CHBMB Posted October 4, 2016 Share Posted October 4, 2016 Although that's a lot easier than hardening each containers webserver individually. The idea is you do all your SSL and security on the reverse proxy, then communicate to every other app that isn't hardened. I don't use nginx but Apache, it's very simple to add an app in general, once you understand how to do it, takes about five minutes. Some apps require setting a webroot though. Sent from my LG-H815 using Tapatalk Quote Link to comment
Guest Posted October 4, 2016 Share Posted October 4, 2016 Although that's a lot easier than hardening each containers webserver individually. The idea is you do all your SSL and security on the reverse proxy, then communicate to every other app that isn't hardened. I don't use nginx but Apache, it's very simple to add an app in general, once you understand how to do it, takes about five minutes. Some apps require setting a webroot though. Sent from my LG-H815 using Tapatalk Hmmm... seems simple. I currently have Nginx set up like this Nginx --> nginx ---> site-confs ---> 'default' file --> www ---> root of Wordpress install So do I have to make a new site-confs file and make Nginx get it somehow...? I'm not a network guru, anybody help? Let's say I have a Nextcloud docker at port 9000, IP xx.xx.xx.xx. Any examples on how to configure it? Quote Link to comment
CHBMB Posted October 4, 2016 Share Posted October 4, 2016 There's a nextcloud guide on the ls.io website, for Apache but some nextcloud side changes will apply to both. Sent from my LG-H815 using Tapatalk Quote Link to comment
Guest Posted October 4, 2016 Share Posted October 4, 2016 There's a nextcloud guide on the ls.io website, for Apache but some nextcloud side changes will apply to both. Sent from my LG-H815 using Tapatalk Thanks... I've set up Nextcloud but now I'm stuck at the configuring it for reverse proxy. I have no idea how to point it towards the port. Maybe somebody with Nginx expertise can help me. CHBMB do you use Nginx as well? I understand if you only know Apache, just asking. Currently I made a backup of my default configuration just in case I screw up everything and trash my Wordpress as well. EDIT: Currently this is how I want it set up. Requests from (cloud.ideaman924.com) goes to Nextcloud, requests from (ideaman924.com or www.ideaman924.com) goes to Wordpress. Wordpress bit is done, but I'm having trouble with Nextcloud. I understand I need to make a new server{} block and mess around in there, but really, I'm about as dumb as a brick when it comes to networking stuff. Quote Link to comment
CHBMB Posted October 4, 2016 Share Posted October 4, 2016 Read my first post, I don't use nginx Sent from my LG-H815 using Tapatalk Quote Link to comment
Guest Posted October 4, 2016 Share Posted October 4, 2016 Read my first post, I don't use nginx Sent from my LG-H815 using Tapatalk OK CHBMB. Something's wrong... I did manage to set up reverse proxy and my Nextcloud is now live in cloud.ideaman924.com . Which is great. What's not so great is Chrome refusing to execute inline scripts: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-hlSW1HZGmKtDyIDU+HuibO0pPuKa/wQJaUWM+5ysR38='), or a nonce ('nonce-...') is required to enable inline execution. OK... Chrome... What? Funnily when I connect directly (xx.xx.xx.xx:9000), then Chrome shows a 'warning, ssl certificate invalid' error but runs the freaking inline script. I did set up Cloudflare but this shouldn't be relevant because the SSL settings are flexible. Any ideas? EDIT: I just figured it out... lol. Turns out that you need to modify config.php in Nextcloud directory. I didn't read the tutorial properly... EDIT2: Actually, that did nothing. I'm still stuck with the inline script not launching thing. Quote Link to comment
Bjonness406 Posted October 4, 2016 Share Posted October 4, 2016 If anybody has the time, it would be nice to add Let's Encrypt support to the docker image so I can actually secure my website. Aptalca has a docker with Let's Encrypt build in. Take a look here for Nextcloud setup with Nginx: https://lime-technology.com/forum/index.php?topic=51466.0 Quote Link to comment
Guest Posted October 5, 2016 Share Posted October 5, 2016 If anybody has the time, it would be nice to add Let's Encrypt support to the docker image so I can actually secure my website. Aptalca has a docker with Let's Encrypt build in. Take a look here for Nextcloud setup with Nginx: https://lime-technology.com/forum/index.php?topic=51466.0 Thanks but I already have it set up nice and secure with the current Nginx from Linuxserver. Don't wanna switch base just for an SSL cert. Thanks for the NextCloud link, though! Quote Link to comment
evan Posted December 13, 2016 Share Posted December 13, 2016 Does this docker support fastcgi? Thanks! Quote Link to comment
CHBMB Posted December 13, 2016 Share Posted December 13, 2016 I'm not sure, tbh, it's kind of been superceded by the letsencrypt version. Sent from my LG-H815 using Tapatalk Quote Link to comment
local.bin Posted March 27, 2017 Share Posted March 27, 2017 Is there a way to have crontabs remain past an update at all please, like the letsencrypt container. I've used this as a generic container for my web based apps, but am struggling with the cron getting wiped out. Thanks in advance. Quote Link to comment
ICDeadPpl Posted March 27, 2017 Share Posted March 27, 2017 (edited) 5 hours ago, local.bin said: Is there a way to have crontabs remain past an update at all please, like the letsencrypt container. I've used this as a generic container for my web based apps, but am struggling with the cron getting wiped out. Thanks in advance. I solved this for my Nextcloud docker with running a script via Community Applications Auto Update module. Info from http://tower/Settings/Settings/caHelp#autoupdate: /boot/config/plugins/ca.update.applications/scripts/starting/{nameOfContainer} This script will be executed whenever {nameOfContainer} has been updated This is in my Nextcloud docker auto update script in /boot/config/plugins/ca.update.applications/scripts/starting/nexctcloud #!/bin/bash grep -q -F 'nextcloud' /etc/crontabs/abc || echo '*/15 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1' >> /etc/crontabs/abc Edited March 27, 2017 by ICDeadPpl 1 Quote Link to comment
local.bin Posted March 28, 2017 Share Posted March 28, 2017 20 hours ago, ICDeadPpl said: I solved this for my Nextcloud docker with running a script via Community Applications Auto Update module. Info from http://tower/Settings/Settings/caHelp#autoupdate: /boot/config/plugins/ca.update.applications/scripts/starting/{nameOfContainer} This script will be executed whenever {nameOfContainer} has been updated This is in my Nextcloud docker auto update script in /boot/config/plugins/ca.update.applications/scripts/starting/nexctcloud #!/bin/bash grep -q -F 'nextcloud' /etc/crontabs/abc || echo '*/15 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1' >> /etc/crontabs/abc Thanks for the insight and option for me to try. I have added similar for my case and await an update to test it. I was hoping for the letsencrypt crontab functionality to be added, but hopefully this will do the job. Quote Link to comment
aptalca Posted March 28, 2017 Share Posted March 28, 2017 Is there a way to have crontabs remain past an update at all please, like the letsencrypt container. I've used this as a generic container for my web based apps, but am struggling with the cron getting wiped out. Thanks in advance.I'll look into it Quote Link to comment
local.bin Posted March 28, 2017 Share Posted March 28, 2017 9 hours ago, aptalca said: I'll look into it Appreciated, thanks for taking a look. Quote Link to comment
local.bin Posted March 30, 2017 Share Posted March 30, 2017 On 3/27/2017 at 2:53 PM, ICDeadPpl said: This is in my Nextcloud docker auto update script in /boot/config/plugins/ca.update.applications/scripts/starting/nexctcloud #!/bin/bash grep -q -F 'nextcloud' /etc/crontabs/abc || echo '*/15 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1' >> /etc/crontabs/abc OK, so my script ran according to the logs but only the nextcloud one worked. My other one failed for some reason. I think it was because in the grep command I only had piwik, rather than nginx-piwik. Just to clarify, your abc cron file, is that in addition to the root cron that exists in /etc/crontabs already? I presume so, so how do you get cron to see it as an additional cron? I have manually added abc cron file and restarted the cron service, but abc's commands do not get listed as current crons in crontab -l Quote Link to comment
ICDeadPpl Posted March 30, 2017 Share Posted March 30, 2017 2 minutes ago, local.bin said: OK, so my script ran according to the logs but only the nextcloud one worked. My other one failed for some reason. I think it was because in the grep command I only had piwik, rather than nginx-piwik. Just to clarify, your abc cron file, is that in addition to the root cron that exists in /etc/crontabs already? I presume so, so how do you get cron to see it as an additional cron? I have manually added abc cron file and restarted the cron service, but abc's commands do not get listed as current crons in crontab -l To list the abc crontab, you have to use crontab -u abc -l root@nextcloud:/$ crontab -l */15 * * * * s6-setuidgid abc php7 -f /config/www/nextcloud/cron.php root@nextcloud:/$ crontab -u abc -l */16 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1 Quote Link to comment
local.bin Posted March 30, 2017 Share Posted March 30, 2017 (edited) 12 minutes ago, ICDeadPpl said: To list the abc crontab, you have to use crontab -u abc -l root@nextcloud:/$ crontab -l */15 * * * * s6-setuidgid abc php7 -f /config/www/nextcloud/cron.php root@nextcloud:/$ crontab -u abc -l */16 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1 mmh, yes, thats what I was using too, but hadn't noticed a spurious hash in front of the command! Quote root@222cce405d7f:/$ # crontab -u abc -l Sorry about that Edited March 30, 2017 by local.bin clarification Quote Link to comment
unevent Posted April 7, 2017 Share Posted April 7, 2017 Can php soap be added to this Docker or the Apache Docker? Thanks Quote Link to comment
local.bin Posted April 8, 2017 Share Posted April 8, 2017 On 27/03/2017 at 2:53 PM, ICDeadPpl said: I solved this for my Nextcloud docker with running a script via Community Applications Auto Update module. Info from http://tower/Settings/Settings/caHelp#autoupdate: /boot/config/plugins/ca.update.applications/scripts/starting/{nameOfContainer} This script will be executed whenever {nameOfContainer} has been updated This is in my Nextcloud docker auto update script in /boot/config/plugins/ca.update.applications/scripts/starting/nexctcloud #!/bin/bash grep -q -F 'nextcloud' /etc/crontabs/abc || echo '*/15 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1' >> /etc/crontabs/abc Could you clarify if you have anything else done to get this working, as it doesn't recreate the abc crontab file for me. The command works fine in isolation and works great when I manually enter the same details in the abc crontab file myself. It wont though create the file itself on container update. I am trying to track down which logs I might find some information as to why at the moment. Quote Link to comment
ICDeadPpl Posted April 8, 2017 Share Posted April 8, 2017 30 minutes ago, local.bin said: Could you clarify if you have anything else done to get this working, as it doesn't recreate the abc crontab file for me. The command works fine in isolation and works great when I manually enter the same details in the abc crontab file myself. It wont though create the file itself on container update. I am trying to track down which logs I might find some information as to why at the moment. Sorry, I missed a step or two in my explanation. Here's more detailed instructions. I have made a script in the /config directory of my docker (host path: /mnt/cache/apps/nextcloud) called install-stuff.sh which contains this: #!/bin/bash grep -q -F 'nextcloud' /etc/crontabs/abc || echo '*/16 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1' >> /etc/crontabs/abc You can add more packages and stuff in that script, if needed. Just check what package manager the docker uses, apt, apk and so on. I have that script run every time the docker updates with the following in my /boot/config/plugins/ca.update.applications/scripts/starting/nexctcloud file: docker exec -t nextcloud /config/install-stuff.sh Just make sure that the install-stuff.sh has execution rights:. # From unRAID shell ls -l /mnt/cache/apps/nextcloud/install-stuff.sh # Result should look something like this: -rwxrwxrwx 1 nobody users 153 Mar 19 08:48 /mnt/cache/apps/nextcloud/install-stuff.sh* # If not, the run this: chmod 777 /mnt/cache/apps/nextcloud/install-stuff.sh or # From inside the docker shell root@nextcloud:/$ ls -l /config/install-stuff.sh # Result should look something like this: -rwxrwxrwx 1 abc abc 153 Mar 19 08:48 /config/install-stuff.sh # If not, the run this: chmod 777 /config/install-stuff.sh Hope this helps! Quote Link to comment
local.bin Posted April 13, 2017 Share Posted April 13, 2017 On 08/04/2017 at 11:53 AM, ICDeadPpl said: Sorry, I missed a step or two in my explanation. Here's more detailed instructions. .... Hope this helps! Thanks, I had a feeling it was a little more involved Haven't had a chance to take a look yet, but will do hopefully over the weekend. Quote Link to comment
dalben Posted April 30, 2017 Share Posted April 30, 2017 I installed this docker last night and got the following errors. It mentions www.dlink.com but I don't run dlink routers. I do have some dlink webcams that are exposed to the intraweb via the dlink myhome software but there is no port forwarding of 443 required for that. I'm wondering if letsencrypt is hanging onto a previous cert tied to the IP my domain has at the moment. [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d www.<mydomain> Generating new certificate WARNING: The standalone specific supported challenges flag is deprecated. Please use the --preferred-challenges flag instead. Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for www.dlink.com tls-sni-01 challenge for <mydomain> /usr/lib/python2.7/site-packages/OpenSSL/rand.py:58: UserWarning: implicit cast from 'char *' to a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct) result_code = _lib.RAND_bytes(result_buffer, num_bytes) Waiting for verification... Cleaning up challenges Failed authorization procedure. <mydomain> (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested aec5e3e7f34dde8c7cce57e6d1771dc1.81ab33f90fa1bed9df091e4aa8ed108d.acme.invalid from <myip>:443. Received 1 certificate(s), first certificate had names "www.dlink.com", <mydomain> (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 8fffff13a46234f55f4bdcdb7b5e7b07.19a22a976cb3972071f41176337ae159.acme.invalid from <myip>:443. Received 1 certificate(s), first certificate had names "www.dlink.com" IMPORTANT NOTES: - The following errors were reported by the server: Domain: <mydomain> Type: unauthorized Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested aec5e3e7f34dde8c7cce57e6d1771dc1.81ab33f90fa1bed9df091e4aa8ed108d.acme.invalid from <myip>:443. Received 1 certificate(s), first certificate had names "www.dlink.com" Domain: <mydomain> Type: unauthorized Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested 8fffff13a46234f55f4bdcdb7b5e7b07.19a22a976cb3972071f41176337ae159.acme.invalid from <myip>:443. Received 1 certificate(s), first certificate had names "www.dlink.com" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. /var/run/s6/etc/cont-init.d/50-config: line 108: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. Quote Link to comment
aptalca Posted April 30, 2017 Share Posted April 30, 2017 This is the thread for nginx, not letsencrypt Regarding the issue, it is likely due to incorrect forwarding of your domain. Make sure the A record is correct. Quote Link to comment
buzzra Posted June 17, 2017 Share Posted June 17, 2017 Is this Nginx docker still being supported/updated? The LS hub.docker.com page shows it was last updated June 6th 2017, but the unRAID CA page shows it was last updated December 5, 2015. I already have wild card certs for my domains, so I do not need LetsEncrypt. I just need an Nginx proxy for my other dockers. Thanks for ALL the great work and support from the LinuxServer.io team! buzz Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.