brimble.com

User Tools

Site Tools

Trace: edgerouterx hoobsf33
unraid:dockers:swag

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
unraid:dockers:swag [2021/01/30 14:14] dirkunraid:dockers:swag [2023/11/25 11:32] (current) – [SWAG] dirk
Line 1: Line 1:
 ====== SWAG ======  ====== SWAG ======
-Secure Web Application Gateway is a rebirth of our letsencrypt docker image, a full fledged web server and reverse proxy that includes Nginx, Php7, Certbot (Let's Encrypt client) and Fail2ban. Before running this container, make sure that the url and subdomains are properly forwarded to this container's host. - Port 443 on the internet side of the router should be forwarded to this container's port 443. - If you need a dynamic dns provider, you can use the free provider duckdns.org where the url will be yoursubdomain.duckdns.org and the subdomains can be "www,ftp,cloud," or "wildcard" if using duckdns validation - The container detects changes to url and subdomains, revokes existing certs and generates new ones during start. - If you'd like to password protect your sites, you can use htpasswd. Run the following command on your host to generate the htpasswd file docker exec -it swag htpasswd -c /config/nginx/.htpasswd+Secure Web Application Gateway is a rebirth of the letsencrypt docker image, a full fledged web server and reverse proxy that includes Nginx, Php7, Certbot (Let's Encrypt client) and Fail2ban. Before running this container, make sure that the url and subdomains are properly forwarded to this container's host. - Port 443 on the internet side of the router should be forwarded to this container's port 443. - If you need a dynamic dns provider, you can use the free provider duckdns.org where the url will be yoursubdomain.duckdns.org and the subdomains can be "www,ftp,cloud," or "wildcard" if using duckdns validation - The container detects changes to url and subdomains, revokes existing certs and generates new ones during start. - If you'd like to password protect your sites, you can use htpasswd. Run the following command on your host to generate the htpasswd file docker exec -it swag htpasswd -c /config/nginx/.htpasswd
  
 ===== Version ===== ===== Version =====
Line 23: Line 23:
   * DuckDNS Token: blank   * DuckDNS Token: blank
   * Propagation: blank   * Propagation: blank
 +
 +===== Random Fixes =====
 +==== stream ====
 +  * After last update, websites would not load and had following error in swag logs:<code>nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3 </code>
 +  * Found fix in forums:
 +    * connect to terminal inside docker using vxcode or docker exec
 +    * execute following<code>
 +ls -al /etc/nginx/conf.d/ /etc/nginx/stream.d/
 +mv -v /etc/nginx/conf.d/stream.conf /etc/nginx/stream.d/</code>
 +    * restart swag
 +  * Found longer term fix... just update some outdated config files with the newer samples and all was well again.  No longer need the above steps.
 +
 +==== dashboard ====
 +  * Add variable to swag
 +  * Name: Dashboard
 +  * Key: DOCKER_MODS
 +  * Value: linuxserver/mods:swag-dashboard
 +  * add CNAME for dashboard and add dashboard to swag subdomains
 +  * conf file was auto added
 +  * restart swag
  
 ===== appdata/swag/nginx/proxy-confs/ ===== ===== appdata/swag/nginx/proxy-confs/ =====
Line 175: Line 195:
                 proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;                 proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
         }         }
 +}
 +</code>
 +==== games.subdomain.conf ====
 +<code># Make sure that your dns has a cname set for games
 +
 +server {
 +    listen 443 ssl;
 +    listen [::]:443 ssl;
 +
 +    server_name games.*;
 +
 +    include /config/nginx/ssl.conf;
 +
 +    client_max_body_size 0;
 +
 +    #enable for ldap auth, fill in ldap details in ldap.conf
 +    #include /config/nginx/ldap.conf;
 +
 +    # enable for Authelia
 +    #include /config/nginx/authelia-server.conf;
 +
 +    location / {
 +        #enable the next two lines for http auth
 +        #auth_basic "Restricted";
 +        #auth_basic_user_file /config/nginx/.htpasswd;
 +
 +        #enable the next two lines for ldap auth
 +        #auth_request /auth;
 +        #error_page 401 =200 /ldaplogin;
 +
 +        # enable for Authelia
 +        #include /config/nginx/authelia-location.conf;
 +
 +        include /config/nginx/proxy.conf;
 +        resolver 127.0.0.11 valid=30s;
 +        set $upstream_app games;
 +        set $upstream_port 8080;
 +        set $upstream_proto http;
 +        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 +
 +    }
 +}</code>
 +==== home.subdomain.conf ====
 +  * only works if hoobs is installed on a vm
 +<code>
 +# make sure that your dns has a cname set for home
 +
 +server {
 +  listen 443 ssl http2;
 +
 + server_name home.*;
 + server_tokens off;
 +
 +#access_log /var/log/nginx/SUBDOMAIN.SITE.access.log;
 +#error_log /var/log/nginx/SUBDOMAIN.SITE.error.log error;
 +#
 +# ssl on;
 +#
 +# ssl_certificate /etc/letsencrypt/live/SITE/fullchain.pem;
 +# ssl_certificate_key /etc/letsencrypt/SITE/privkey.pem;
 +
 + location /{
 +  proxy_pass http://192.168.1.7;
 +#  proxy_redirect off;
 +  proxy_redirect http:// https://;
 +#added line below
 +  proxy_http_version 1.1;
 +  proxy_set_header Host $http_host;
 +  proxy_set_header X-Real-IP $remote_addr;
 +  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +  proxy_set_header X-Forwarded-Proto $scheme;
 +  proxy_set_header X-Forwarded-Protocol $scheme;
 +  proxy_set_header X-Url-Scheme $scheme;
 +#added these 2 lines below
 +  proxy_set_header Upgrade $http_upgrade;
 +  proxy_set_header Connection "upgrade";
 + }
 } }
 </code> </code>
 ==== nextcloud.subdomain.conf ==== ==== nextcloud.subdomain.conf ====
 +  * extra steps found below and on youtube
 <code># make sure that your dns has a cname set for nextcloud <code># make sure that your dns has a cname set for nextcloud
 # assuming this container is called "swag", edit your nextcloud container's config # assuming this container is called "swag", edit your nextcloud container's config
Line 212: Line 310:
  
         proxy_max_temp_file_size 2048m;         proxy_max_temp_file_size 2048m;
 +    }
 +}
 +</code>
 +==== pi.subdomain.conf ====
 +  * only works if pihole is installed on vm
 +<code>
 +## Version 2020/12/09
 +# make sure that your dns has a cname set for pihole and that your pihole container is not using a base url
 +
 +server {
 +    listen 443 ssl;
 +    listen [::]:443 ssl;
 +
 +    server_name pi.*;
 +
 +    include /config/nginx/ssl.conf;
 +
 +    client_max_body_size 0;
 +
 +    # enable for ldap auth, fill in ldap details in ldap.conf
 +    #include /config/nginx/ldap.conf;
 +
 +    # enable for Authelia
 +    #include /config/nginx/authelia-server.conf;
 +
 +    location / {
 +        # enable the next two lines for http auth
 +        #auth_basic "Restricted";
 +        #auth_basic_user_file /config/nginx/.htpasswd;
 +
 +        # enable the next two lines for ldap auth
 +        #auth_request /auth;
 +        #error_page 401 =200 /ldaplogin;
 +
 +        # enable for Authelia
 +        #include /config/nginx/authelia-location.conf;
 +
 +        include /config/nginx/proxy.conf;
 +        resolver 127.0.0.11 valid=30s;
 +        set $upstream_app 192.168.1.2;
 +        set $upstream_port 80;
 +        set $upstream_proto http;
 +        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 +
 +        proxy_hide_header X-Frame-Options;
 +    }
 +
 +    location /admin {
 +        # enable the next two lines for http auth
 +        #auth_basic "Restricted";
 +        #auth_basic_user_file /config/nginx/.htpasswd;
 +
 +        # enable the next two lines for ldap auth
 +        #auth_request /auth;
 +        #error_page 401 =200 /ldaplogin;
 +
 +        # enable for Authelia
 +        #include /config/nginx/authelia-location.conf;
 +
 +        include /config/nginx/proxy.conf;
 +        resolver 127.0.0.11 valid=30s;
 +        set $upstream_app 192.168.1.2;
 +        set $upstream_port 80;
 +        set $upstream_proto http;
 +        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 +
 +        proxy_hide_header X-Frame-Options;
     }     }
 } }
Line 549: Line 714:
 } }
 </code> </code>
-==== www.subdomain.conf ====+==== www.subdomain.conf docker version ==== 
 +<code># Make sure that your dns has a cname set for www 
 + 
 +server { 
 +    listen 443 ssl; 
 +    listen [::]:443 ssl; 
 + 
 +    server_name www.*; 
 + 
 +    include /config/nginx/ssl.conf; 
 + 
 +    client_max_body_size 0; 
 + 
 +    #enable for ldap auth, fill in ldap details in ldap.conf 
 +    #include /config/nginx/ldap.conf; 
 + 
 +    # enable for Authelia 
 +    #include /config/nginx/authelia-server.conf; 
 + 
 +    location / { 
 +        #enable the next two lines for http auth 
 +        #auth_basic "Restricted"; 
 +        #auth_basic_user_file /config/nginx/.htpasswd; 
 + 
 +        #enable the next two lines for ldap auth 
 +        #auth_request /auth; 
 +        #error_page 401 =200 /ldaplogin; 
 + 
 +        # enable for Authelia 
 +        #include /config/nginx/authelia-location.conf; 
 + 
 +        include /config/nginx/proxy.conf; 
 +        resolver 127.0.0.11 valid=30s; 
 +        set $upstream_app website; 
 +        set $upstream_port 8080; 
 +        set $upstream_proto http; 
 +        proxy_pass $upstream_proto://$upstream_app:$upstream_port; 
 + 
 +    } 
 +
 +</code> 
 +==== www.subdomain.conf OLD version ====
 <code># make sure that your dns has a cname set for www <code># make sure that your dns has a cname set for www
  
unraid/dockers/swag.1612037672.txt.gz · Last modified: by dirk

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki