Djoss Posted December 23, 2019 Author Share Posted December 23, 2019 On 12/18/2019 at 12:33 PM, maxse said: Hey guys, Do you know if this will easily work with minio docker? I was watching the spaceinvader one's video on LE but LE doesn't have a config file for minio so I'm not sure what to do. minio doesn't seem to have special requirements according to https://docs.min.io/docs/setup-nginx-proxy-with-minio.html, so it should be easy to use it with NginxProxyManager. Quote Link to comment
Djoss Posted December 23, 2019 Author Share Posted December 23, 2019 On 12/19/2019 at 6:22 AM, Karatekid said: Nextcloud reported that the X-Frame-Option is not configured as "sameorigin". Is there a way to check debug this? Maybe there is a wrong Nextcloud setting. You can check your site with https://securityheaders.com to see if the header is correctly set or not. Also, if the change under the Advanced tab didn't help, try adding "add_header X-Frame-Options “SAMEORIGIN” always;" instead. Quote Link to comment
Djoss Posted December 23, 2019 Author Share Posted December 23, 2019 On 12/19/2019 at 7:35 AM, Karatekid said: Other Question... Is there a possibility to enable oder disable the proxies over ssh or so? I think about to automatic disable and enable proxies over my smarthome-system. There is currently no facilities to automate things... Quote Link to comment
MattFaz Posted December 23, 2019 Share Posted December 23, 2019 I am facing issues when attempting to manually renew certificates (SSL Certificates > Select 3 Dots on the Service > Renew Now). It will then report a 'timeout' error and the Logs don't appear to show anything useful. Any attempt to manually renew any certificate after this will immediately fail with an 'Internal Error' and logs state that Certbot is still running: Is this a known issue? Is there a way to update them manually outside of this function? Quote Link to comment
Karatekid Posted December 23, 2019 Share Posted December 23, 2019 10 hours ago, Djoss said: You can check your site with https://securityheaders.com to see if the header is correctly set or not. Also, if the change under the Advanced tab didn't help, try adding "add_header X-Frame-Options “SAMEORIGIN” always;" instead. Funny... https://securityheaders.com/ says: X-Frame-Options = SAMEORIGIN (green) but Warning: X-Frame-Options --> There was a duplicate X-Frame-Options header. https://scan.nextcloud.com/ says: X-Frame-Options is red Will the X-Frame-Option not set by the last webservice in the row or how does it work? Maybe its a poblem by Nextcloud directly. Quote Link to comment
placix Posted December 25, 2019 Share Posted December 25, 2019 (edited) Hey everybody, I'm trying to do the configuration for my nextcloud. Everything works so far except on mobile devices... I think some browser tests brought the cause: https://xxx.yyy.zzz/nextcloud/ = everything works well https://xxx.yyy.zzz/nextcloud (without tailing "/") gets https://xxx.yyy.zzz:4443/nextcloud/ What can I do? Best wishes, placix Edited December 25, 2019 by placix Quote Link to comment
ezra Posted December 26, 2019 Share Posted December 26, 2019 Hey, thanks for this app. I cant reach the webui of this container. I've seen something rather odd. Upon creation i see port 7818 for the webui and after i've started the container it said 8181 for the webui. Also the other ports don't add up. Please advise. Quote Link to comment
maxse Posted December 28, 2019 Share Posted December 28, 2019 it is super slow with rclone and minio. I am talking about 200KB/s! no issues when connecting directly to minio on internal network. Any suggestions? Quote Link to comment
cracksilver Posted December 28, 2019 Share Posted December 28, 2019 Hi to all Thank you for this wundefull peace of software. I am convinced that it also works wonderfully. Unfortunately I still can't get anything going. I try to make port forwarding on my test server. Of course I can only work with Ip's here at home. Unfortunately without any success. Probably I am making basic mistakes... My next goal is to reach Seafile on my puplic unraid server (public IP) over https with Let´s Encrypt. I didn't want to configure my productive server on the net with public IP for understandable reasons. If I have to do this directly on this server, here are some questions. I would appreciate if someone could answer them. - Does this really only work on a publicly accessible server and only with domain names not with IPs? - What must be entered in the DNS settings at the domain provider? A-Record, CNAME? - is there a manual somewhere? What I have to say, on this server I only have the port range 8000 to 8800 available. There are other servers running on this site that use other ports. But I can forward these ports freely to the unraid server. Thank you in advance. Greg Quote Link to comment
Djoss Posted December 30, 2019 Author Share Posted December 30, 2019 On 12/23/2019 at 12:08 AM, Mattyfaz said: I am facing issues when attempting to manually renew certificates (SSL Certificates > Select 3 Dots on the Service > Renew Now). It will then report a 'timeout' error and the Logs don't appear to show anything useful. Any attempt to manually renew any certificate after this will immediately fail with an 'Internal Error' and logs state that Certbot is still running: Is this a known issue? Is there a way to update them manually outside of this function? Looks like the UI is not waiting enough long. Did you check if the certificate has been eventually renewed after the timeout? Quote Link to comment
Djoss Posted December 30, 2019 Author Share Posted December 30, 2019 On 12/23/2019 at 7:53 AM, Karatekid said: Funny... https://securityheaders.com/ says: X-Frame-Options = SAMEORIGIN (green) but Warning: X-Frame-Options --> There was a duplicate X-Frame-Options header. https://scan.nextcloud.com/ says: X-Frame-Options is red Will the X-Frame-Option not set by the last webservice in the row or how does it work? Maybe its a poblem by Nextcloud directly. Since it seems that the header is duplicated, did you try to remove it from the proxy host config? You can also use the browser's developper tools to check which headers are added. Quote Link to comment
Djoss Posted December 30, 2019 Author Share Posted December 30, 2019 On 12/25/2019 at 7:37 AM, placix said: Hey everybody, I'm trying to do the configuration for my nextcloud. Everything works so far except on mobile devices... I think some browser tests brought the cause: https://xxx.yyy.zzz/nextcloud/ = everything works well https://xxx.yyy.zzz/nextcloud (without tailing "/") gets https://xxx.yyy.zzz:4443/nextcloud/ What can I do? Best wishes, placix Since you are using a lot of custom config, I would double check the resulting, generated config... Did you try to add a redirect from https://xxx.yyy.zzz/nextcloud to https://xxx.yyy.zzz/nextcloud/ ? Quote Link to comment
Djoss Posted December 30, 2019 Author Share Posted December 30, 2019 On 12/26/2019 at 7:05 AM, ezra said: Hey, thanks for this app. I cant reach the webui of this container. I've seen something rather odd. Upon creation i see port 7818 for the webui and after i've started the container it said 8181 for the webui. Also the other ports don't add up. Please advise. Since you are not using the "Bridge" network type, the UI should be reachable over port 8181. In your case you probably need to use http://192.168.2.5:8181 Quote Link to comment
Djoss Posted December 30, 2019 Author Share Posted December 30, 2019 On 12/27/2019 at 10:29 PM, maxse said: it is super slow with rclone and minio. I am talking about 200KB/s! no issues when connecting directly to minio on internal network. Any suggestions? You mean it's slow only when connecting remotely? Do yo have the same behaviour if you connect remotely directly to the minio container (i.e. bypassing NginxProxyManager)? This is to confirm if NginxProxyManager has anything to do with your issue. Quote Link to comment
Djoss Posted December 30, 2019 Author Share Posted December 30, 2019 On 12/28/2019 at 6:29 PM, cracksilver said: - Does this really only work on a publicly accessible server and only with domain names not with IPs? The goal of this software is to make easy for people to remotely access their home services through HTTPs using a DNS name. Certificates are generated by Let'sEncrypt. This provider requires your web server to be accessible over the Internet through port 80 (only). On 12/28/2019 at 6:29 PM, cracksilver said: - What must be entered in the DNS settings at the domain provider? A-Record, CNAME? Both can be used depending on your setup. A-Record maps a DNS name to an IP address, while CNAME map a DNS to another DNS name. On 12/28/2019 at 6:29 PM, cracksilver said: - is there a manual somewhere? No, but there are some build-in help in the UI. Quote Link to comment
placix Posted December 30, 2019 Share Posted December 30, 2019 3 hours ago, Djoss said: Since you are using a lot of custom config, I would double check the resulting, generated config... Did you try to add a redirect from https://xxx.yyy.zzz/nextcloud to https://xxx.yyy.zzz/nextcloud/ ? Now it works with a redirect. Thank you 😊 Quote Link to comment
Karatekid Posted December 31, 2019 Share Posted December 31, 2019 18 hours ago, Djoss said: Since it seems that the header is duplicated, did you try to remove it from the proxy host config? You can also use the browser's developper tools to check which headers are added. Found the failure in the nextcloud config. Thank you very much for your help!! Have a happy new year. Quote Link to comment
mihcox Posted December 31, 2019 Share Posted December 31, 2019 (edited) I was able to get this up and running for a few specific docker containers (Organizrv2, Shinobi, Ombi). I have 2 questions from here: 1. I am currently accessing them through organizrsubdomain.duckdns.org, ombisubdomain.duckdns.org, and shinobisubdomain.duckdns.org Can i change that to be subdomain.duckdns.org/organizr, etc I did not see a guide on that combing through the forum here 2. Is there a way to allow all my apps to run through Organizr, such that I can access organizr through the reverse proxy, then access all my individual pages through that? That way i only have the organizr page exposed to my firewall, and not other pages like sonarr, radarr, pihole, etc. Looks like was able to fix number 2 on my own, with the settings within organizr. This may be a question for that forum, but i figured someone had already configured it and so i thought i would ask here? Edited December 31, 2019 by mihcox Quote Link to comment
maxse Posted January 1, 2020 Share Posted January 1, 2020 On 12/30/2019 at 1:58 PM, Djoss said: You mean it's slow only when connecting remotely? Do yo have the same behaviour if you connect remotely directly to the minio container (i.e. bypassing NginxProxyManager)? This is to confirm if NginxProxyManager has anything to do with your issue. Both servers are local, but I am using the external IP by duckdns. Both servers are on the same local network for now. I'm not sure if by using the external IP makes the data go outside/back inside, or if the router understands that they are still on the local network and just uses my local network... However, switching to the actual local IP address 192.168... doesn't have the same issue and speed is as expected... But anyway, I am trying duplicacy right now and it seems to be working well with great speeds. Quote Link to comment
Djoss Posted January 3, 2020 Author Share Posted January 3, 2020 (edited) On 12/31/2019 at 4:45 PM, mihcox said: 1. I am currently accessing them through organizrsubdomain.duckdns.org, ombisubdomain.duckdns.org, and shinobisubdomain.duckdns.org Can i change that to be subdomain.duckdns.org/organizr, etc I did not see a guide on that combing through the forum here This is possible by adding a "Custom location" under your proxy host. But note that this method is more complex and the application your are proxying may not support this scenario or may require additional configuration. Edited January 3, 2020 by Djoss Quote Link to comment
cracksilver Posted January 3, 2020 Share Posted January 3, 2020 On 12/30/2019 at 8:11 PM, Djoss said: The goal of this software is to make easy for people to remotely access their home services through HTTPs using a DNS name. Certificates are generated by Let'sEncrypt. This provider requires your web server to be accessible over the Internet through port 80 (only). Both can be used depending on your setup. A-Record maps a DNS name to an IP address, while CNAME map a DNS to another DNS name. No, but there are some build-in help in the UI. Hi. Thank you. Now everything is working with domains and subdomains over ssl. But I can't access to the web UI over https. It just works over http. Is there a config where i can change this? Greg Quote Link to comment
Djoss Posted January 5, 2020 Author Share Posted January 5, 2020 On 1/3/2020 at 6:13 PM, cracksilver said: Hi. Thank you. Now everything is working with domains and subdomains over ssl. But I can't access to the web UI over https. It just works over http. Is there a config where i can change this? Greg There is no config for this, but you can create a proxy host to access NginxProxyManager UI over HTTPs. Quote Link to comment
cracksilver Posted January 5, 2020 Share Posted January 5, 2020 (edited) 6 hours ago, Djoss said: There is no config for this, but you can create a proxy host to access NginxProxyManager UI over HTTPs. Made a proxyhost proxy.mydomain.com It doesn´t work. Tried with Unraid IP 192.168.2.121:8418 and Docker IP 172.17.0.2:8181. No way. All other subdomains on this unraid server runs perfect. But not the Nginx Proxy Manager Made the following: Get no connection to the app. EDIT: made the same with nginx.mydomain.com and it works. Don´t no why but it works perfectly now. Thank you anyway Edited January 5, 2020 by cracksilver it works now..... Quote Link to comment
Iceman24 Posted January 6, 2020 Share Posted January 6, 2020 Is there a point to using the SSL port at all for, whether connecting to NPM externally or internally, if you use the force SSL option which effectively gives you SSL anyways? Thinking about it, it seems as if it's double SSL getting to where you're going. I don't know if that requires anything to work harder, but after discovering I could force SSL on apps that didn't even offer it, I wondered what the point of using SSL for any specific apps was in the first place? It would seem to only deal with SSL for NPM and not any other apps you use it to connect with as the most efficient and simplest option. Do I have this right? Quote Link to comment
Djoss Posted January 6, 2020 Author Share Posted January 6, 2020 1 hour ago, Iceman24 said: Is there a point to using the SSL port at all for, whether connecting to NPM externally or internally, if you use the force SSL option which effectively gives you SSL anyways? Thinking about it, it seems as if it's double SSL getting to where you're going. I don't know if that requires anything to work harder, but after discovering I could force SSL on apps that didn't even offer it, I wondered what the point of using SSL for any specific apps was in the first place? It would seem to only deal with SSL for NPM and not any other apps you use it to connect with as the most efficient and simplest option. Do I have this right? The Force SSL option redirects users connecting to the non-secure HTTP port (80) to the secure HTTPs port (443). Since NPM is mainly used to access services over the Internet, having an encrypted connection is always better. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.