arnoldnym Posted September 11, 2020 Share Posted September 11, 2020 Hello Everybody. I have an unraid server with mutliple fixed IPs (e.g. with the ending .15 for unraid, .16 for nextcloud 1, .17 for nextcloud 2, .18 for windows VM etc.) and now I wanted to set up lets encrypt container for https connection. However, I am not able to configure it the right way and I can't find any tutorials which match my case. I have followed many instructions, created a domain with several subdomains pointing to the unraid server IP, however I struggle with IP forwarding since there is no router to do it - I just have a fixed IP. To the procedure: When I configure letsencrypt with Ports 80 and 443 and the custom network called "proxynet", the container fails to start with the error: 'URL'='alptekin.de' -e 'SUBDOMAINS'='www,cloud' -e 'ONLY_SUBDOMAINS'='true' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'PUID'='99' -e 'PGID'='100' -p '80:80/tcp' -p '443:443/tcp' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' 'linuxserver/letsencrypt' b5048c49965b8301d7ad84b3f674583c5b911f615d553d787334c847a248908a /usr/bin/docker: Error response from daemon: driver failed programming external connectivity on endpoint letsencrypt (28ea8b125fda09108bb915b42aa644542626a2da05e89d0d664eaf63fad0ef28): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use. The command failed. When I set up with different Ports for http and https, e.g. 180 and 1443, the container starts correctly 'URL'='alptekin.de' -e 'SUBDOMAINS'='www,cloud' -e 'ONLY_SUBDOMAINS'='true' -e 'DHLEVEL'='2048' -e 'VALIDATION'='http' -e 'DNSPLUGIN'='' -e 'PUID'='99' -e 'PGID'='100' -p '180:80/tcp' -p '1443:443/tcp' -v '/mnt/user/appdata/letsencrypt':'/config':'rw' 'linuxserver/letsencrypt' ce11a06bffa81d45dc3e56683f1bddbd7912263e640d9ec5ea2bc9921a4a3215 The command finished successfully! but there are several errors in the container log: Performing the following challenges: http-01 challenge for cloud.alptekin.de http-01 challenge for www.alptekin.de Waiting for verification... Challenge failed for domain cloud.alptekin.de Challenge failed for domain www.alptekin.de http-01 challenge for cloud.alptekin.de http-01 challenge for www.alptekin.de Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: cloud.alptekin.de Type: unauthorized Detail: Invalid response from http://cloud.alptekin.de/login [xxx.xxx.xxx.19]: "<!DOCTYPE html>\n<html class=\"ng-csp\" data-placeholder-focus=\"false\" lang=\"en\" data-locale=\"en\" >\n\t<head\n data-requesttoken=\"sdOZ" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. - The following errors were reported by the server: Domain: www.alptekin.de Type: connection Detail: Fetching http://www.alptekin.de/.well-known/acme-challenge/SCwRkrdGFW8SRRVNevsrbjvTkldoatzXFdEOeQMWx_A: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container Quote Link to comment
JonathanM Posted September 12, 2020 Share Posted September 12, 2020 4 hours ago, arnoldnym said: I struggle with IP forwarding since there is no router to do it - I just have a fixed IP. Are you saying that you have a public IP with no firewall assigned to Unraid? Don't do that. Unraid itself is not hardened for internet exposure. You must have another firewall in place. You certainly can expose individual container's specific ports and IP's, just not Unraid's native ports. Quote Link to comment
arnoldnym Posted September 12, 2020 Author Share Posted September 12, 2020 18 hours ago, jonathanm said: Are you saying that you have a public IP with no firewall assigned to Unraid? Don't do that. Unraid itself is not hardened for internet exposure. You must have another firewall in place. You certainly can expose individual container's specific ports and IP's, just not Unraid's native ports. yes, I have several fixed, public IPs, for Unraid and for each container (3 in total) I am running. There is a firewall behind unraid, but I have not much influence on that (I can ask for opening certain ports) but there is no option on port forwarding - that's the reason why I was not able to follow any of those letsencrypt instructions. so back to the original question/problem: what do I have to do, so that I have encrypted connection to all my containers and to unraid itself? Thanks Quote Link to comment
arnoldnym Posted September 15, 2020 Author Share Posted September 15, 2020 any help/suggestions will be appreciated Quote Link to comment
mattie112 Posted September 15, 2020 Share Posted September 15, 2020 So: you have multiple fixed public IPs that your Unraid uses? Do you actually have those configured on Unraid? Depending on what exactly your config is I would suggest to remove them from Unraid and assigning them to a container. Quote Link to comment
civic95man Posted September 15, 2020 Share Posted September 15, 2020 On 9/12/2020 at 1:29 PM, arnoldnym said: There is a firewall behind unraid yikes!! You want that firewall in front of unraid or you are opening yourself up to some serious issues Quote Link to comment
trurl Posted September 15, 2020 Share Posted September 15, 2020 On 9/12/2020 at 4:29 PM, arnoldnym said: There is a firewall behind unraid, but I have not much influence on that (I can ask for opening certain ports) but there is no option on port forwarding - that's the reason why I was not able to follow any of those letsencrypt instructions. I am guessing your use of the word "behind" is exactly opposite your meaning, but just in case. 4 hours ago, arnoldnym said: any help/suggestions will be appreciated Go to Tools - Diagnostics and attach the complete Diagnostics ZIP file to your NEXT post in this thread. Quote Link to comment
arnoldnym Posted September 15, 2020 Author Share Posted September 15, 2020 (edited) 2 hours ago, trurl said: I am guessing your use of the word "behind" is exactly opposite your meaning, but just in case. Go to Tools - Diagnostics and attach the complete Diagnostics ZIP file to your NEXT post in this thread. yes, my mistake. there is a firewall before the server. The current server has only one LAN Port. The containers and VMs have all separated fixed, public IPs such as xxx.xxx.xxx.16, xxx.xxx.xxx.17, xxx.xxx.xxx.18 ... again: by default, all ports are closed and you need to have VPN connection, to access to the unraid server through internet by using its public IP xxx.xxx.xxx.15 The server has only one LAN Port. for other public IPs, such as xxx.16 or xxx.17, I have opened the Ports 80 and 443 so that you can access to the docker containers (e.g. nextcloud) through internet without having any VPN connection. this works so far, however I don't know how to set up secured connection with letsencrypt (currently only http is working, no https). td-srv-diagnostics-20200915-2126.zip Edited September 15, 2020 by arnoldnym additional information Quote Link to comment
arnoldnym Posted September 28, 2020 Author Share Posted September 28, 2020 No Ideas??? Please help 🥴 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.