this post was submitted on 28 Jan 2024

10 points (91.7% liked)

Selfhosted

39919 readers

230 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Reverse-proxying from a docker network (lemmy.dbzer0.com)

submitted 9 months ago* (last edited 9 months ago) by Scrath@lemmy.dbzer0.com to c/selfhosted@lemmy.world

9 comments fedilink hide all child comments

Hello, I have a question regarding the usage of a reverse-proxy which is part of a docker network.

I currently use Nginx Proxy Manager as a reverse-proxy for all my services hosted in docker. This works great since I can simply forward using each containers name. I have some services however (e.g. homeassistant) which are hosted separately in a VM or using docker on another device.

Is it possible to use the same reverse-proxy for those services as well? I haven't found a way to forward to hosts outside of the proxies docker network (except for using the host network setting which I would like to avoid)

top 9 comments

sorted by: hot top controversial new old

[–] AbouBenAdhem@lemmy.world 5 points 9 months ago (1 children)

If the other services are exposed on local ports, you can have NPM forward to those.

[–] Scrath@lemmy.dbzer0.com 2 points 9 months ago (2 children)

By exposed you basically mean that I can reach them using my browser? I can reach my homeassistant web ui on port 8123 but when I try to forward to that port with the servers IP I get a 400 Bad Request error. I'm not sure if this is caused by nginx being unable to forward or by homeassistant not accepting the connection somehow

[–] rambos@lemm.ee 9 points 9 months ago* (last edited 9 months ago) (2 children)

For homeassistant I had to add this in configuration.yaml

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.21.0.2

Where 172.21.0.2 is my NPM docker IP

Edit: its NPM IP and not HA like I wrote first time

[–] tarmarbar@startrek.website 5 points 9 months ago

This. Also, make sure the proxy is proxying websocket traffic as well. I do it with pure nginx like this:

server {
    listen 80;
    server_name example.com;

    location / {
        proxy_pass http://192.168.1.100:8123/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

[–] Scrath@lemmy.dbzer0.com 1 points 9 months ago (1 children)

Thanks. I tried it like this and still get a 400 Bad Request error.

Someone below mentioned adding some more IPs to the trusted_proxies list so I tried that as well without result. The IP I used for the reverse-proxy is the IP listed in portainer under the network for the proxy container. Just to reiterate, the container is running on a different device than homeassistant (technically same device but different VM but that shouldn't make a difference).

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.208.2 # IP of reverse-proxy in its network
    - 192.168.208.0/20 # Subnet of proxy docker network
    - 192.168.1.103 # HA IP

[–] rambos@lemm.ee 1 points 9 months ago

My NPM window looks the same as yours. Im not sure mate, I would try disabling firewall just to see is that the problem. Im not expert in that area and nothing else comes to my mind sorry. Im also running everything under one host

[–] emuspawn@orbiting.observer 2 points 9 months ago* (last edited 9 months ago) (1 children)

If you have any kind of firewall on your network, you might make sure it's not blocking that port with a rule. Here's a couple screenshots from my setup in case that helps.

The config in NPM

The config in HA's configuration.yaml

Try adding just the NPM IP and HA IP first, then add the docker internal network as well if you still have issues.

[–] Scrath@lemmy.dbzer0.com 1 points 9 months ago

Thanks for the configuration example. Unfortunately it doesn't seem to work for me. I've replied to someone above with screenshots of what my configuration now looks like. The base_url option you use there wasn't available to me because it apparently has been deprecated and replaced with internal_url and external_url.

[–] Decronym@lemmy.decronym.xyz 0 points 9 months ago* (last edited 9 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters	More Letters
HA	Home Assistant automation software
~	High Availability
HTTP	Hypertext Transfer Protocol, the Web
IP	Internet Protocol
nginx	Popular HTTP server

3 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.

[Thread #460 for this sub, first seen 29th Jan 2024, 01:25] [FAQ] [Full list] [Contact] [Source code]