[BUG] SSL Fails when using linuxserver.io/swag
in-principio opened this issue · comments
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
When I add the following .conf file to proxy-confs inside of the nginx folder of a swag container:
## Version 2023/05/31
# make sure that you have a cname set for the webtop
# set up authentication here, for better security
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name webtop.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app webtop;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_buffering off;
}
}
and update my DNS records accordingly, the SSL certification fails when I visit the website (get an unsafe warning in my browser).
I have many other services behind this proxy and they all authenticate correctly.
Expected Behavior
There should be no 'unsafe' warning from my browser.
Steps To Reproduce
- Set up a
webtopservice by using the recommended docker-compose.yaml contents - Set register
webtopto the swag reverse proxy - Visit the website
Environment
- OS:Ubuntu
- How docker service was installed:apt-getCPU architecture
x86-64
Docker creation
webtop:
image: lscr.io/linuxserver/webtop:amd64-arch-kde
container_name: webtop
security_opt:
- seccomp:unconfined #optional
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- SUBFOLDER=/ #optional
- TITLE=Webtop #optional
- CUSTOM_USER=user
- PASSWORD=password123
volumes:
- ./webtop/data:/config
- /var/run/docker.sock:/var/run/docker.sock #optional
ports:
- 3000:3000
- 3001:3001
devices:
- /dev/dri:/dev/dri #optional
shm_size: "1gb" #optional
restart: unless-stopped
### Container logs
```bash
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 1000
User GID: 1000
───────────────────────────────────────
..+............+.+.....+....+...+..+.+......+...+..+.+...............+...+..+...+.........+...+.........+.+...+..+++++++++++++++++++++++++++++++++++++++*..+...+++++++++++++++++++++++++++++++++++++++*.....+..+...+.......+.....+.+.........+........+...+.........+.............+...+.................+....+......+...............+.....+....+.........+..+.......+...+...+.....+.+.....+.........+.........+.+..+...+....+...+........+....+..+.+.................+.+......+.....+..........+...+......+..+..........+.........+.....+......+..........+..+..........+..+......+...+......+....+......+.....+.........+....+.....+.............+..+.......+........+............+...+...+....+.....................+..+...+....+...+..+.........+.+...............+.....+.........+......+.+...+..+..........+...............+...+............+..................+......+........+...+.......+......+...........+......+...+.+......+........+.......+..............+.+...+..+.......+......+..+....+......+..+.+..+.......+.....+.......+.....+.+.....+...+.........+...+.......+..+.+...+.....+....+..+......+....+........+......+.........+...............+......+......+...+.+......+.....+..........+...+..+....++++++
..............+.........+++++++++++++++++++++++++++++++++++++++*...+...+...+..............+.+..+.+++++++++++++++++++++++++++++++++++++++*...+.........+.....................+..+..........+..+...+.......+..+.............+..+....+..+....+...+......+..............+......+....+.....+......+.+......+.........+.....+.+.....+....+.....+.+........+.........+................+.....+.......+..+.+......+...+..+.+...+...........+..........+...........+....+.....................+..+.+..+....+........+.+..+.......+...+.....+....+........+.+...........+...+......+.......+.....+....+.........+..+.........+..........+........+................+.....+.+.....+.+..................+.....+............+.......+..+.+............+..+...+.+..............+.+.....+................+......+..+.......+......+.....+.......+.....+.............+.....+...+....+..+......+....+...............+...+...+..+......+.+......+...+.....+............+...+.......+..+.......+...+......+...............+...........+...+.+......+...........+.........+.+.................+...+...+.......+............+..................+............+..+...+................+...........+....+.....+.+.....+..........+........+......+.....................+.............+...............+...+..+...+.......+.......................+....+...+.....+...+..........+............+......+...........+.............+.....+............+...+.+......+.....+....+..+.........+.+.....+.......+.................+......+....+.........+..+..........+..+...+.........+...+.............+...+......+........+.......+...+......+.....+....+......+..+.............+..+....+...+.....+......+.........+.+.....+......+..........+...+...........+.+.....+.+.....+...+.......+..+.+......+...+......+.....+.........+...+.........+...+.+......+.........+..+..........+........+.+...+..+.........+..........+...........+...+.+..+...+.+...+...+.....+.........+.+........+.......+..+............+......+...+......+....+.................+.........+...+.......+...+......+...........+...+.......+......+........+.......+.....+.........++++++
-----
**** creating video group videox8yt with id 110 ****
**** adding /dev/dri/renderD128 to video group videox8yt with id 110 ****
**** creating video group videobvlw with id 44 ****
**** adding /dev/dri/card0 to video group videobvlw with id 44 ****
[custom-init] No custom files found, skipping...
/defaults/startwm.sh: line 7: kwriteconfig5: command not found
_XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be created.
Xvnc KasmVNC 1.2.0 - built Mar 15 2024 17:32:48
Copyright (C) 1999-2018 KasmVNC Team and many others (see README.me)
See http://kasmweb.com for information on KasmVNC.
Underlying X server release 12014000, The X.Org Foundation
[ls.io-init] done.
2024/03/18 20:14:34 [warn] 234#234: could not build optimal types_hash, you should increase either types_hash_max_size: 1024 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size
The XKEYBOARD keymap compiler (xkbcomp) reports:
> Warning: Could not resolve keysym XF86CameraAccessEnable
> Warning: Could not resolve keysym XF86CameraAccessDisable
> Warning: Could not resolve keysym XF86CameraAccessToggle
> Warning: Could not resolve keysym XF86NextElement
> Warning: Could not resolve keysym XF86PreviousElement
> Warning: Could not resolve keysym XF86AutopilotEngageToggle
> Warning: Could not resolve keysym XF86MarkWaypoint
> Warning: Could not resolve keysym XF86Sos
> Warning: Could not resolve keysym XF86NavChart
> Warning: Could not resolve keysym XF86FishingChart
> Warning: Could not resolve keysym XF86SingleRangeRadar
> Warning: Could not resolve keysym XF86DualRangeRadar
> Warning: Could not resolve keysym XF86RadarOverlay
> Warning: Could not resolve keysym XF86TraditionalSonar
> Warning: Could not resolve keysym XF86ClearvuSonar
> Warning: Could not resolve keysym XF86SidevuSonar
> Warning: Could not resolve keysym XF86NavInfo
Errors from xkbcomp are not fatal to the X server
The XKEYBOARD keymap compiler (xkbcomp) reports:
> Warning: Could not resolve keysym XF86CameraAccessEnable
> Warning: Could not resolve keysym XF86CameraAccessDisable
> Warning: Could not resolve keysym XF86CameraAccessToggle
> Warning: Could not resolve keysym XF86NextElement
> Warning: Could not resolve keysym XF86PreviousElement
> Warning: Could not resolve keysym XF86AutopilotEngageToggle
> Warning: Could not resolve keysym XF86MarkWaypoint
> Warning: Could not resolve keysym XF86Sos
> Warning: Could not resolve keysym XF86NavChart
> Warning: Could not resolve keysym XF86FishingChart
> Warning: Could not resolve keysym XF86SingleRangeRadar
> Warning: Could not resolve keysym XF86DualRangeRadar
> Warning: Could not resolve keysym XF86RadarOverlay
> Warning: Could not resolve keysym XF86TraditionalSonar
> Warning: Could not resolve keysym XF86ClearvuSonar
> Warning: Could not resolve keysym XF86SidevuSonar
> Warning: Could not resolve keysym XF86NavInfo
Errors from xkbcomp are not fatal to the X server
2024-03-18 20:14:40,899 [INFO] websocket 0: got client connection from 127.0.0.1
2024-03-18 20:14:40,905 [PRIO] Connections: accepted: @81.111.29.156_1710792880.899162::websocket
2024-03-18 20:17:59,349 [INFO] websocket 1: got client connection from 127.0.0.1
2024-03-18 20:17:59,361 [PRIO] Connections: accepted: @192.168.0.200_1710793079.350310::websocket
Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
This isn't going to be a bug, it's likely a configuration issue and the cert isn't covering the subdomain you've setup. Either jump on our discord or forum as our GitHub issues isn't for general support.
Thank you for the quick reply! I'll close this.