[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

I am having trouble getting the nextcloud part working.  I had moved from an old domain to a new domain and whenever I type in something like somecloud.NEW-DOMAIN.com/nextcloud or nextcloud.NEW-DOMAIN.com, or even locally at SERVER-IP-ADDRESS:444, it keeps on redirecting to nextcloud.OLD-DOMAIN.com/index.php/login, telling me that the sie can't be reach, with an ERR_CONNECTION_REFUSED message.  I removed and reinstalled Let's Encrypt even once to see if it would go away, and it wouldn't.

 

The funny thing is that if I use the NextCloud windows app to sync my files, it has no problems connecting to my server ip address. 

 

Here's my default site-config file

upstream backend {
        server 192.168.1.10:19999;
        keepalive 64;
}

server {
        listen 443 ssl default_server;
        listen 80 default_server;
        root /config/www;
        index index.html index.htm index.php;

        server_name _;

        ssl_certificate /config/keys/letsencrypt/fullchain.pem;
        ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
        ssl_dhparam /config/nginx/dhparams.pem;

        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;

        client_max_body_size 0;

        location = / {
                return 301 /htpc;
        }

        location /sonarr {
                include /config/nginx/proxy.conf;
                proxy_pass http://192.168.1.10:38989/sonarr;
        }

        location /radarr {
                include /config/nginx/proxy.conf;
                proxy_pass http://192.168.1.10:37878/radarr;
        }

        location /htpc {
                include /config/nginx/proxy.conf;
                proxy_pass http://192.168.1.10:38085/htpc;
        }


        location /downloads {
                include /config/nginx/proxy.conf;
                proxy_pass  http://192.168.1.10:8112/;
                proxy_set_header  X-Deluge-Base "/downloads/";
        }

        #PLEX
        location /web {
                # serve the CSS code
                proxy_pass http://192.168.1.6:32400;
        }

        # Main /plex rewrite
        location /plex {
                # proxy request to plex server
                proxy_pass http://192.168.1.6:32400/web;
        }

        location /nextcloud {
                include /config/nginx/proxy.conf;
                proxy_pass https://192.168.1.10:444/;
        }

        location ~ /netdata/(?<ndpath>.*) {
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://backend/$ndpath$is_args$args;
                proxy_http_version 1.1;
                proxy_pass_request_headers on;
                proxy_set_header Connection "keep-alive";
                proxy_store off;
        }

        location /organizr {
                include /config/nginx/proxy.conf;
                proxy_pass http://192.168.1.10:38520/;
        }
}

And here's my nextcloud site-config file

server {
    listen 443 ssl;
    server_name NEW-DOMAIN.com;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.10:444/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }
}

 

Link to comment

Just found this error in my docker log. Latest docker update I believe triggered it

 

wget: error getting response: Address family not supported by protocol

run-parts: /etc/periodic/monthly/geoip: exit status 1
error: stat of /config/log/fail2ban/fail2ban.log failed: Permission denied

error: stat of /config/log/letsencrypt/letsencrypt.log failed: Permission denied

error: stat of /config/log/nginx/access.log failed: Permission denied

error: stat of /config/log/nginx/error.log failed: Permission denied

error: stat of /config/log/php/error.log failed: Permission denied

 

Edited by jrdnlc
Link to comment

Not sure if this is specific to the actual docker container or if its  related to how nginx does it thing.

 

My issue is with PlexRequest. I have it working fine when accessing it through my domain "www.mydomain.url/request"

Howerver once I click on "TV Shows" under the search bar, it redirects me to www.mydomain.url/

 

No idea why its redirecting me (only happens when off my home network)

 

This is stopping anyone from requesting TV Shows or me from accessing the Admin options (does the same thing)

Link to comment
5 hours ago, jrdnlc said:

Just found this error in my docker log. Latest docker update I believe triggered it

 


wget: error getting response: Address family not supported by protocol

run-parts: /etc/periodic/monthly/geoip: exit status 1
error: stat of /config/log/fail2ban/fail2ban.log failed: Permission denied

error: stat of /config/log/letsencrypt/letsencrypt.log failed: Permission denied

error: stat of /config/log/nginx/access.log failed: Permission denied

error: stat of /config/log/nginx/error.log failed: Permission denied

error: stat of /config/log/php/error.log failed: Permission denied

 

 

Wget issue is an alpine issue. I'm considering reporting it.

 

It seems logrotate is also having issues. Not a clue why

Link to comment
On 10/2/2017 at 10:42 AM, jrdnlc said:

Just found this error in my docker log. Latest docker update I believe triggered it

 


wget: error getting response: Address family not supported by protocol

run-parts: /etc/periodic/monthly/geoip: exit status 1
error: stat of /config/log/fail2ban/fail2ban.log failed: Permission denied

error: stat of /config/log/letsencrypt/letsencrypt.log failed: Permission denied

error: stat of /config/log/nginx/access.log failed: Permission denied

error: stat of /config/log/nginx/error.log failed: Permission denied

error: stat of /config/log/php/error.log failed: Permission denied

 

 

Figured out the logrotate issue. It is a remnant from a permission issue from a very long time ago. I guess you have had that container for a long time. The problem is, the "log" folder and the folders underneath that are missing the "x" permission. You can either give them the execute permission or simply delete the log folder, restart the container and it will create new folders with the correct permissions.

Link to comment

Hi,

 

I'm finding that my container is exiting after successfully creating the cert

image.png.33cf7cd0ba6141401ab8794aaf3e91b8.png

 

image.thumb.png.fd58caf8a8e6dfd85d24898514c21382.png

The log shown below after successfully making the cert

image.png.d7db7e649b5b2b96f73f54310429ae37.png

Starting the container again yields it going through the process of creating a cert again ending with the same log above.

 

 

Edited by Quiks
Link to comment
1 hour ago, Quiks said:

Hi,

 

I'm finding that my container is exiting after successfully creating the cert

image.png.33cf7cd0ba6141401ab8794aaf3e91b8.png

 

image.thumb.png.fd58caf8a8e6dfd85d24898514c21382.png

The log shown below after successfully making the cert

image.png.d7db7e649b5b2b96f73f54310429ae37.png

Starting the container again yields it going through the process of creating a cert again ending with the same log above.

 

 

 

Try changing the config location to a /mnt/cache or /mnt/disk

 

I suspect it might be a symlink related issue

Link to comment
11 minutes ago, aptalca said:

 

Try changing the config location to a /mnt/cache or /mnt/disk

 

I suspect it might be a symlink related issue

Hi,

Thanks for the response. I changed it to /mnt/disk2/appdata/letsencrypt/, but am still having the same issue. 

Should I delete anything after changing this?

image.png.fdf3063810d8de9677fc101ef96f8209.png

 

to add, the /config/keys/letsencrypt directory does exist.

image.png.3492c566a3858f868a98c514cf4c4585.png

 

 

Edited by Quiks
Link to comment
22 hours ago, Quiks said:

Hi,

Thanks for the response. I changed it to /mnt/disk2/appdata/letsencrypt/, but am still having the same issue. 

Should I delete anything after changing this?

image.png.fdf3063810d8de9677fc101ef96f8209.png

 

to add, the /config/keys/letsencrypt directory does exist.

image.png.3492c566a3858f868a98c514cf4c4585.png

 

 

 

What you're seeing, /config/keys/letsencrypt is just a symlink. The folder it points to doesn't exist. Both of your screenshots are partial and I can't see the important info so can't help you with what's going on there

Link to comment
1 hour ago, aptalca said:

 

What you're seeing, /config/keys/letsencrypt is just a symlink. The folder it points to doesn't exist. Both of your screenshots are partial and I can't see the important info so can't help you with what's going on there

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ _ _
| |___| (_) ___
| / __| | |/ _ \
| \__ \ | | (_) |
|_|___/ |_|\___/
|_|

Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------
User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
4096 bit DH parameters present
SUBDOMAINS entered, processing
Sub-domains processed are: -d subnet1 -d subnet2 -d subnet3
E-mail address entered: email
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for domain
tls-sni-01 challenge for subnet1
tls-sni-01 challenge for subnet2
tls-sni-01 challenge for subnet3
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/domain/fullchain.pem. Your cert will
expire on 2018-01-03. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot


- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

/var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory
[cont-init.d] 50-config: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

image.png.3366269ab8a0cd8f438846c081579363.png

image.png.a21978959e4ce3380fc56e0a65cd8c36.png

image.png.4c9ccf63b666ed33c1f1bcccab3ce2cf.png

 

 

edit: I think I found the issue. This might be a problem on certbot's end. (not sure? maybe you can confirm?)

I typed my domain with a leading capital in the container's settings.

The symlink is pointing to a folder where the first letter in my domain is capital.

The folder that exists has no capitals.

so, the folder created for the cert was created differently than the symlink's destination path.

/mnt/disk2/appdata/letsencrypt/etc/letsencrypt/keys/live/Domain.com/

vs

/mnt/disk2/appdata/letsencrypt/etc/letsencrypt/keys/live/domain.com/

 

I did a mv domain.com Domain.com and it now seems to be working.

 

I guess I should go into the container settings and change to lower case and let it re-run

 

Thanks for pointing me in the correct direction with the broken symlink.

Edited by Quiks
Link to comment
20 hours ago, Quiks said:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ _ _
| |___| (_) ___
| / __| | |/ _ \
| \__ \ | | (_) |
|_|___/ |_|\___/
|_|

Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------
User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
4096 bit DH parameters present
SUBDOMAINS entered, processing
Sub-domains processed are: -d subnet1 -d subnet2 -d subnet3
E-mail address entered: email
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for domain
tls-sni-01 challenge for subnet1
tls-sni-01 challenge for subnet2
tls-sni-01 challenge for subnet3
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/domain/fullchain.pem. Your cert will
expire on 2018-01-03. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot


- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

/var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory
[cont-init.d] 50-config: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

image.png.3366269ab8a0cd8f438846c081579363.png

image.png.a21978959e4ce3380fc56e0a65cd8c36.png

image.png.4c9ccf63b666ed33c1f1bcccab3ce2cf.png

 

 

edit: I think I found the issue. This might be a problem on certbot's end. (not sure? maybe you can confirm?)

I typed my domain with a leading capital in the container's settings.

The symlink is pointing to a folder where the first letter in my domain is capital.

The folder that exists has no capitals.

so, the folder created for the cert was created differently than the symlink's destination path.

/mnt/disk2/appdata/letsencrypt/etc/letsencrypt/keys/live/Domain.com/

vs

/mnt/disk2/appdata/letsencrypt/etc/letsencrypt/keys/live/domain.com/

 

I did a mv domain.com Domain.com and it now seems to be working.

 

I guess I should go into the container settings and change to lower case and let it re-run

 

Thanks for pointing me in the correct direction with the broken symlink.

 

Yup, my first guess would have been a weird character in the domain name, but yeah capital letters would do that. In linux, everything is case sensitive. In urls, I recommend keeping everything as lowercase

  • Upvote 1
Link to comment

Hi again.

I found when transferring my config from my nginx vm to here that I was getting the following message

 

 

nginx: [emerg] socket() [::]:443 failed (97: Address family not supported by protocol)

 

Does this imply that ipv6 is not supported? or is there something I'm missing/need to change

 

Thanks in advance!

 

Link to comment
33 minutes ago, Quiks said:

Hi again.

I found when transferring my config from my nginx vm to here that I was getting the following message

 

 

nginx: [emerg] socket() [::]:443 failed (97: Address family not supported by protocol)

 

Does this imply that ipv6 is not supported? or is there something I'm missing/need to change

 

Thanks in advance!

 

 

Unraid doesn't support ipv6

  • Upvote 1
Link to comment

Im trying to set up wordpress with the letsencrypt container.  I have read through this entire thread and tried all of the config suggestions but i still cannot access the site properly over the internet.  the site is viewable within my lan.  Could someone help pick apart my nginx default config and tell me were im going wrong. Is this the only file i have to edit or am I missing something else?

# listening on port 80 disabled by default, remove the "#" signs to enable
# redirect all traffic to https
server {
	listen 80;
	server_name _;
	return 301 https://$host$request_uri;
}

# main server block
server {
	listen 443 ssl default_server;

	root /config/www;
	index index.html index.htm index.php;

	server_name _;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;

	client_max_body_size 0;

	location / {
		try_files $uri $uri/ /index.html /index.php?$args =404;
	}

	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		# With php7-cgi alone:
		fastcgi_pass 127.0.0.1:9000;
		# With php7-fpm:
		#fastcgi_pass unix:/var/run/php7-fpm.sock;
		fastcgi_index index.php;
		include /etc/nginx/fastcgi_params;
	}

# sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
# notice this is within the same server block as the base
# don't forget to generate the .htpasswd file as described on docker hub
	location ^~ /couchpotato {
		auth_basic "Restricted";
		auth_basic_user_file /config/nginx/.htpasswd;
		include /config/nginx/proxy.conf;
		proxy_pass http://10.0.1.5:5050/couchpotato;
	}

	location ^~ /nzbhydra {
		auth_basic "Restricted";
		auth_basic_user_file /config/nginx/.htpasswd;
		include /config/nginx/proxy.conf;
		proxy_pass http://10.0.1.5:5075/nzbhydra;
	}

	location ^~ /nzbget {
		auth_basic "Restricted";
		auth_basic_user_file /config/nginx/.htpasswd;
		include /config/nginx/proxy.conf;
		proxy_pass http://10.0.1.5:6789/nzbget;
	}

	location ^~ /sonarr {
		auth_basic "Restricted";
		auth_basic_user_file /config/nginx/.htpasswd;
		include /config/nginx/proxy.conf;
		proxy_pass http://10.0.1.5:8989/sonarr;
	}

	location ^~ /nextcloud {
		include /config/nginx/proxy.conf;
		proxy_pass https://10.0.1.5:444/nextcloud;
	}

	location ^~ /multicraft {
		include /config/nginx/proxy.conf;
		proxy_pass http://10.0.1.15:80/multicraft;
	}

}

# sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
# notice this is a new server block, you need a new server block for each subdomain
#server {
#	listen 443 ssl;
#
#	root /config/www;
#	index index.html index.htm index.php;
#
#	server_name cp.*;
#
#	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
#	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
#	ssl_dhparam /config/nginx/dhparams.pem;
#	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
#	ssl_prefer_server_ciphers on;
#
#	client_max_body_size 0;
#
#	location / {
#		auth_basic "Restricted";
#		auth_basic_user_file /config/nginx/.htpasswd;
#		include /config/nginx/proxy.conf;
#		proxy_pass http://192.168.1.50:5050;	
#	}
#}

 

Link to comment

Not seeing any config for your wordpress? Is it /multicraft?

 

What's the url for your wordpress, is it a sub domain or sub directory? Is your wordpress configured to work off a sub directory?

 

I just managed to get Ghost blog kinda running and it took some research getting it to work with a sub directory instead of a sub domain and I eventually figure out part of the problem had nothing to do with reverse proxy at all and more to do with authentication.

 

(I'm by no means an expert, I've done my reverse proxies with the same template you're using.)

Edited by vurt
Link to comment

If I have

location ^~ /blog

working, but I want to turn off auth_basic for a sub directory off /blog, eg

 

    location ^~ /blog/ghost

how do I do that?

 

Tried

	location ^~ /blog/ghost {
		auth_basic "Off";
}

but it didn't work.

 

I did turn off auth_basic for /blog, which got both /blog and /blog/ghost accessible, but I'm hoping to keep /blog restricted.

Link to comment
56 minutes ago, vurt said:

Not seeing any config for your wordpress? Is it /multicraft?

 

What's the url for your wordpress, is it a sub domain or sub directory? Is your wordpress configured to work off a sub directory?

 

I just managed to get Ghost blog kinda running and it took some research getting it to work with a sub directory instead of a sub domain and I eventually figure out part of the problem had nothing to do with reverse proxy at all and more to do with authentication.

 

(I'm by no means an expert, I've done my reverse proxies with the same template you're using.)

Sorry, forgot to mention wordpress is not in  a sub directory it is off the www root... strangely i had joomla running just fine but it is so much more complicated than wordpress i decided to switch. ive had many other websites working directly from the www root but wordpress is giving me problems.

Link to comment

Hi all,
i have for a week now tried to get SQLite3 to work with the docker without luck.

I am trying to use it with CauseFX's Organizr php site, which requires SQLite3 to work.

 

Am i out of luck or have i missed anything? As far as i can see within the docker, the extention is not present.

Regards 
SlaZe_XE

Link to comment
46 minutes ago, CHBMB said:

@SlaZe_XE Why not just use our Organizr container and reverse proxy it with the LetsEncrypt container?

 

Already tried that, but i cannot get that to work either, getting an 404 and cant seem to find a solution for that. I've got a lot of services running reversed proxies with that container, though the Organizr container wont work.

Link to comment

I'm getting very slow response times from my LE/NGINX server. Slow to the point that it times out.

 

I have shows.mydomain.ddns.us pointed at my binhex-libresonic docker on port 4040. That times out before I ever get the NGNIX login. However, when I reopen port 4040 at the router and direct it to my server, I get near instant access to my music/video library on my phone with WiFi turned off (i.e., ensuring I'm accessing externally) or with the phone on WiFi. Therefore I believe that it's an issue with the LE/N container, not with my internet connection in general (though Comcrap has been less than reliable the last couple of weeks), my internal network, or the server itself.

 

I have it working (some installation issues were resolved around pages 30-32ish), and I've accessed it via my phone and my computer at work, however, it's always been sluggish.

 

I'm not sure what you might need for diagnosis, so I'm attaching Diagnostics, let me know what else might be needed for trouble shooting.

 

 

nas-diagnostics-20171009-1808.zip

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.