate_key /config/keys/letsencrypt/privkey.pem; 
ssl_dhparam /config/nginx/dhparams.pem; 
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 
ssl_prefer_server_ciphers on;

with

 

include /config/nginx/ssl.conf;

 

Share this post


Link to post

Thanks - that fixed the errors.  I had lots of

ssl_session_cache   shared:SSL:10m;

dotted about my config fIles, including nginx.conf - I commented them out and all was good.   Probably would have been easier to change ssl.conf from 50 to 10, but I'd already started.  Not sure why they are out of sync.

 

After all that the Heimdall page didn't load and I ran out of time to play with.  I might have another go one day.

Share this post


Link to post

Hey @CHBMB I'm having the same problem as this guy and trying to do the exact same thing with Heimdall but through letsencrypt as a reverse proxy but I'm a little behind maybe.

 

I have a domain hat I own eg. "mysite.com" and I've set it up to work over duckdns to connect to letsencrypt's docker front page. So that's done.

 

Now I want to setup Heimdall to work over reverse proxy, with security and I'm trying to follow these instructions on the github page: https://github.com/linuxserver/Heimdall#reverse-proxy

 

Quote

location / {
    auth_basic "Restricted";
    auth_basic_user_file /config/nginx/.htpasswd;
    include /config/nginx/proxy.conf;
    proxy_pass https://heimdall:443;
}

 

I haven't been able to get this working.

 

I'm trying to edit the file site-confs/default file in my letsencrypt docker. I'm not sure if this is the right one though as it seems to be in a different path than the one you both have. I don't have:

 

/config/letsencrypt/nginx/site-confs/   ---- inside the letsencrypt docker. Mine is:

/config/nginx/site-confs/

 

So /config/nginx/site-confs/default seems to be my config file.

 

I've got the Heimdall docker setup over port 443.

Letsencrypt docker running on port 81 for http and 444 for https.

 

I'm pretty sure portforwarding is set up correctly.

 

So I added the line inside the letsencrypt docker: /config/nginx/site-confs/default

# Heimdall
        location /heimdall {
                include /config/nginx/proxy.conf;
                proxy_pass https://192.168.1.206:443/;
        }

After restarting the docker I navigated to: https://mysite.com/heimdall

 

Input the username and password at the .htaccess prompt (this .htaccess comes from the Heimdall docker not the letsencrypt docker)

 

and none of the images or links on the Heimdall page work...

 

https://www.***mysite***.com/heimdall

 

Gvua3xf.png

 

My page looks like this, none of the images are loading. What's left to do?

Edited by plantsandbinary

Share this post


Link to post

Ok got this working.  I deleted my image and appdata, and downloaded the latest version of LE which had handy site examples included.  Just used those rather than my cobbled together ones, and all worked fine

Share this post


Link to post

I realised I should probably upgrade my Unraid installation. I'm running 6.4.1. I'll upgrade it to 6.5.3 and hopefully it'll just work out of the box using default proxy confs in letsencrypt.

Share this post


Link to post
On 6/19/2018 at 9:59 PM, CHBMB said:

 

I've got it running on a dedicated subdomain like this.

 


server {
       listen         80;
       server_name    heimdall.server.com;
       return         301 https://$server_name$request_uri;
}

server {

	listen 443 ssl;
	server_name heimdall.server.com;

	include /config/nginx/ssl.conf;
	
    	location / {
		proxy_pass https://192.168.0.1:9086;
		include /config/nginx/proxy.conf;
		satisfy any;
        	allow 192.168.0.0/24;
        	deny all;
			auth_basic "Restricted";
    		auth_basic_user_file /config/nginx/.htpasswd;
	}
}

 

 

Is there a way to change this from heimdall.server.com to something else? i would like to use home.server.com but it only works if i use heimdall and i can't see a way in the app to change it. Is it hardcoded in a config file somewhere?

 

Share this post


Link to post
45 minutes ago, Ockingshay said:

 

Is there a way to change this from heimdall.server.com to something else? i would like to use home.server.com but it only works if i use heimdall and i can't see a way in the app to change it. Is it hardcoded in a config file somewhere?

 

 

This has nothing to do with Heimdall itself. You need to have create the home subdomain and then change the server name to home.domain.com

Share this post


Link to post

i created an "A Record" called home in NameCheap and pointed it to my server.

i edited letsencrypt docker and added home as a subdomain

i edited the "default" file in site-confs from heimdall.domain.com to home.domain.com in those 2 places above.

 

What i've had to do with other dockers for example Ombi is edit their Base URL within the docker itslf. I was wondering as there doesn't appear to be a setting in hemdall for Base URL it was located in a config file.

 

Am i missing anything else?

 

Thanks

Share this post


Link to post
6 hours ago, Ockingshay said:

i created an "A Record" called home in NameCheap and pointed it to my server.

i edited letsencrypt docker and added home as a subdomain

i edited the "default" file in site-confs from heimdall.domain.com to home.domain.com in those 2 places above.

 

What i've had to do with other dockers for example Ombi is edit their Base URL within the docker itslf. I was wondering as there doesn't appear to be a setting in hemdall for Base URL it was located in a config file.

 

Am i missing anything else?

 

Thanks

 

A base url is only needed if the app needs more than the IP:port. 

You need to supply configs if you want someone to see if there are anything wrong. 

Also, Heimdall has a proxy conf already in the LE container. Edit it according to the Readme and it should work. 

Share this post


Link to post

Hi All.....

 

Got a problem with running htpasswd on this docker, i have followed the guides within HERE

 

 

20180922-dtyt-53kb.jpg

 

My problem i'm getting, when i run my terminal on unraid - and place in the following line as above:

 

docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd <username>

 

I end up with this error.....

 

20180922-jv9a-20kb.jpg

 

I am trying to get the Auth working for heimdall so i can use this with letsencrypt and access outside my network. 

 

 

Anyone have any ideas why its saying "-bash: syntax error near unexpected token `newline'" when i have copied word for word from the instructions?

If possible, does anyone have a manual way of creating a htpasswd file or similar? I know my way round Unraid but im not Code/linux minded. 

 

Cheers all....

Share this post


Link to post

Are you cutting and pasting?

Try typing the command in.

Sent from my Mi A1 using Tapatalk

Share this post


Link to post
3 minutes ago, CHBMB said:

Are you cutting and pasting?

Try typing the command in.

Sent from my Mi A1 using Tapatalk
 

hi chbmb

 

Yes, just tried it,  still the same....

 

seems to be that unexpected token 'newline'

Share this post


Link to post
1 hour ago, Joeyleigh said:

hi chbmb

 

Yes, just tried it,  still the same....

 

seems to be that unexpected token 'newline'

NEVERMIND...... sorted it 😉

 

I was placing <username>  (Whatever you want it to be) which is right but i kept adding the < > - fixed it by removing them so it looks like this.....

 

docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd username 

 

At least its here for anyone else or if i need it in the future when the server blows up!

Share this post


Link to post
49 minutes ago, Joeyleigh said:

NEVERMIND...... sorted it 😉

 

I was placing <username>  (Whatever you want it to be) which is right but i kept adding the < > - fixed it by removing them so it looks like this.....

 

docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd username 

 

At least its here for anyone else or if i need it in the future when the server blows up!

🤦‍♂️

Share this post


Link to post
3 hours ago, Joeyleigh said:

NEVERMIND...... sorted it 😉

 

I was placing <username>  (Whatever you want it to be) which is right but i kept adding the < > - fixed it by removing them so it looks like this.....

 

docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd username 

 

At least its here for anyone else or if i need it in the future when the server blows up!

Brackets mean "replace with your username" rather than literally typing "username" 

Share this post


Link to post

I couldn't see anything I search but according to the website piHole is one of the enhanced apps but I am not sure how to configure it, it doesn't ask for the admin password or an api key etc.?

Share this post


Link to post
1 hour ago, Dimtar said:

I couldn't see anything I search but according to the website piHole is one of the enhanced apps but I am not sure how to configure it, it doesn't ask for the admin password or an api key etc.?

It doesn't need api keys or password, just the address

Share this post


Link to post

I like the new functionality with Sonarr and Radarr but I can't get nzbget to work now with the changes. Application Type is set to Nzbget. I enable the config, enter in the user name and password. Hit test and nothing happens. Sonarr and Radarr popped up a message saying it worked with the API when hitting test. Nzbget was working correctly before the last update.

 

Thanks.

Share this post


Link to post

So probably a stupid question but if I reverse proxy this using the lets encrypt docker, can I then access the items I put on the Heimdall homepage from outside my home network or would I need to set them up behind lets encrypt and use a separate user on Heimdall to host the links to these items?

 

If that makes sense.

 

Sorted it, got advice to use the external address that I set up for letsencrypt on a per docker setting.

Edited by MMW

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.