Linuxserver/letsencrypt how to set up routing for subdomain in nginx

chefsslaad · 28 July 2020 18:48

I have an linuxserver/openvpn-as container running on my docker host as well as a linuxserver/letsencrypt server. I can access the openvpn-as container admin page from my local network through :943/admin I can access it through :943/admin when I set up port forwarding on my router and I can access it through <my-domain.com>:943/admin

I want to use ssl for this trafic and turned to the linuxserver/letsencrypt image. I managed to set it up and I am routing my home automation frontend to this domain as well. It’s on .com and www..com

what I want to do now is create a subdomain called vpn.<my-domain.com> which should direct to :943 or :943/admin (Im not sure if the latter is possible or even desireable)

however, when I try to visit the page I get a 502 bad gateway error

here is the content of config/nginx/site-confs/openvpn

upstream openvpn {
    server 10.0.0.10:943;
}
 
map $http_upgrade $connection_upgrade {
     default upgrade;
     '' close;
  }

server {
     listen 443 ssl http2;  
     server_name vpn.de-wagnertjes.nl;

       include /config/nginx/ssl.conf;
       client_max_body_size 0;
       add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
       ssl_session_cache shared:SSL:10m;

      proxy_buffering off;

      location / {
          proxy_pass http://openvpn;    # Matches to the "upstream" name above
          proxy_set_header Host $host;
          proxy_redirect http:// https://;
          proxy_http_version 1.1;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection $connection_upgrade;
          }

}

aptalca · 28 July 2020 19:04

openvpn-as serves over https

driz · 28 July 2020 22:12

you say you’re using our letsencrypt container but you’ve gone wild west with your config…

go into config/nginx/proxy-confs
rename openvpn-as.subdomain.conf.sample to openvpn-as.subdomain.conf, restart letsencrypt and it will just work (after you’ve deleted your site-confs/openvpn, of course)

or if you must use your attempt (which i think will give weird results with your proxy_redirect) drop the http (openvpn-as doesnt serve on http) and check your nginx logs.

chefsslaad · 1 August 2020 14:26

thanks, I’ve been mixing up my tutorials. I got turned around somewhere and have been trying to fix it myself. It seems the bad gateway error was caused by something else btw. I could not get it to work using docker-compose, but using the plain docker run command did work.

just a follow-up, openvpn-as is using it’s own certificates. This given me an error as the certificates I have installed through letsencrypt are different from the ones used in openvpn-as.

Is there a way to disable the certificates in openvpn-as? If not, is there a way to make sure openvpn-as uses the certificates from letsencrypt, without needing to reinstall them every few months?

driz · 3 August 2020 13:36

it does not matter at all what openvpn-as uses. I reverse proxy google.com as a proof of concept and i can assure you my LE certs are not the same as https://www.google.com

I would recommend starting over and reviewing

chefsslaad · 3 August 2020 17:16

thank you, the starter guide was what I needed.

The problem turned out to be that letsencrypt could not find my openvpn container. the guide recommends setting up a user defined bridge network. Once I did that and attached my containers, it worked.

If I may make a humble suggestion, please put a link to these types of blog posts in the documentation of the container, so that they are easier to find.

system · 8 August 2020 17:16

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.