Differences

This shows you the differences between two versions of the page.

--- unraid:dockers:swag [2021/01/30 14:10] – created dirk
+++ unraid:dockers:swag [2023/11/25 11:32] (current) – [SWAG] dirk
@@ Line 1: / Line 1: @@
 ====== SWAG ======
-Secure Web Application Gateway is a rebirth of our letsencrypt docker image, a full fledged web server and reverse proxy that includes Nginx, Php7, Certbot (Let's Encrypt client) and Fail2ban. Before running this container, make sure that the url and subdomains are properly forwarded to this container's host. - Port 443 on the internet side of the router should be forwarded to this container's port 443. - If you need a dynamic dns provider, you can use the free provider duckdns.org where the url will be yoursubdomain.duckdns.org and the subdomains can be "www,ftp,cloud," or "wildcard" if using duckdns validation - The container detects changes to url and subdomains, revokes existing certs and generates new ones during start. - If you'd like to password protect your sites, you can use htpasswd. Run the following command on your host to generate the htpasswd file docker exec -it swag htpasswd -c /config/nginx/.htpasswd
+Secure Web Application Gateway is a rebirth of the letsencrypt docker image, a full fledged web server and reverse proxy that includes Nginx, Php7, Certbot (Let's Encrypt client) and Fail2ban. Before running this container, make sure that the url and subdomains are properly forwarded to this container's host. - Port 443 on the internet side of the router should be forwarded to this container's port 443. - If you need a dynamic dns provider, you can use the free provider duckdns.org where the url will be yoursubdomain.duckdns.org and the subdomains can be "www,ftp,cloud," or "wildcard" if using duckdns validation - The container detects changes to url and subdomains, revokes existing certs and generates new ones during start. - If you'd like to password protect your sites, you can use htpasswd. Run the following command on your host to generate the htpasswd file docker exec -it swag htpasswd -c /config/nginx/.htpasswd
 ===== Version =====
@@ Line 24: / Line 24: @@
   * Propagation: blank
-===== App Settings =====
+===== Random Fixes =====
-  * appdata/swag/nginx/proxy-confs/
+==== stream ====
-    * bazarr.subdomain.conf <code># make sure that your dns has a cname set for bazarr and that your bazarr container is not using a base url
+  * After last update, websites would not load and had following error in swag logs:<code>nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3 </code>
+  * Found fix in forums:
+    * connect to terminal inside docker using vxcode or docker exec
+    * execute following<code>
+ls -al /etc/nginx/conf.d/ /etc/nginx/stream.d/
+mv -v /etc/nginx/conf.d/stream.conf /etc/nginx/stream.d/</code>
+    * restart swag
+  * Found longer term fix... just update some outdated config files with the newer samples and all was well again.  No longer need the above steps.
+==== dashboard ====
+  * Add variable to swag
+  * Name: Dashboard
+  * Key: DOCKER_MODS
+  * Value: linuxserver/mods:swag-dashboard
+  * add CNAME for dashboard and add dashboard to swag subdomains
+  * conf file was auto added
+  * restart swag
+===== appdata/swag/nginx/proxy-confs/ =====
+==== bazarr.subdomain.conf ====
+<code># make sure that your dns has a cname set for bazarr and that your bazarr container is not using a base url
 server {
@@ Line 66: / Line 86: @@
 }
 </code>
-    * deluge.subdomain.conf <code># make sure that your dns has a cname set for deluge and that your deluge container is not using a base url
+==== deluge.subdomain.conf ====
+<code># make sure that your dns has a cname set for deluge and that your deluge container is not using a base url
 server {
@@ Line 106: / Line 127: @@
 }
 </code>
-    * dokuwiki.subdomain.conf <code># First complete the setup by appending install.php to URL.
+==== dokuwiki.subdomain.conf ====
+<code># First complete the setup by appending install.php to URL.
 # Make sure that your dns has a cname set for dokuwiki
@@ Line 147: / Line 169: @@
 }
 </code>
-    * edge.subdomain.conf <code>server {
+==== edge.subdomain.conf ====
+<code>server {
         listen 80;
         server_name edge.*;
@@ Line 174: / Line 197: @@
 }
 </code>
-    * nextcloud.subdomain.conf <code># make sure that your dns has a cname set for nextcloud
+==== games.subdomain.conf ====
+<code># Make sure that your dns has a cname set for games
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name games.*;
+    include /config/nginx/ssl.conf;
+    client_max_body_size 0;
+    #enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+    location / {
+        #enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+        #enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app games;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}</code>
+==== home.subdomain.conf ====
+  * only works if hoobs is installed on a vm
+<code>
+# make sure that your dns has a cname set for home
+server {
+  listen 443 ssl http2;
+ server_name home.*;
+ server_tokens off;
+#access_log /var/log/nginx/SUBDOMAIN.SITE.access.log;
+#error_log /var/log/nginx/SUBDOMAIN.SITE.error.log error;
+#
+# ssl on;
+#
+# ssl_certificate /etc/letsencrypt/live/SITE/fullchain.pem;
+# ssl_certificate_key /etc/letsencrypt/SITE/privkey.pem;
+ location /{
+  proxy_pass http://192.168.1.7;
+#  proxy_redirect off;
+  proxy_redirect http:// https://;
+#added line below
+  proxy_http_version 1.1;
+  proxy_set_header Host $http_host;
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header X-Forwarded-Proto $scheme;
+  proxy_set_header X-Forwarded-Protocol $scheme;
+  proxy_set_header X-Url-Scheme $scheme;
+#added these 2 lines below
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection "upgrade";
+ }
+}
+</code>
+==== nextcloud.subdomain.conf ====
+  * extra steps found below and on youtube
+<code># make sure that your dns has a cname set for nextcloud
 # assuming this container is called "swag", edit your nextcloud container's config
 # located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
@@ Line 211: / Line 313: @@
 }
 </code>
-    * plex.subdomain.conf <code># make sure that your dns has a cname set for plex
+==== pi.subdomain.conf ====
+  * only works if pihole is installed on vm
+<code>
+## Version 2020/12/09
+# make sure that your dns has a cname set for pihole and that your pihole container is not using a base url
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name pi.*;
+    include /config/nginx/ssl.conf;
+    client_max_body_size 0;
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app 192.168.1.2;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+        proxy_hide_header X-Frame-Options;
+    }
+    location /admin {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app 192.168.1.2;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+        proxy_hide_header X-Frame-Options;
+    }
+}
+</code>
+==== plex.subdomain.conf ====
+<code># make sure that your dns has a cname set for plex
 # if plex is running in bridge mode and the container is named "plex", the below config should work as is
 # if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;"
@@ Line 271: / Line 441: @@
 }
 </code>
-    * radarr.subdomain.conf <code># make sure that your dns has a cname set for radarr and that your radarr container is not using a base url
+==== radarr.subdomain.conf ====
+<code># make sure that your dns has a cname set for radarr and that your radarr container is not using a base url
 server {
@@ Line 321: / Line 492: @@
 }
 </code>
-    * sabnzbd.subdomain.conf <code># make sure that your dns has a cname set for sabnzbd
+==== sabnzbd.subdomain.conf ====
+<code># make sure that your dns has a cname set for sabnzbd
 # edit the sabnzbd.ini host_whitelist to avoid hostname verification issues. This format:
 # host_whitelist = sabnzbd.domain.com, www.sabnzbd.domain.com
@@ Line 373: / Line 545: @@
 }
 </code>
-    * sonarr.subdomain.conf <code># make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url
+==== sonarr.subdomain.conf ====
+<code># make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url
 server {
@@ Line 423: / Line 596: @@
 }
 </code>
-    * tautulli.subdomain.conf <code># make sure that your dns has a cname set for tautulli and that your tautulli container is not using a base url
+==== tautulli.subdomain.conf ====
+<code># make sure that your dns has a cname set for tautulli and that your tautulli container is not using a base url
 server {
@@ Line 473: / Line 647: @@
 }
 </code>
-    * unifi-controller.subdomain.conf <code># make sure that your dns has a cname set for unifi and that your unifi-controller container is not using a base url
+==== unifi-controller.subdomain.conf ====
+<code># make sure that your dns has a cname set for unifi and that your unifi-controller container is not using a base url
 server {
@@ Line 539: / Line 714: @@
 }
 </code>
-    * www.subdomain.conf <code># make sure that your dns has a cname set for www
+==== www.subdomain.conf docker version ====
+<code># Make sure that your dns has a cname set for www
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name www.*;
+    include /config/nginx/ssl.conf;
+    client_max_body_size 0;
+    #enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+    location / {
+        #enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+        #enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app website;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
+</code>
+==== www.subdomain.conf OLD version ====
+<code># make sure that your dns has a cname set for www
 server {

brimble.com

User Tools

Site Tools

Differences

Page Tools