Putting Pi-Hole Behind Swag

Hi All,

After banging my head against the table for a few hours I've come back for some help...

I have the following set-up

OMV6 + Nextcloud + swag as per: RE: Nextcloud Bad Gateway

Pi-hole using a VLAN with the following ports on the same machine (see attached)

For some reason, I can't get to the swag landing page on my local network. I would love to be able to not use local IP to get onto my nextcloud, omv, etc. I believe this would involve Swag taking priority, and everything else being behind it?

I have tried:

- Turning off the PiHole container and this changes nothing.

- Changing ports for Swag

- Custom DNS record to point my domain to the host IP, but I think this wont work as it probably wont reach swag?

Has anyone got advice on how I can get this working? I think my router isnt too smart so I imagine that I will need Swag pointing requests to Pi-Hole which will have a custom DNS entry? My knowledge on this isnt too strong so any help is incredibly welcome!

Thanks a lot!

Rowan

Quote from Soma

To get help you need to provide more info.

You can start with the YML that you use for SWAG and Nextcloud.

Hide sensible data

Hi Soma,

Mine are are exactly the same as those in: RE: Nextcloud Bad Gateway

I had the correct ports forwarded etc and the relevant bits uncommented. I just never could get to the swag landing page inside my network

Thanks,

Rowan

Just to clarify I've been using it like this for over a year and it works ok to access with IP locally and with domain externally but finally getting around to trying to sort it

My NC:

version: "2.1"
services:
  nextcloud:
    image: ghcr.io/linuxserver/nextcloud:latest
    container_name: nextcloud
    network_mode: swag_default
    environment:
      - PUID=1000
      - PGID=100
    volumes:
      - /srv/dev-disk-by-uuid-ad59b368-fece-4a19-b84a-c520a02b6d20/nextcloud:/config
      - /srv/dev-disk-by-uuid-ad59b368-fece-4a19-b84a-c520a02b6d20/nextcloud-data:/data
      - /etc/localtime:/etc/localtime:ro
    depends_on:
      - mariadb
    ports:
      - 450:443
    restart: unless-stopped
  mariadb:
    image: ghcr.io/linuxserver/mariadb:10.6.13
    container_name: nextclouddb
    network_mode: swag_default
    environment:
      - PUID=1000
      - PGID=100
      - MYSQL_ROOT_PASSWORD=x
    volumes:
      - /srv/dev-disk-by-uuid-ad59b368-fece-4a19-b84a-c520a02b6d20/mariadb:/config
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped

My Swag:

version: "2.2"
services:
  swag:
    image: ghcr.io/linuxserver/swag
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=998
      - PGID=100
      - URL=x.duckdns.org
      - DUCKDNSTOKEN=x
      - SUBDOMAINS=wildcard
      - VALIDATION=duckdns
      - EMAIL=x@gmail.com 
      - DOCKER_MODS=linuxserver/mods:swag-dashboard
    volumes:
      - /srv/dev-disk-by-uuid-ad59b368-fece-4a19-b84a-c520a02b6d20/swag:/config
      - /etc/localtime:/etc/localtime:ro
    ports:
      - 444:443
      - 82:80
      - 81:81
    restart: unless-stopped

I have ports 443 external fwd to 444 internal

82 fwd to 80

I can reach swag landing page outside of my network.

Thanks!

Rowan

Quote from Soma

Please, edit your post but don't mask the UUIDs (noone will hack you drives by knowing them).

If you have access to SWAG via WAN, them it's only a matter of configuration.

Hi,

That's now done,

Thanks

Quote from Soma

ls -al /srv/dev-disk-by-uuid-ad59b368-fece-4a19-b84a-c520a02b6d20/swag/nginx/proxy-confs/nextcloud.sub*.conf

Hide sensible DATA (URL, PW)

cat /srv/dev-disk-by-uuid-ad59b368-fece-4a19-b84a-c520a02b6d20/nextcloud/www/nextcloud/config/config.php

For the first:

-rw-r--r-- 1 root root 1629 Oct 25 17:31 /srv/dev-disk-by-uuid-ad59b368-fece-4a19-b84a-c520a02b6d20/swag/nginx/proxy-confs/nextcloud.subdomain.conf

For the second:

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'ocrue0s1tf5r',
  'passwordsalt' => 'XX',
  'secret' => 'XX',
  'trusted_domains' =>
  array (
    0 => '192.168.1.30:450',
    1 => 'nextcloud.XX.duckdns.org',
  ),
  'dbtype' => 'mysql',
  'version' => '27.1.2.1',
  'dbname' => 'nextcloud',
  'dbhost' => 'nextclouddb',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'oc_XX',
  'dbpassword' => 'XX',
  'installed' => true,
  'overwrite.cli.url' => 'https://nextcloud.XX.duckdns.org',
  'overwriteprotocol' => 'https',
  'default_phone_region' => 'GB',
  'mail_smtpmode' => 'sendmail',
  'mail_sendmailmode' => 'pipe',
  'mail_from_address' => 'admin',
  'mail_domain' => 'nowhere.com',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'filelocking.enabled' => 'true',
  'memcache.locking' => '\\OC\\Memcache\\APCu',
);

Thanks,

Rowan

Quote from Soma

Rowr21

Your config.php is missing this array:

Code

  'trusted_proxies' =>
  array (
    0 => 'swag',
  ),

Edit with the user that owns it (according to the YML, it's user 1000) like this:

PHP

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'ocrue0s1tf5r',
  'passwordsalt' => 'XX',
  'secret' => 'XX',
  'trusted_proxies' =>
  array (
    0 => 'swag',
  ),
  'trusted_domains' =>
  array (
    0 => '192.168.1.30:450',
    1 => 'nextcloud.XX.duckdns.org',
  ),
  'dbtype' => 'mysql',
  'version' => '27.1.2.1',
  'dbname' => 'nextcloud',
  'dbhost' => 'nextclouddb',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'oc_XX',
  'dbpassword' => 'XX',
  'installed' => true,
  'overwrite.cli.url' => 'https://nextcloud.XX.duckdns.org',
  'overwriteprotocol' => 'https',
  'default_phone_region' => 'GB',
  'mail_smtpmode' => 'sendmail',
  'mail_sendmailmode' => 'pipe',
  'mail_from_address' => 'admin',
  'mail_domain' => 'nowhere.com',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'filelocking.enabled' => 'true',
  'memcache.locking' => '\\OC\\Memcache\\APCu',
);

Display More

Ctrl+O+ENTER

docker restart nextcloud

Display More

Hi,

Thanks for this but this did not help,

Shouldn't I be able to reach the SWAG landing page if this was incorrect? By dropping the nextcloud. I can do this outside my network, but not inside?

I can also try dnsmasq on another device and not use PiHole if there is a solution to be had that way?

Thanks a lot,

Rowan

Quote from Soma

Maybe I'm not following you properly.

What do you mean by this?

Can you get to nextcloud via WAN by https://nextcloud.YOURSUBDOMAIN.duckdns.org ?

So,

If I'm on mobile data, https://nextcloud.YOURSUBDOMAIN.duckdns.org works fine. And https://YOURSUBDOMAIN.duckdns.org takes me to SWAG landing page

On my home network, on any device neither https://nextcloud.YOURSUBDOMAIN.duckdns.org or https://YOURSUBDOMAIN.duckdns.org works, they both say "this site cant be reached". I have cleared browser caches and used different browsers too,

Thanks

Rowan

Quote from raulfg3

Hello, To swag my pihole, I need to install on a MacVLAN and use external port to redirect, because pihole cant see swag docker (because is a MacVlan and is isolated from the bridge network when swag works) = to test it, open a cli on your swag docker and try to ping pihole IP, do not work, but ping to NAS IP works fine.

so you need to redirect some obscure port (eg:9976) to your Pihole IP:80 on your router.

I never can make visible pihole on swag.

Hi,

I did have this set-up with a MacVLAN. I did delete my PiHole container however as I wanted to remove as many variables as possible.

I have also tried DNSMasq on a DIFFERENT device to redirect YOURSUBDOMAIN.duckdns.org to the IP of the device with my SWAG instance, to no avail,

Thanks,

Rowan

Quote from chente

To do this, simply redirect a domain to an IP on your network. You should only have to specify the IP from which you access Nextcloud on your network so that the domain points there.

Hi Chente, I have tried this, and in the logs of DNSMasq it says it has forwarded on the request to the correct IP, but still doesn't work? Have you got any ideas?

Quote from Soma

This means your router doesn't allow NAT reflection or hairpinning.

Sorry, can't help you further

Thanks anyway, shouldn't split DNS be a workaround for this? Would you have any guidance for this?

Thanks both,

Quote from chente

To do this, simply redirect a domain to an IP on your network. You should only have to specify the IP from which you access Nextcloud on your network so that the domain points there.

If I used DNSMasq on a Home Assistant installation that I have on another device (192.168.1.57)

Could I create an entry to point mydomain.duckdns.org to 192.168.1.30 (my Nextcloud/swag device)

I have currently tried this and the DNS server is set on my router to be the one from the home assistant

Thanks,

Rowan