Swag is not working anymore

  • Dear all,

    I have an OMV system which worked very well with swag and a duckdns subdomaine to access it from the internet.

    This worked very good. Recently, only the IP adress of the OMV system changed. I made the change in all the *.subdomain.conf files replacing the old IP adress by the new one but this does not work. Also, as I did one time, I did open on my router the 443 port, but this does not work as well.

    Any help on that would be very nice.

    Thank you very much,

    Harold



    PS: eveything is working well locally on the network.

  • Hello, thank you for your mail. The Ip adress of my box did not change, only the local adress of the OMV system. In DuckDNS, you just specify the IP of the box, right ?

  • Hello, thank you for your mail. The Ip adress of my box did not change, only the local adress of the OMV system. In DuckDNS, you just specify the IP of the box, right ?

    And did you change the portforward on the router to the new LAN IP?

  • Without knowing IP and yml, it's difficult to know.


    Is the portforward correct to the swag port instance?

    Was swag restarted to connect via the new IP?

  • Thank you.

    The YML is :


    ---

    version: "2.1"

    services:

    swag:

    image: lscr.io/linuxserver/swag:latest

    container_name: swag

    cap_add:

    - NET_ADMIN

    environment:

    - PUID=1000

    - PGID=1000

    - TZ=Europe/Paris

    - URL=mysubdomain.duckdns.org

    - VALIDATION=duckdns

    - SUBDOMAINS=wildcard

    - CERTPROVIDER= #optional

    - DUCKDNSTOKEN=mytoken

    - EMAIL= mymail

    volumes:

    - /srv/dev-disk-by-uuid-92231eb7-e8d7-49e4-8445-0aaa5c450b26/config/swag:/config

    ports:

    - 443:443

    #- 82:80

    restart: unless-stopped


    and LAN IP is 192.168.0.21


    This is what you needed ?


    Thank you so much,

    Harold

  • Hello again,

    I changed my swag YML to :


    ---

    version: "2.1"

    services:

    swag:

    image: lscr.io/linuxserver/swag:latest

    container_name: swag

    cap_add:

    - NET_ADMIN

    environment:

    - PUID=1000

    - PGID=1000

    - TZ=Europe/Paris

    - URL=

    - VALIDATION=duckdns

    - SUBDOMAINS=wildcard

    - CERTPROVIDER= #optional

    - DUCKDNSTOKEN=

    - EMAIL=

    volumes:

    - /srv/dev-disk-by-uuid-92231eb7-e8d7-49e4-8445-0aaa5c450b26/config/swag:/config

    ports:

    - 444:443

    #- 82:80

    restart: unless-stopped


    On the router, I directed the port 443 to 444.


    Am I on the right way ?


    Thanks

  • I think you are close but a couple of things I would suggest is.


    no need include version line in yaml


    I think you have port forward on your router incorrect. On the router you need to port forward wan 444 to ip of swag host on port 444.


    I am assuming you are using port 444 as you are already using 443 on the host (or as an extra little bit of security)?


    Below is how I have my swag configured. Hope it's helpful.


    If you post your yaml in a code box, we can check the indentation as this is very important.



  • Well, I am sorry but my swag worked since almost two years but was broken some days ago.

    Even if I succeded in seting up it years ago, I have to say that I do not remember abotu these settings, so I am begining again from zero.

    What I did :

    - in the router I did forward port 443 to port 443 specifying the local IP of the OMV system;

    - in portainer, I took your stack and deplyed it, but this does not work.

    Here is the yml of the stack :


  • That is strange. Does the container start? Have you checked the logs for any errors?


    You will need check permissions and files are correct on your local config directory.


    What is your main use case for swag? E.g Reverse proxy, web server etc

  • Thank you for your message.

    On the router, the 443 port is going to 443 with the IP adress of the OMV system.

    I did not check the logs, how to get them ?

    yes, I think the local path is correct

  • If your swag container is started (up) then that is good and you really are close.


    To view logs: Start (up) the container and then go to the services tab in compose plugin and select the swag service then view logs...


    Couple of very helpful links below. The first is very helpful to understand docker and how to setup correctly


    omv7:docker_in_omv [omv-extras.org]


    Then there is one for the compose plugin


    omv7:omv7_plugins:docker_compose [omv-extras.org]

  • I have just looked back at your previous post and I see that you are using portainer and not the compose plugin. Sorry.


    I can help you with portainer as I used it before the compose plugin was developed. Now I prefer to use the compose plugin integrated into OMV as it simpler to use and easier to maintain (in my opinion). I do suggest you get this working using the compose plugin and then you no longer need portainer.


    Either way will work. to help you I have spun up swag on my test omv system using the compose file and portainer. It works fine but I did need to do this to get it working.


    1. add my email address as an environment variable to the compose

    2. change file/folder ownership from root to GUID 1001 (you will need to change to 1000) for the swag local folders after starting the stack the first time with errors.


    Complete and tested compose for the stack.


  • Hello,

    thank you so much. This does not work.

    The logs are :


    -----
    Variables set:
    PUID=1001
    PGID=100
    TZ=Europe/Paris
    URL=hmouras.duckdns.org
    SUBDOMAINS=wildcard
    EXTRA_DOMAINS=
    ONLY_SUBDOMAINS=false
    VALIDATION=duckdns
    CERTPROVIDER=
    DNSPLUGIN=
    EMAIL=hmouras@gmail.com
    STAGING=

    Created .donoteditthisfile.conf
    the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use http://www.subdomain.duckdns.org
    Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    No certificate found with name hmouras.duckdns.org (expected /etc/letsencrypt/renewal/hmouras.duckdns.org.conf).
    Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
    Using Let's Encrypt as the cert provider
    SUBDOMAINS entered, processing
    Wildcard cert for hmouras.duckdns.org will be requested
    E-mail address entered: hmouras@gmail.com
    dns validation via duckdns plugin is selected
    Generating new certificate
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Account registered.
    Requesting a certificate for *.hmouras.duckdns.org
    Waiting 30 seconds for DNS changes to propagate

    Certbot failed to authenticate some domains (authenticator: dns-duckdns). The Certificate Authority reported these problems: Domain: hmouras.duckdns.org Type: unauthorized Detail: Incorrect TXT record "" found at _acme-challenge.hmouras.duckdns.org

    Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-duckdns. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-duckdns-propagation-seconds (currently 30 seconds).

    Some challenges have failed.
    Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
    ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/duckdns.ini file.

    END OF LINE


    Helpful ?

  • It might be file permissions on the directory/files created by the container.


    To see if you can get the container to run at all, edit the compose and use 0 (root) as the PUID.


    Then redeploy the container (edit stack and redeploy) and post back the log


    If you get it working using root, then we can make it safer after

  • A log file when working will look like this


  • Error is:

    Code
    Certbot failed to authenticate some domains (authenticator: dns-duckdns). The Certificate Authority reported these problems: Domain: hmouras.duckdns.org Type: unauthorized Detail: Incorrect TXT record "" found at _acme-challenge.hmouras.duckdns.org
    
    Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-duckdns. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-duckdns-propagation-seconds (currently 30 seconds).



    so the problem is that port 80 or 443 is not well redirected.


    is OMV working on port 80 or port 443?, if yes is part of the problem.


    in my yml i have:


    Code
    volumes:
          - /etc/localtime:/etc/localtime:ro
          - /realpath/omv-system/appdata/swag:/config
        ports:
          - 445:443
          - 85:80
        restart: unless-stopped


    so in my router I redirect port 443 to port 445 (IP of the NAS) & port 80 to port 85 (IP of the NAS) .


    this have the advantage of do not touch ports on OMV webGUI ( can be 80 and 443).

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!