Saldash Posted December 29, 2018 Share Posted December 29, 2018 1 minute ago, Djoss said: Things like 2fa are usually implemented by the application this container is proxying to. Nginx itself has some way to limit the number of requests that are done. I can check if there is anything configured by default for this. When configuring a proxy host, it does have an option to enable blocking common exploits, but I haven't found any documentation for what this entails. Quote Link to comment
Djoss Posted December 29, 2018 Author Share Posted December 29, 2018 On 12/22/2018 at 2:25 PM, bigbadblo said: Very cool. Does this allow for the handling of subfolders by chance? Not yet. Feel free to ask for feature requests at the original project: https://github.com/jc21/nginx-proxy-manager Quote Link to comment
Djoss Posted December 29, 2018 Author Share Posted December 29, 2018 On 12/26/2018 at 2:05 PM, dukiethecorgi said: Does this have fail2ban? No! But this kind of functionality could be provided by another docker container (if one exists). Quote Link to comment
Djoss Posted December 29, 2018 Author Share Posted December 29, 2018 On 12/25/2018 at 3:59 AM, JohanSF said: Thank you for the work, a nice GUI for overview is always great. A guide to move from the LE docker with subfolders, subdomains, organizr, settings etc. to this would be greatly appreciated. On 12/26/2018 at 11:00 AM, gacpac said: Hey, I'm a little bit excited about this new app. I might migrate from let's encrypt to this one but need some help setting up the proxy host. Is there some guide somewhere here or the GitHub. There is no guide currently. There is some built-in help in the UI however. But note that since subfolders are not supported yet, you may not be able to migrate from LE docker. 1 Quote Link to comment
Djoss Posted December 29, 2018 Author Share Posted December 29, 2018 On 12/27/2018 at 5:07 AM, L0rdRaiden said: I am comming from letsencrypt docker. how can I access to edit the nginx.conf file? https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/nginx.conf or other configuration files like conf.d/include/block-exploits.conf conf.d/include/proxy.conf these do not appear when I access with SAMBA This docker is for people with little to no knowledge about nginx. It was not done with manual configuration file editing in mind. Some static configuration files are inside the container itself (/etc/nginx), while generated files are stored under the app data folder. If you want to migrate from LE docker, you should not try to replicate your config files, but instead, use the UI to re-create the same functionality (again, this container doesn't support subfolders yet). 1 Quote Link to comment
Djoss Posted December 29, 2018 Author Share Posted December 29, 2018 On 12/27/2018 at 11:02 AM, drkpeezy said: I get the follow when I try to start the container [mysqld] starting... 2018-12-27 9:57:55 23424764251016 [Note] /usr/bin/mysqld (mysqld 10.2.15-MariaDB) starting as process 1998 ... 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Uses event mutexes 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Compressed tables use zlib 1.2.11 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Using Linux native AIO 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Number of pools: 1 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Using SSE2 crc32 instructions 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Completed initialization of buffer pool 2018-12-27 9:57:55 23424421186280 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority(). 2018-12-27 9:57:55 23424764251016 [ERROR] InnoDB: The Auto-extending innodb_system data file './ibdata1' is of a different size 0 pages than specified in the .cnf file: initial 768 pages, max 0 (relevant if non-zero) pages! 2018-12-27 9:57:55 23424764251016 [ERROR] InnoDB: Plugin initialization aborted with error Generic error [2018-12-27] [09:57:55] [Global ] › ✖ error connect ECONNREFUSED 127.0.0.1:3306 2018-12-27 9:57:55 23424764251016 [Note] InnoDB: Starting shutdown... 2018-12-27 9:57:55 23424764251016 [ERROR] Plugin 'InnoDB' init function returned error. 2018-12-27 9:57:55 23424764251016 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed. 2018-12-27 9:57:55 23424764251016 [Note] Plugin 'FEEDBACK' is disabled. 2018-12-27 9:57:55 23424764251016 [ERROR] Could not open mysql.plugin table. Some plugins may be not loaded 2018-12-27 9:57:55 23424764251016 [ERROR] Unknown/unsupported storage engine: InnoDB 2018-12-27 9:57:55 23424764251016 [ERROR] Aborting Did the DB created successfully the first time? Quote Link to comment
Djoss Posted December 29, 2018 Author Share Posted December 29, 2018 On 12/27/2018 at 12:47 PM, Michael_P said: My Install never gets past this point: [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 00-app-niceness.sh: executing... [cont-init.d] 00-app-niceness.sh: exited 0. [cont-init.d] 00-app-script.sh: executing... [cont-init.d] 00-app-script.sh: exited 0. [cont-init.d] 00-app-user-map.sh: executing... [cont-init.d] 00-app-user-map.sh: exited 0. [cont-init.d] 00-clean-logmonitor-states.sh: executing... [cont-init.d] 00-clean-logmonitor-states.sh: exited 0. [cont-init.d] 00-clean-tmp-dir.sh: executing... [cont-init.d] 00-clean-tmp-dir.sh: exited 0. [cont-init.d] 00-set-app-deps.sh: executing... [cont-init.d] 00-set-app-deps.sh: exited 0. [cont-init.d] 00-set-home.sh: executing... [cont-init.d] 00-set-home.sh: exited 0. [cont-init.d] 00-take-config-ownership.sh: executing... [cont-init.d] 00-take-config-ownership.sh: exited 0. [cont-init.d] 00-xdg-runtime-dir.sh: executing... [cont-init.d] 00-xdg-runtime-dir.sh: exited 0. [cont-init.d] nginx-proxy-manager.sh: executing... [cont-init.d] nginx-proxy-manager.sh: Initializing database data directory... [cont-init.d] nginx-proxy-manager.sh: Database data directory initialized. [cont-init.d] nginx-proxy-manager.sh: Starting database to perform its intialization... [cont-init.d] nginx-proxy-manager.sh: Securing database installation... Even after a couple of minutes? Quote Link to comment
Djoss Posted December 29, 2018 Author Share Posted December 29, 2018 On 12/27/2018 at 3:33 PM, bigdave said: I see this error in the init_db.log /mnt/user/appdata/NginxProxyManager/log# more init_db.log Installing MariaDB/MySQL system tables in '/config/mysql' ... 2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: preallocating 12582912 bytes for file ./ibdata1 failed with error 95 2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: Could not set the file size of './ibdata1'. Probably out of disk space 2018-12-27 14:32:02 22714951916424 [ERROR] InnoDB: Database creation was aborted with error Generic error. You may need to delete the ibdata1 file before trying to start up again. 2018-12-27 14:32:03 22714951916424 [ERROR] Plugin 'InnoDB' init function returned error. 2018-12-27 14:32:03 22714951916424 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed. 2018-12-27 14:32:03 22714951916424 [ERROR] Unknown/unsupported storage engine: InnoDB 2018-12-27 14:32:03 22714951916424 [ERROR] Aborting So I guess that you have enough space on your cache drive? Are you using the default mapping for /config? Quote Link to comment
Djoss Posted December 29, 2018 Author Share Posted December 29, 2018 26 minutes ago, Saldash said: When configuring a proxy host, it does have an option to enable blocking common exploits, but I haven't found any documentation for what this entails. When enabled, queries can be blocked by checking the user-agent and the query string of the URL. You can see the rules here: https://github.com/jc21/nginx-proxy-manager/blob/master/rootfs/etc/nginx/conf.d/include/block-exploits.conf Quote Link to comment
hernandito Posted December 29, 2018 Share Posted December 29, 2018 15 minutes ago, Saldash said: This docker allows you to create user access lists and assign them to specific proxy hosts. From the main dashboard, click Access Lists in the menu. Create a new list and specify a username and password (up to five distinct users). Once created, go to the proxy host you want to secure, click edit to open the modal and at the bottom of the modal, select your access list from the dropdown and save. From the help text: Brilliant.... so easy....! My first example worked. Thank you! Quote Link to comment
Djoss Posted December 29, 2018 Author Share Posted December 29, 2018 2 minutes ago, hernandito said: Brilliant.... so easy....! My first example worked. Thank you! So you are now able to generate LE certificates? Quote Link to comment
hernandito Posted December 29, 2018 Share Posted December 29, 2018 I am.... I was missing something basic. Thanks you! Quote Link to comment
gacpac Posted December 30, 2018 Share Posted December 30, 2018 21 hours ago, Djoss said: There is no guide currently. There is some built-in help in the UI however. But note that since subfolders are not supported yet, you may not be able to migrate from LE docker. Thank you so much @Djoss , I'll keep the docker installed and check the forum for the latest updates. I assume the process will get easier over time. Quote Link to comment
Michael_P Posted December 30, 2018 Share Posted December 30, 2018 On 12/29/2018 at 5:12 PM, Djoss said: Even after a couple of minutes? I let it sit for 15 minutes, did not move past that step Quote Link to comment
koshia Posted December 31, 2018 Share Posted December 31, 2018 (edited) @Djoss I've added some hosts, now on the SSL Certificate screen and trying to get an LE certificate for one of the host. All I get is "Internal Error" once I submit the information. If I acknowledge the error it goes back to the main page but doesn't show anything. If I refresh the page, the cert that was created shows up but doesn't seem to be working. Update 2019/01/01 Got my problem figured out. Awesome and easy docker @Djoss. I've been using standalone NGINX standalone reverse proxies and never got around to doing LE, so with this - just like @Squid - no need to learn LE at this point or file it later for learning. For my specific issue, I tried creating the Hosts w/ LE before the hosts were actually ready and properly forwarded. After getting the other dockers bridged and setup correctly, I blew away the NginxProxyManager container and re-did it. It's definitely working now :). Now I just have to figure out getting this to work with NextCloud docker. Edited January 2, 2019 by koshia More information. Quote Link to comment
bigdave Posted December 31, 2018 Share Posted December 31, 2018 On 12/29/2018 at 5:13 PM, Djoss said: So I guess that you have enough space on your cache drive? Are you using the default mapping for /config? Yes and yes. Just tried deleting and reinstalling with the same result. Quote Link to comment
Ford Prefect Posted December 31, 2018 Share Posted December 31, 2018 On 12/22/2018 at 7:46 PM, repomanz said: I like this docker. Question about this, in context of unraid and hardening. What suggestions are available regarding securing the let's encrypt requirement of having 80 and 443 open on the firewall and this docker? Does the docker have a lockout function, anti-brute force, yubikey or 2fa functions (or will it eventually)? On 12/29/2018 at 10:48 PM, Djoss said: Things like 2fa are usually implemented by the application this container is proxying to. Nginx itself has some way to limit the number of requests that are done. I can check if there is anything configured by default for this. ...anyone with the skills to implement/manage to configure this https://github.com/clems4ever/authelia in a set of dockers or VM? Quote Link to comment
GreenEyedMonster Posted December 31, 2018 Share Posted December 31, 2018 Any idea's how to host a wordpress website with this? Quote Link to comment
Djoss Posted January 1, 2019 Author Share Posted January 1, 2019 On 12/30/2018 at 6:03 PM, Michael_P said: I let it sit for 15 minutes, did not move past that step Can you provide log/init_db.log from the appdata folder? Quote Link to comment
Djoss Posted January 1, 2019 Author Share Posted January 1, 2019 On 12/30/2018 at 10:10 PM, koshia said: @Djoss I've added some hosts, now on the SSL Certificate screen and trying to get an LE certificate for one of the host. All I get is "Internal Error" once I submit the information. If I acknowledge the error it goes back to the main page but doesn't show anything. If I refresh the page, the cert that was created shows up but doesn't seem to be working. Is the docker container accessible from the internet on port 80? Quote Link to comment
Djoss Posted January 1, 2019 Author Share Posted January 1, 2019 On 12/31/2018 at 12:57 AM, bigdave said: Yes and yes. Just tried deleting and reinstalling with the same result. Can you provide log/init_db.log from the appdata folder? Quote Link to comment
Djoss Posted January 1, 2019 Author Share Posted January 1, 2019 23 hours ago, GreenEyedMonster said: Any idea's how to host a wordpress website with this? This docker container is not for hosting websites. You can use another docker container to host your website and then use this one to proxy. Quote Link to comment
bigdave Posted January 1, 2019 Share Posted January 1, 2019 48 minutes ago, Djoss said: Can you provide log/init_db.log from the appdata folder? root@unraid:/mnt/user/appdata/NginxProxyManager/log# more init_db.log Installing MariaDB/MySQL system tables in '/config/mysql' ... 2019-01-01 17:43:17 22792248212360 [ERROR] InnoDB: preallocating 12582912 bytes for file ./ibdata1 failed with error 95 2019-01-01 17:43:17 22792248212360 [ERROR] InnoDB: Could not set the file size of './ibdata1'. Probably out of disk space 2019-01-01 17:43:17 22792248212360 [ERROR] InnoDB: Database creation was aborted with error Generic error. You may need to delete the ibdata1 file before tr ying to start up again. 2019-01-01 17:43:17 22792248212360 [ERROR] Plugin 'InnoDB' init function returned error. 2019-01-01 17:43:17 22792248212360 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed. 2019-01-01 17:43:17 22792248212360 [ERROR] Unknown/unsupported storage engine: InnoDB 2019-01-01 17:43:18 22792248212360 [ERROR] Aborting Installation of system tables failed! Examine the logs in /config/mysql for more information. The problem could be conflicting information in an external my.cnf files. You can ignore these by doing: shell> /usr/bin/mysql_install_db --defaults-file=~/.my.cnf You can also try to start the mysqld daemon with: shell> /usr/bin/mysqld --skip-grant-tables --general-log & and use the command line tool /usr/bin/mysql to connect to the mysql database and look at the grant tables: shell> /usr/bin/mysql -u root mysql mysql> show tables; Try 'mysqld --help' if you have problems with paths. Using --general-log gives you a log in /config/mysql that may be helpful. The latest information about mysql_install_db is available at https://mariadb.com/kb/en/installing-system-tables-mysql_install_db You can find the latest source at https://downloads.mariadb.org and the maria-discuss email list at https://launchpad.net/~maria-discuss Please check all of the above before submitting a bug report at http://mariadb.org/jira /mnt/user/appdata is large enough for this. Quote Link to comment
Djoss Posted January 2, 2019 Author Share Posted January 2, 2019 16 hours ago, bigdave said: root@unraid:/mnt/user/appdata/NginxProxyManager/log# more init_db.log Installing MariaDB/MySQL system tables in '/config/mysql' ... 2019-01-01 17:43:17 22792248212360 [ERROR] InnoDB: preallocating 12582912 bytes for file ./ibdata1 failed with error 95 2019-01-01 17:43:17 22792248212360 [ERROR] InnoDB: Could not set the file size of './ibdata1'. Probably out of disk space 2019-01-01 17:43:17 22792248212360 [ERROR] InnoDB: Database creation was aborted with error Generic error. You may need to delete the ibdata1 file before tr ying to start up again. 2019-01-01 17:43:17 22792248212360 [ERROR] Plugin 'InnoDB' init function returned error. 2019-01-01 17:43:17 22792248212360 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed. 2019-01-01 17:43:17 22792248212360 [ERROR] Unknown/unsupported storage engine: InnoDB 2019-01-01 17:43:18 22792248212360 [ERROR] Aborting Installation of system tables failed! Examine the logs in /config/mysql for more information. The problem could be conflicting information in an external my.cnf files. You can ignore these by doing: shell> /usr/bin/mysql_install_db --defaults-file=~/.my.cnf You can also try to start the mysqld daemon with: shell> /usr/bin/mysqld --skip-grant-tables --general-log & and use the command line tool /usr/bin/mysql to connect to the mysql database and look at the grant tables: shell> /usr/bin/mysql -u root mysql mysql> show tables; Try 'mysqld --help' if you have problems with paths. Using --general-log gives you a log in /config/mysql that may be helpful. The latest information about mysql_install_db is available at https://mariadb.com/kb/en/installing-system-tables-mysql_install_db You can find the latest source at https://downloads.mariadb.org and the maria-discuss email list at https://launchpad.net/~maria-discuss Please check all of the above before submitting a bug report at http://mariadb.org/jira /mnt/user/appdata is large enough for this. Do you have Settings -> Global Share Settings -> Tunable (enable DirectIO) set to Yes instead of Auto? Quote Link to comment
bigdave Posted January 2, 2019 Share Posted January 2, 2019 1 minute ago, Djoss said: Do you have Settings -> Global Share Settings -> Tunable (enable DirectIO) set to Yes instead of Auto? No, it's Auto. Changing it now. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.