search

linuxserver / docker-swag

Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
https://docs.linuxserver.io/general/swag
GNU General Public License v3.0
2.66k stars 231 forks source link

[BUG] Timeout Errors with HTTP Validation in SWAG Container on Podman #489

Open Zilong-L opened 1 week ago

Zilong-L commented 1 week ago

Is there an existing issue for this?

Current Behavior

I am encountering an issue with setting up a reverse proxy using the linuxserver/swag Docker image on Podman. When using HTTP validation for DNS with Certbot, the setup fails due to timeout errors, which do not occur when using Docker Compose. Below are the details of my configuration and the error logs.

a normal nginx container running on port 80 with podman works fine.

Expected Behavior

I expect podman to work fine with this image.

Steps To Reproduce

  1. run the podman run command
  2. fails to proceed the challenge step.

Environment

- OS: Ubuntu 20.04 podman 3.4.4
- docker works fine. podman works if I use dns query mode.

CPU architecture

x86-64

Container creation

podman run -d \
  --name=swag \
  --cap-add=NET_ADMIN \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Etc/UTC \
  -e URL=mydomain.com \
  -e VALIDATION=http \
  -e SUBDOMAINS=webdav, `#optional` \
  -e CERTPROVIDER= `#optional` \
  -e DNSPLUGIN=cloudflare `#optional` \
  -e PROPAGATION= `#optional` \
  -e EMAIL= `#optional` \
  -e ONLY_SUBDOMAINS=true `#optional` \
  -p 443:443 \
  -p 80:80 `#optional` \
  -v ./swag:/config \
  --restart unless-stopped \
  lscr.io/linuxserver/swag:latest

Container logs

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: webdev.mydomain.com
  Type:   connection
  Detail: my ip : Fetching http://webdav.mydomain.com/.well-known/acme-challenge/tktDcSuwMUKNTNlHJgMT7eIYEO9lL7mCqt6IbOLZtw8: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container.
github-actions[bot] commented 1 week ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.