Page 1 of 1
Hostname Verification Fails w/ Correct Hostname in Whitelist
Posted: May 12th, 2020, 9:05 am
by wingman1487
Hi all, just want to preface this with the fact that I know the hostname verification has been asked many times, however I've setup a few SABnzbd instances on Debian in a very similar form and this is the first time I'm running across it not accepting what I've put in the white list, hoping someone may have a different perspective to help me out.
Trying to figure this out, building a Docker environment on a Synology DS918+ box, using Nginx container to reverse proxy into the VPN container network to connect to Sonarr/Radarr/SABnzbd. Everything is working with the exception of SABnzbd failing the hostname verification. I can see SABnzbd log down that it is refusing the connection from hostname "sabnzbd" which is odd because this is defiantly in my host_whitelist. I've checked and double checked that I didn't fat finger anything, anybody have any suggestions for me to check, I'm at a loss.
Re: Hostname Verification Fails w/ Correct Hostname in Whitelist
Posted: May 12th, 2020, 10:01 am
by sander
Why not use the IP address?
(Or is that impossible with the reverse proxy?)
Re: Hostname Verification Fails w/ Correct Hostname in Whitelist
Posted: May 12th, 2020, 10:19 am
by sander
wingman1487 wrote: ↑May 12th, 2020, 9:05 am
Everything is working with the exception of SABnzbd failing the hostname verification. I can see SABnzbd log down that it is refusing the connection from hostname "sabnzbd" which is odd because this is defiantly in my host_whitelist. I've checked and double checked that I didn't fat finger anything, anybody have any suggestions for me to check, I'm at a loss.
OK ... but in a container that is not the name that SABnzbd knows as system's name, right?
A test: SABnzbd in a docker container, the know URLS are:
http://127.0.0.1:8080/sabnzbd
http://44d01b94cdc9:8080/sabnzbd
http://172.17.0.2:8080/sabnzbd
Nothing with 'sabnzbd' in it.
Re: Hostname Verification Fails w/ Correct Hostname in Whitelist
Posted: May 12th, 2020, 11:59 am
by wingman1487
It's gotta be the way I'm setting up my container. I'm using the
(where VPN is the name of my VPN container) for each of the services, then building up my Nginx linking below
Code: Select all
docker run --rm \
--name=nginx \
-v /config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
-p 7878:7878 -p 8989:8989 -p 8080:8080 \
--link vpn:radarr \
--link vpn:sonarr \
--link vpn:sabnzbd \
nginx
Because the containers don't expose the ports themselves I have to use the reverse proxy to link to them and expose them that way (keeps only those containers tunneled through my VPN and leaves others alone). My Nginx conf is pretty simple, just setting up a simple server object for each like so.
Code: Select all
server { # simple load balancing
listen 8080;
server_name sabnzbd;
access_log /var/log/sabnzbd main;
location / {
proxy_pass http://sabnzbd:8080;
}
Re: Hostname Verification Fails w/ Correct Hostname in Whitelist
Posted: May 18th, 2020, 8:11 pm
by wingman1487
sander wrote: ↑May 12th, 2020, 10:19 am
wingman1487 wrote: ↑May 12th, 2020, 9:05 am
Everything is working with the exception of SABnzbd failing the hostname verification. I can see SABnzbd log down that it is refusing the connection from hostname "sabnzbd" which is odd because this is defiantly in my host_whitelist. I've checked and double checked that I didn't fat finger anything, anybody have any suggestions for me to check, I'm at a loss.
OK ... but in a container that is not the name that SABnzbd knows as system's name, right?
A test: SABnzbd in a docker container, the know URLS are:
http://127.0.0.1:8080/sabnzbd
http://44d01b94cdc9:8080/sabnzbd
http://172.17.0.2:8080/sabnzbd
Nothing with 'sabnzbd' in it.
So I was able to test with the name 44d01b94cdc9, however it also refused the connection. I also added that name to the whitelist just in case and same result.
2020-05-18 19:54:08,459::WARNING::[interface:329] Refused connection with hostname "44d01b94cdc9" from: 172.17.0.3>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36
Re: Hostname Verification Fails w/ Correct Hostname in Whitelist
Posted: May 20th, 2020, 6:18 am
by safihre
Can you share how you specified your host_whitelist? Maybe a screenshot.
Because if it logs it like this, it should be able to filter it correctly.
Re: Hostname Verification Fails w/ Correct Hostname in Whitelist
Posted: May 20th, 2020, 8:29 am
by wingman1487
sander wrote: ↑May 12th, 2020, 10:01 am
Why not use the IP address?
(Or is that impossible with the reverse proxy?)
This was it, I like you didn't think I could pass the IP address using the reverse proxy the way I was, however I pulled the IP from the docker network the VPN was attached to and used it in the Nginx config like below and that did it! This was a head scratchier, and I was not able to replicate the problem in my dev Debian environment, when doing the exact same thing and adding "sabnzbd" to the white_list everything worked as expected, but on Synology no mater what hostname I passed to it and white_listed it would reject it, had to be an IP address. Maybe something to look into? Happy to share any details.
Code: Select all
server { # simple load balancing
listen 8080;
server_name sabnzbd;
access_log /var/log/nginx/sabnzbd.log main;
location / {
proxy_pass http://sabnzbd:8080;
}
}
Code: Select all
server { # simple load balancing
listen 8080;
server_name sabnzbd;
access_log /var/log/nginx/sabnzbd.log main;
location / {
proxy_pass http://172.17.0.2:8080;
}
}
Re: Hostname Verification Fails w/ Correct Hostname in Whitelist
Posted: May 20th, 2020, 9:37 am
by safihre
Nice
