now I feel dumb! Checked your post though and it dosnt note further requirements for nginx setup (perhaps this is new?)
“5. Click the “OPEN WEB UI” button and login using: [email protected] / `changeme”
now set up but proxy status on the nginx proxy page shows as offline and SSL setting dosnt want to stick. I have set up as per the documentation but in the SSL tab, the expiry for certificates generated have the same time that they are generated so think they are already invalid!
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for XsXXXXXX.duckdns.org
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain XXXXXXX.duckdns.org
http-01 challenge for XXxXXXX.duckdns.org
Cleaning up challenges
Some challenges have failed.
updated port forwarding to include 80 ->80. this seems to have allowed certificates to renew now.
nginx up and running. maria db up and running. duckDNS plugin up and running…
my duckDNS domain: “The connection has timed out” :’(
tried from a different computer and it works!!! for some reason it dosnt work from this laptop (even tried 3 different browsers). I can access internally from this laptop so if it lets google assistant integration work then im fine with that
Peter,
Thanks for the feedback.
As you probably saw @nikd1 had some problems that I can’t replicate.
Did you do anything ‘subtly’ different ?
Can you identify any additional steps/changes required since the changes to the addons ?
How can I make this solution better ?
Cheers
Well, If I read it correctly @nikd1 is trying to get it to work with the addon-nginx-proxy-manager. There is an open issue in github stating that this add on has an issue with the SSL verification:
Which is the reason why the ‘internal error’ is taking place. (although it was, when I was fumbling with it)
The workaround is to verify the SSL certificate yourself. Which you have to be doing manually every three months. That was for me the reason to try it with the core add on, since this SSL verification was done automatically…
@Mutt
Maybe this doesn’t belong to this subject but as a lot of people I’m struggling already for a long time to get this to work. Tried a lot and it’s getting frustrating.
All the above I understand, but in my case I do have a Synology NAS ‘in between’ where a Let’s Encrypt certificate is defined as well and port 443 is being used.
Do I have to do things different than described in post #23? And what things do I have to change/add (like reverse proxy settings) on the NAS?
Erik,
I do have a Synology NAS but I’m a bit of a purist and don’t like to compromise ‘essential’ services with ‘other software’ or have interdependencies regarding required restarts and software updates. So my NAS does what Synology intended, a Pi that does Kodi, a Pi that runs LMS and I have a Pi (well two actually, one is a test box) to run HA.
So I can’t offer you any specific platform advice as I’ve no experience of that.
You say you are moving to a Pi so with a generic platform, the support becomes more widely available.
Sorry
Mutt
I understand completely, don’t worry.
I hoped you or someone else, reading this treat, might had experience with it.
On a Dutch forum someone mentioned: You must assign the duckdns certificate to your reverse proxy.
I guess it my lack of knowledge that i don’t understand what is meant with it.
It depends, if you are doing the Pi installation anyway, then it’s a moot point.
But if you’d prefer to stick with the NAS you may be best to start a new topic with a title that will attract NAS platform users who may know specifics to your installation.
Awesome post, Mutt! You probably saved me hours and hours of difficult research. I followed the steps, and outside secure access is working great! Thank you so much for putting this together in one spot!
Thanks, Mutt!! I’ve solve the SSL problem according to your method.
One more question is about ipv6.
I don’t have the actual ipv4 address, but I can get the ipv6. I want to use the duckdns sync my ipv6 address. The instruction of duckdns says it will auto detect both ipv4 and ipv6. But when I look at the log file, it only shows the ipv4. I have to manually update the ipv6 address on duckdns website. Is there any way to fix this? Thanks!
Hmmm !
I don’t have ip v6 so I’m not 100% sure.
You may need to open a topic specific to that.
The whole idea though is that the duckdns addon contacts the duckdns website with your access token. It checks your token and says “beagle is contacting me from w.x.y.z” update beagle’s address to that.
So maybe your modem is preferentially using ip v4 ? I dunno, its just a guess.
Did you “like” the thread (boosts ranking for others looking for a solution) ?
Cheers
I used a shell script (examples on duckdns site) to update my IPv6 address. Most ISP/RSP’s give you a static IPv6 anyway so it should not be changing even if the IPv4 is dynamic.
I have followed the document of the duckdns addon and add the ipv6 option with the address “https://api6.ipify.org/”. But the log shows KO. I also found on the duckdns which says they can’t update the ipv6. I was wondering to change a ddns.
One more weird situation:
I have manually updated ipv6 on duckdns website.
And I can connect through https://xxxx.duckdns.org when I was in my local network.
Once I leave the local network, the address was broken.
I have tried turn off the firewall or add 2000::/3 into firewall but still the same.