[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

linuxserver.io

By linuxserver.io
in Docker Containers

Recommended Posts

aptalca Proficient

aptalca

Posted
Posted (edited)

You don't need to configure sendmail. You can define the smtp server and other options while sending the e-mail in command line

 

Type the following in commandline to see the available options: 

sendmail -?

EDIT: I tested something like this and it works: sendmail -t -v  -H 'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465' -auMYEMAILADDRESS -apMYPASSWORD <mail.txt

mail.txt looks like this: 

To: [email protected]
Subject: Whatever you like

Here's the body of the e-mail

 

Edited by aptalca
  • Upvote 1
Link to comment
  • Replies 6.1k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

nraygun
nraygun

Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

aptalca
aptalca

I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

BigBoyMarky
BigBoyMarky

I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

local.bin Contributor

local.bin

Posted
Posted
13 hours ago, aptalca said:

You don't need to configure sendmail. You can define the smtp server and other options while sending the e-mail in command line

 

Type the following in commandline to see the available options: 


sendmail -?

EDIT: I tested something like this and it works: sendmail -t -v  -H 'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465' -auMYEMAILADDRESS -apMYPASSWORD <mail.txt

mail.txt looks like this: 


To: [email protected]
Subject: Whatever you like

Here's the body of the e-mail

 

Thanks for that. It does indeed work as you suggest it does.

 

I am trying to incorporate sendmail using the standard fail2ban actions in actions.d in order that the email content is created by fail2ban, to give me the detail of who has been banned etc.

 

The fail2ban docs talk about adding the following to jail.local, which works, but because sendmail does not have the base config setup via its config (-H 'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465' -auMYEMAILADDRESS -apMYPASSWORD) it fails, as sendmail tries to send from localhost. 

mta = mail

action = %(action_mw)s
Link to comment
local.bin Contributor

local.bin

Posted
Posted (edited)
8 hours ago, aptalca said:

You can modify the action files. Copy the sendmail-common.conf to sendmail-common.local and modify the sendmail command and add your email addresses

 

Thanks for the further guidance, which helped me get it working.

 

On 3/21/2017 at 3:05 PM, dukiethecorgi said:

Let me apologize in advance for the moronic questions, but I'm an absolute beginner when it comes to linux/dockers/etc ....

 

I telnet into unRAID, and use 'docker exec -it letsencrypt /bin/bash' to get to the command line.  When I try testing by 'sendmail [email protected] < /tmp/testmail.txt' I get the response 'can't connect to remote host (127.0.0.1): Connection refused' which I am guessing means that sendmail isn't configured.  I look in /etc and I can't find anything - no mail or sendmail folder, no sendmail.conf, nothing at all.  Using find to search the entire image, I still don't see anything.

 

I'm completely lost, what am I doing wrong?  Appreciative of any advice you could give.

 

This works for me;

 

Edit jail.local and add the following to the nextcloud or other jail;

Quote

mta      = sendmail
action   = sendmail-whois[name=nextcloud, dest=<destination email address>]

 

 

Copy ..action.d/sendmail-whois.conf to sendmail-whois.local and then edit the last line of the action, changing the sendmail command line part;

 

Quote

Fail2Ban" | /usr/sbin/sendmail -t -v -H 'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465' -au<from email account name> -ap<account password> <dest>

 

Edited by local.bin
Link to comment
CyberMew Enthusiast

CyberMew

Posted
Posted (edited)

I have my own domain on dreamhost and I have configured a sub domain to point to my home tower. I want to https some of my dockers like ombi and Plex py or sabznbd etc. (Currently only Plex py and ombi has been port forwarded. The rest is not.)

 

Im having problems with the blanks in the docker settings. I have put everything as default but it says port 80 is used for http.. which is true since the server is already running on port 80 for the web Gui? So not sure what I am suppose to do?

Edited by CyberMew
Link to comment
aptalca Proficient

aptalca

Posted
Posted
I have my own domain on dreamhost and I have configured a sub domain to point to my home tower. I want to https some of my dockers like ombi and Plex py or sabznbd etc. (Currently only Plex py and ombi has been port forwarded. The rest is not.)
 
Im having problems with the blanks in the docker settings. I have put everything as default but it says port 80 is used for http.. which is true since the server is already running on port 80 for the web Gui? So not sure what I am suppose to do?

Put in any port in there, like 87. Don't have blanks, otherwise unraid won't be able to create the container
Link to comment
Weavus Noob

Weavus

Posted
Posted

I'm having trouble getting Fail2ban working. I'm seeing this in the logs:

  

2017-03-26 04:04:46,710 fail2ban.jail           [266]: INFO    Jail 'nginx-http-auth' started
2017-03-26 04:04:46,712 fail2ban.jail           [266]: INFO    Jail 'nginx-botsearch' started
2017-03-26 04:04:46,714 fail2ban.jail           [266]: INFO    Jail 'nginx-badbots' started
2017-03-26 04:04:46,799 fail2ban.utils          [266]: ERROR   ip6tables -w -N f2b-nginx-http-auth
ip6tables -w -A f2b-nginx-http-auth -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- stderr:
2017-03-26 04:04:46,799 fail2ban.utils          [266]: ERROR    -- stderr: '/bin/sh: ip6tables: not found'
2017-03-26 04:04:46,800 fail2ban.utils          [266]: ERROR    -- stderr: '/bin/sh: ip6tables: not found'
2017-03-26 04:04:46,800 fail2ban.utils          [266]: ERROR    -- stderr: '/bin/sh: ip6tables: not found'
2017-03-26 04:04:46,800 fail2ban.utils          [266]: ERROR   ip6tables -w -N f2b-nginx-http-auth
ip6tables -w -A f2b-nginx-http-auth -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- returned 127
2017-03-26 04:04:46,800 fail2ban.utils          [266]: INFO    HINT on 127: "Command not found".  Make sure that all commands in 'ip6tables -w -N f2b-nginx-http-auth\nip6tables -w -A f2b-nginx-http-auth -j RETURN\nip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth' are in the PATH of fail2ban-server process (grep -a PATH= /proc/`pidof -x fail2ban-server`/environ). You may want to start "fail2ban-server -f" separately, initiate it with "fail2ban-client reload" in another shell session and observe if additional informative error messages appear in the terminals.
2017-03-26 04:04:46,826 fail2ban.actions        [266]: ERROR   Failed to start jail 'nginx-http-auth' action 'iptables-multiport': Error starting action Jail('nginx-http-auth')/iptables-multiport

 

How do I turn off ip6 support in fail2ban or make the ip6tables command available?

 

Thanks

 

Link to comment
aptalca Proficient

aptalca

Posted
Posted
3 hours ago, Weavus said:

I'm having trouble getting Fail2ban working. I'm seeing this in the logs:

  


2017-03-26 04:04:46,710 fail2ban.jail           [266]: INFO    Jail 'nginx-http-auth' started
2017-03-26 04:04:46,712 fail2ban.jail           [266]: INFO    Jail 'nginx-botsearch' started
2017-03-26 04:04:46,714 fail2ban.jail           [266]: INFO    Jail 'nginx-badbots' started
2017-03-26 04:04:46,799 fail2ban.utils          [266]: ERROR   ip6tables -w -N f2b-nginx-http-auth
ip6tables -w -A f2b-nginx-http-auth -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- stderr:
2017-03-26 04:04:46,799 fail2ban.utils          [266]: ERROR    -- stderr: '/bin/sh: ip6tables: not found'
2017-03-26 04:04:46,800 fail2ban.utils          [266]: ERROR    -- stderr: '/bin/sh: ip6tables: not found'
2017-03-26 04:04:46,800 fail2ban.utils          [266]: ERROR    -- stderr: '/bin/sh: ip6tables: not found'
2017-03-26 04:04:46,800 fail2ban.utils          [266]: ERROR   ip6tables -w -N f2b-nginx-http-auth
ip6tables -w -A f2b-nginx-http-auth -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- returned 127
2017-03-26 04:04:46,800 fail2ban.utils          [266]: INFO    HINT on 127: "Command not found".  Make sure that all commands in 'ip6tables -w -N f2b-nginx-http-auth\nip6tables -w -A f2b-nginx-http-auth -j RETURN\nip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth' are in the PATH of fail2ban-server process (grep -a PATH= /proc/`pidof -x fail2ban-server`/environ). You may want to start "fail2ban-server -f" separately, initiate it with "fail2ban-client reload" in another shell session and observe if additional informative error messages appear in the terminals.
2017-03-26 04:04:46,826 fail2ban.actions        [266]: ERROR   Failed to start jail 'nginx-http-auth' action 'iptables-multiport': Error starting action Jail('nginx-http-auth')/iptables-multiport

 

How do I turn off ip6 support in fail2ban or make the ip6tables command available?

 

Thanks

 

 

Can you exec into the container ( docker exec -it letsencrypt bash ) and then install the package ( apk add --update ip6tables ) and restart? If that fixes it, we'll go ahead and add the package to the image

 

Thanks

Link to comment
Mylo75 Rookie

Mylo75

Posted
Posted (edited)

Just a few questions, from a noob with no command line knowledge. 

 

So I've got this set up with sonarr, cp, nzbget etc.. working with [email protected] and have it password protected. 

My Web address is https://[email protected] adding /nzbget or /sonarr etc...  at the end.

 

Is this correct and have I set up it all properly, or should it be https://sonarr.mydomain.duckdns.org

 

Also by running my dockers through letsencrypt, does this give them better security when they  connect to the Internet or is the security just for me when I connect to them from a different network.

Do I still need to enable ssl and proxy settings in each docker as well for better security.

 

Basically I want the best security I can get for my nzbget, so any help, hints or tips much appreciated. 

 

Edited by Mylo75
Link to comment
Weavus Noob

Weavus

Posted
Posted (edited)
5 hours ago, aptalca said:

 

Can you exec into the container ( docker exec -it letsencrypt bash ) and then install the package ( apk add --update ip6tables ) and restart? If that fixes it, we'll go ahead and add the package to the image

 

Ran the command and restarted, new errors now about initialising ip6tables 

2017-03-28 23:29:51,870 fail2ban.utils          [264]: ERROR   ip6tables -w -N f2b-nginx-botsearch
ip6tables -w -A f2b-nginx-botsearch -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- stderr:
2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory"
2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"
2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'
2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory"
2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"
2017-03-28 23:29:51,872 fail2ban.utils          [264]: ERROR    -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'
2017-03-28 23:29:51,872 fail2ban.utils          [264]: ERROR    -- stderr: 'Could not open socket to kernel: Address family not supported by protocol'
2017-03-28 23:29:51,872 fail2ban.utils          [264]: ERROR   ip6tables -w -N f2b-nginx-botsearch
ip6tables -w -A f2b-nginx-botsearch -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- returned 1
2017-03-28 23:29:51,872 fail2ban.actions        [264]: ERROR   Failed to start jail 'nginx-botsearch' action 'iptables-multiport': Error starting action Jail('nginx-botsearch')/iptables-multiport

So tried passing unraids /lib/modules as a read-only path to the container but now get 

2017-03-28 23:40:37,382 fail2ban.utils          [261]: ERROR   ip6tables -w -N f2b-nginx-botsearch
ip6tables -w -A f2b-nginx-botsearch -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- stderr:
2017-03-28 23:40:37,382 fail2ban.utils          [261]: ERROR    -- stderr: 'modprobe: module ip6_tables not found in modules.dep'
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: 'modprobe: module ip6_tables not found in modules.dep'
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: 'Could not open socket to kernel: Address family not supported by protocol'
2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR   ip6tables -w -N f2b-nginx-botsearch
ip6tables -w -A f2b-nginx-botsearch -j RETURN
ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- returned 1
2017-03-28 23:40:37,383 fail2ban.actions        [261]: ERROR   Failed to start jail 'nginx-botsearch' action 'iptables-multiport': Error starting action Jail('nginx-botsearch')/iptables-multiport

So maybe I need to install that apk in unraid but I'd really rather not as I don't use ipv6 on my network.

 

Is there anyway just to configure fail2ban not to try using ip6tables and drop ipv6 support instead?

 

Thanks

Edited by Weavus
Link to comment
Weavus Noob

Weavus

Posted
Posted

Figured it out. I commented out the last section of iptables-common.conf in action.d

  

#[Init?family=inet6]

# Option:  blocktype (ipv6)
# Note:    This is what the action does with rules. This can be any jump target
#          as per the iptables man page (section 8). Common values are DROP
#          REJECT, REJECT --reject-with icmp6-port-unreachable
# Values:  STRING
#blocktype = REJECT --reject-with icmp6-port-unreachable

# Option:  iptables (ipv6)
# Notes.:  Actual command to be executed, including common to all calls options
# Values:  STRING
#iptables = ip6tables <lockingopt>

Now fail2ban is starting without errors 

Link to comment
aptalca Proficient

aptalca

Posted
Posted
2 hours ago, Weavus said:

Figured it out. I commented out the last section of iptables-common.conf in action.d

  


#[Init?family=inet6]

# Option:  blocktype (ipv6)
# Note:    This is what the action does with rules. This can be any jump target
#          as per the iptables man page (section 8). Common values are DROP
#          REJECT, REJECT --reject-with icmp6-port-unreachable
# Values:  STRING
#blocktype = REJECT --reject-with icmp6-port-unreachable

# Option:  iptables (ipv6)
# Notes.:  Actual command to be executed, including common to all calls options
# Values:  STRING
#iptables = ip6tables <lockingopt>

Now fail2ban is starting without errors 

 

Right, that will fix your issue, however, you're not really supposed to edit the conf files. You are supposed to append them through .local files. The issue is, I don't know how to append and remove something from the conf via a local file. I know how to replace it with something else. I'll give it some more thought.

 

This is the newest beta version of fail2ban and ipv6 is the newest feature. I guess this is one of the bugs they will have to fix.

Link to comment
CyberMew Enthusiast

CyberMew

Posted
Posted
On 26/03/2017 at 11:02 PM, aptalca said:


Put in any port in there, like 87. Don't have blanks, otherwise unraid won't be able to create the container

Thanks. I did and it created fine. How do I know if it's working? I tried to access my Sub domain with the http port or even the 443 port but nothing happened..

Link to comment
aptalca Proficient

aptalca

Posted
Posted
 
Ran the command and restarted, new errors now about initialising ip6tables
2017-03-28 23:29:51,870 fail2ban.utils          [264]: ERROR   ip6tables -w -N f2b-nginx-botsearchip6tables -w -A f2b-nginx-botsearch -j RETURNip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- stderr:2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory"2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory"2017-03-28 23:29:51,871 fail2ban.utils          [264]: ERROR    -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"2017-03-28 23:29:51,872 fail2ban.utils          [264]: ERROR    -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'2017-03-28 23:29:51,872 fail2ban.utils          [264]: ERROR    -- stderr: 'Could not open socket to kernel: Address family not supported by protocol'2017-03-28 23:29:51,872 fail2ban.utils          [264]: ERROR   ip6tables -w -N f2b-nginx-botsearchip6tables -w -A f2b-nginx-botsearch -j RETURNip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- returned 12017-03-28 23:29:51,872 fail2ban.actions        [264]: ERROR   Failed to start jail 'nginx-botsearch' action 'iptables-multiport': Error starting action Jail('nginx-botsearch')/iptables-multiport

So tried passing unraids /lib/modules as a read-only path to the container but now get

2017-03-28 23:40:37,382 fail2ban.utils          [261]: ERROR   ip6tables -w -N f2b-nginx-botsearchip6tables -w -A f2b-nginx-botsearch -j RETURNip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- stderr:2017-03-28 23:40:37,382 fail2ban.utils          [261]: ERROR    -- stderr: 'modprobe: module ip6_tables not found in modules.dep'2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: 'modprobe: module ip6_tables not found in modules.dep'2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR    -- stderr: 'Could not open socket to kernel: Address family not supported by protocol'2017-03-28 23:40:37,383 fail2ban.utils          [261]: ERROR   ip6tables -w -N f2b-nginx-botsearchip6tables -w -A f2b-nginx-botsearch -j RETURNip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- returned 12017-03-28 23:40:37,383 fail2ban.actions        [261]: ERROR   Failed to start jail 'nginx-botsearch' action 'iptables-multiport': Error starting action Jail('nginx-botsearch')/iptables-multiport

So maybe I need to install that apk in unraid but I'd really rather not as I don't use ipv6 on my network.
 
Is there anyway just to configure fail2ban not to try using ip6tables and drop ipv6 support instead?
 
Thanks



FYI, I reported the issue to fail2ban and they confirmed it as a bug, which will be fixed. Until then, your workaround should be sufficient

https://github.com/fail2ban/fail2ban/issues/1741
Link to comment
CyberMew Enthusiast

CyberMew

Posted
Posted
4 hours ago, aptalca said:

 


Define "nothing happened". Did you get an error?

You should try to access https://yoururl.com and you should see the default welcome page

Check your docker log

 

Yea it says could not connect to server if I tried to access the ssl port or non ssl port.  Then docker died. 

 

Something like this happened:

/var/run/s6/etc/cont-init.d/50-config: line 105: cd: /config/keys/letsencrypt: No such file or directory

 

there are no other errors, just warnings. 

Link to comment
aptalca Proficient

aptalca

Posted
Posted
Yea it says could not connect to server if I tried to access the ssl port or non ssl port.  Then docker died. 
 
Something like this happened:
/var/run/s6/etc/cont-init.d/50-config: line 105: cd: /config/keys/letsencrypt: No such file or directory
 
there are no other errors, just warnings. 


You mentioned you only forward the subdomain to your home server. Did you use the only subdomains option?

Your cert generation was unsuccessful. The logs should tell you that
Link to comment
CyberMew Enthusiast

CyberMew

Posted
Posted
9 hours ago, aptalca said:

 


You mentioned you only forward the subdomain to your home server. Did you use the only subdomains option?

Your cert generation was unsuccessful. The logs should tell you that

 

Thanks, I got it to load now. And I had to do port forwarding. Now I need to find out how to block http requests or redirect to https version. Any idea how do I edit the 443 page?

Link to comment
mattekure Explorer

mattekure

Posted
Posted

Is it possible to add a subdomain that doesnt use SSL?  I have a need to serve some files via HTTP but my current setup redirects all traffic to https.  I want to set up a subdomain dnd.server.com that allows me to serve up files without https, with the root in a different location from the main server.

Link to comment
aptalca Proficient

aptalca

Posted
Posted
Thanks, I got it to load now. And I had to do port forwarding. Now I need to find out how to block http requests or redirect to https version. Any idea how do I edit the 443 page?

Config files are in the /config folder. You will want to modify the site config as well as the html file under www
Link to comment
aptalca Proficient

aptalca

Posted
Posted
Is it possible to add a subdomain that doesnt use SSL?  I have a need to serve some files via HTTP but my current setup redirects all traffic to https.  I want to set up a subdomain dnd.server.com that allows me to serve up files without https, with the root in a different location from the main server.


Sure, just create a new server block in the site config for the new subdomain and set it to listen to port 80
Link to comment
mattekure Explorer

mattekure

Posted
Posted (edited)
3 hours ago, aptalca said:

 


Sure, just create a new server block in the site config for the new subdomain and set it to listen to port 80

 

 

Edit - Thanks, I got it working.  I got confused with the HSTS causing chrome to still throw an error, but got it figured out.

 

Edited by mattekure
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing