There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Reverse-proxying from a docker network

Hello, I have a question regarding the usage of a reverse-proxy which is part of a docker network.

I currently use Nginx Proxy Manager as a reverse-proxy for all my services hosted in docker. This works great since I can simply forward using each containers name. I have some services however (e.g. homeassistant) which are hosted separately in a VM or using docker on another device.

Is it possible to use the same reverse-proxy for those services as well? I haven’t found a way to forward to hosts outside of the proxies docker network (except for using the host network setting which I would like to avoid)

AbouBenAdhem ,

If the other services are exposed on local ports, you can have NPM forward to those.

Scrath OP ,

By exposed you basically mean that I can reach them using my browser? I can reach my homeassistant web ui on port 8123 but when I try to forward to that port with the servers IP I get a 400 Bad Request error. I’m not sure if this is caused by nginx being unable to forward or by homeassistant not accepting the connection somehow

rambos , (edited )

For homeassistant I had to add this in configuration.yaml


<span style="color:#323232;">http:
</span><span style="color:#323232;">  use_x_forwarded_for: true
</span><span style="color:#323232;">  trusted_proxies:
</span><span style="color:#323232;">    - 172.21.0.2
</span>

Where 172.21.0.2 is my NPM docker IP

Edit: its NPM IP and not HA like I wrote first time

tarmarbar ,

This. Also, make sure the proxy is proxying websocket traffic as well. I do it with pure nginx like this:


<span style="color:#323232;">server {
</span><span style="color:#323232;">    listen 80;
</span><span style="color:#323232;">    server_name example.com;
</span><span style="color:#323232;">
</span><span style="color:#323232;">    location / {
</span><span style="color:#323232;">        proxy_pass http://192.168.1.100:8123/;
</span><span style="color:#323232;">        proxy_set_header Host $host;
</span><span style="color:#323232;">        proxy_set_header X-Real-IP $remote_addr;
</span><span style="color:#323232;">        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
</span><span style="color:#323232;">        proxy_set_header X-Forwarded-Proto $scheme;
</span><span style="color:#323232;">
</span><span style="color:#323232;">        # WebSocket support
</span><span style="color:#323232;">        proxy_http_version 1.1;
</span><span style="color:#323232;">        proxy_set_header Upgrade $http_upgrade;
</span><span style="color:#323232;">        proxy_set_header Connection "upgrade";
</span><span style="color:#323232;">    }
</span><span style="color:#323232;">}
</span>
Scrath OP ,

Thanks. I tried it like this and still get a 400 Bad Request error.

https://lemmy.dbzer0.com/pictrs/image/fe1f4995-0a5e-4fc6-b679-6d7d4e93e264.png

Someone below mentioned adding some more IPs to the trusted_proxies list so I tried that as well without result. The IP I used for the reverse-proxy is the IP listed in portainer under the network for the proxy container. Just to reiterate, the container is running on a different device than homeassistant (technically same device but different VM but that shouldn’t make a difference).


<span style="color:#63a35c;">http</span><span style="color:#323232;">:
</span><span style="color:#323232;">  </span><span style="color:#63a35c;">use_x_forwarded_for</span><span style="color:#323232;">: </span><span style="color:#0086b3;">true
</span><span style="color:#323232;">  </span><span style="color:#63a35c;">trusted_proxies</span><span style="color:#323232;">:
</span><span style="color:#323232;">    - </span><span style="color:#0086b3;">192.168.208.2 </span><span style="font-style:italic;color:#969896;"># IP of reverse-proxy in its network
</span><span style="color:#323232;">    - </span><span style="color:#183691;">192.168.208.0/20 </span><span style="font-style:italic;color:#969896;"># Subnet of proxy docker network
</span><span style="color:#323232;">    - </span><span style="color:#0086b3;">192.168.1.103 </span><span style="font-style:italic;color:#969896;"># HA IP
</span>
rambos ,

My NPM window looks the same as yours. Im not sure mate, I would try disabling firewall just to see is that the problem. Im not expert in that area and nothing else comes to my mind sorry. Im also running everything under one host

emuspawn ,
@emuspawn@orbiting.observer avatar

If you have any kind of firewall on your network, you might make sure it’s not blocking that port with a rule. Here’s a couple screenshots from my setup in case that helps.

The config in NPM

https://orbiting.observer/pictrs/image/8201c738-48a5-4d37-935e-f7b959c902ec.png

The config in HA’s configuration.yaml

https://orbiting.observer/pictrs/image/fd0dc3dd-e12e-4a30-a5fd-ef86a2780957.png

Try adding just the NPM IP and HA IP first, then add the docker internal network as well if you still have issues.

Scrath OP ,

Thanks for the configuration example. Unfortunately it doesn’t seem to work for me. I’ve replied to someone above with screenshots of what my configuration now looks like. The base_url option you use there wasn’t available to me because it apparently has been deprecated and replaced with internal_url and external_url.

Decronym Bot , (edited )

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

Fewer Letters More Letters
HA Home Assistant automation software
~ High Availability
HTTP Hypertext Transfer Protocol, the Web
IP Internet Protocol
nginx Popular HTTP server

3 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.

[Thread for this sub, first seen 29th Jan 2024, 01:25] [FAQ] [Full list] [Contact] [Source code]

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •