UnRaid Letsencrypt Reverse Proxy Setup

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: irisnet.ga

I ran this command:n/a

It produced this output:n/a

My web server is (include version):n/a

The operating system my web server runs on is (include version):UnRaid 6.7.2

My hosting provider, if applicable, is:home server

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):n/a

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):n/a

Hi Everyone, I have tried to fix this myself for a few days and I have failed. So looking for some guidance. If this is not the right forum, please let me know and I will go to the UnRaid forum and ask there.

  1. So I use UnRaid 6.7.2 and I installed the Letsencrypt docker app. I also installed nextcloud and sonarr.
  2. I bought a domain irisnet.ga and I have put two CNAME in there. sonarr.irisnet.ga and nextcloud.irisnet.ga
  3. I used dns certificate method in the Letsencrypt to generate the certificate and it generates for the two subdomains
  4. I followed spaceinvaders youtube videos to setup the reverse proxy for both of the nextcloud and sonarr. However, seems like in cloudflare is not able to reach my server when I type in https://nextcloud.irisnet.ga for example. I get a 522 error.

Router Setup

image
image.png736×399 23.2 KB

Letsencrypt Output

[s6-init] making user provided files available at /var/run/s6/etc…exited 0.
[s6-init] ensuring user provided files have correct perms…exited 0.
[fix-attrs.d] applying ownership & permissions fixes…
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts…
[cont-init.d] 10-adduser: executing…

_ ()
| | ___ _ __
| | / | | | /
| | _ \ | | | () |
|| |/ || __/

Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/

GID/UID

User uid: 99
User gid: 100

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing…
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing…
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing…
Variables set:
PUID=99
PGID=100
TZ=America/New_York
URL=irisnet.ga
SUBDOMAINS=sonarr,nextcloud
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=dns
DNSPLUGIN=cloudflare
EMAIL=@.com
STAGING=

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d sonarr.irisnet.ga -d nextcloud.irisnet.ga
E-mail address entered: @.com
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing…
[custom-init] no custom files found exiting…
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty’s; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty’s LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module ‘resty.core’ not found:

no field package.preload[‘resty.core’]
no file ‘./resty/core.lua’
no file ‘/usr/share/luajit-2.1.0-beta3/resty/core.lua’
no file ‘/usr/local/share/lua/5.1/resty/core.lua’
no file ‘/usr/local/share/lua/5.1/resty/core/init.lua’
no file ‘/usr/share/lua/5.1/resty/core.lua’
no file ‘/usr/share/lua/5.1/resty/core/init.lua’
no file ‘/usr/share/lua/common/resty/core.lua’
no file ‘/usr/share/lua/common/resty/core/init.lua’
no file ‘./resty/core.so’
no file ‘/usr/local/lib/lua/5.1/resty/core.so’
no file ‘/usr/lib/lua/5.1/resty/core.so’
no file ‘/usr/local/lib/lua/5.1/loadall.so’
no file ‘./resty.so’
no file ‘/usr/local/lib/lua/5.1/resty.so’
no file ‘/usr/lib/lua/5.1/resty.so’
no file ‘/usr/local/lib/lua/5.1/loadall.so’)
Server ready

=====================================================
I am a bit lost at this point. Would anyone please point me in the right direction? Thank you!

1 Like
2

Cloudflare Setup

image
image.png1057×360 18.3 KB

3

Hi @war1000

checking your domain there are some certificates - https://check-your-website.server-daten.de/?q=nextcloud.irisnet.ga#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-10-23 2020-01-21 nextcloud.irisnet.ga, sonarr.irisnet.ga - 2 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-10-21 2020-01-19 jarvis.irisnet.ga, nextcloud.irisnet.ga, plex.irisnet.ga, sonarr.irisnet.ga - 4 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-10-21 2020-01-19 jarvis.irisnet.ga, nextcloud.irisnet.ga, plex.irisnet.ga, sonarr.irisnet.ga - 4 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-10-21 2020-01-19 jarvis.irisnet.ga, nextcloud.irisnet.ga, plex.irisnet.ga, sonarr.irisnet.ga, www.irisnet.ga - 5 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-10-20 2020-01-18 *.irisnet.ga - 1 entries duplicate nr. 1
CloudFlare Inc ECC CA-2 2019-10-20 2020-10-09 *.irisnet.ga, irisnet.ga, sni.cloudflaressl.com - 3 entries

So that part has worked.

Don’t create certificates again, there is a rate limit. So it’s only an installation problem.

But your server is invisible, only Cloudflare is visible. Normally, it’s better first installing the server correct, then adding Cloudflare.

What’s the ip address of your server?

4

I'm having trouble weeding down to just the bare essentials of the "problem"...

The errors that stand out are:

Not sure if that plays any real effect in this problem.
But it would be nice to heed that warning and update to a new more secure anything.

SSL Labs shows an "A" for this site and the others, so the LE cert is being used properly.
So my first thought is:This is likely an internal error that may be better dealt with in another forum.
But that's a false positive view.
It's NOT the LE cert, it's a Cloud Flare cert that is seem.
The 522 error is not from within your site, it is from Cloud Flare.
Which means we can all see cloud Flare but Cloud Flare can't see your server.

I agree with @JuergenAuer
You should first get the site working before adding cloud flare into the mix.
Or provide your current IP for some real testing.

1 Like
5

ip: 135.0.150.143
duckdns domain: irisnet.duckdns.org

you guys might be right about cloudflare not able to reach my ip. or I am not able to get past my router. Because for example if I type in http://192.168.1.145:8989/ i can hit sonarr. But if I type in https://irisnet.duckdns.org:8989 or https://sonarr.irisnet.ga or https://sonarr.irisnet.ga:8989 it doesn’t go anywhere.

Same with the nextcloud. I can reach with the internal ip. So if the certificates are working, the issue is either the router port is not redirecting traffic on 443 to 1443 or Letsencrypt is not forwarding to the right docker…I have posted this on the UnRaid forum for help. If anyone has any additional troubleshooting tips, please let me know.

On another note, the virgil (hassio on raspberry pi) when I tried DuckDNS with Letsencrypt, I am able to reach it using https://irisnet.duckdns.org:8123

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.