Adguard integration behind a Traefik reverse proxy

Third party integrations
1

I’ve got a Docker server in which both HA and several other apps including Adguard are installed in containers. When I try to set up the Adguard integration it can’t connect to my Adguard instance, with the below error in my logs.

Basically, Traefik reverse proxies Adguard such that I can go to https://adguard.mydomain.com to interact with it. During setup the installer for Adguard changed itself to port 80 and my Traefik labels represent that. I can use Adguard itself just fine (53 is directly exposed for DNS). The domain is a real one with a valid LE SSL certificate and I have DNS entries set up in Adguard so that my clients point to the internal lan IP address.

I’m not sure what is happening. It could be trying to connect to port 3000 despite having a port field which might result in the 404 error. Any help is appreciated.

Config screen for the intergation:

image
image503×541 14 KB

Traefik log (included for thoroughness, from another attempt):

172.27.0.1 - - [30/May/2021:17:14:54 +0000] "GET /control/status HTTP/1.1" - - "-" "-" 86 "-" "-" 0ms
192.168.1.221 - - [30/May/2021:17:14:54 +0000] "POST /api/config/config_entries/flow/d73ab95d89a945b6a0ebb25797066d92 HTTP/2.0" 500 55 "-" "-" 85 "ha-secure@docker" "http://172.27.0.4:8123" 7ms

Home Assistant log:

Logger: aiohttp.server
Source: components/adguard/config_flow.py:93
First occurred: 12:35:13 AM (36 occurrences)
Last logged: 2:27:09 AM

Error handling request
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/aiohttp/web_protocol.py", line 422, in _handle_request
    resp = await self._request_handler(request)
  File "/usr/local/lib/python3.8/site-packages/aiohttp/web_app.py", line 499, in _handle
    resp = await handler(request)
  File "/usr/local/lib/python3.8/site-packages/aiohttp/web_middlewares.py", line 119, in impl
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/security_filter.py", line 56, in security_filter_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/request_context.py", line 18, in request_context_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/ban.py", line 74, in ban_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/auth.py", line 135, in auth_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/view.py", line 131, in handle
    result = await result
  File "/usr/src/homeassistant/homeassistant/components/config/config_entries.py", line 155, in post
    return await super().post(request, flow_id)
  File "/usr/src/homeassistant/homeassistant/components/http/data_validator.py", line 63, in wrapper
    result = await method(view, request, *args, **kwargs)
  File "/usr/src/homeassistant/homeassistant/helpers/data_entry_flow.py", line 109, in post
    result = await self._flow_mgr.async_configure(flow_id, data)
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 199, in async_configure
    result = await self._async_handle_step(flow, cur_step["step_id"], user_input)
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 257, in _async_handle_step
    result: FlowResult = await getattr(flow, method)(user_input)
  File "/usr/src/homeassistant/homeassistant/components/adguard/config_flow.py", line 93, in async_step_user
    await adguard.version()
  File "/usr/local/lib/python3.8/site-packages/adguardhome/adguardhome.py", line 223, in version
    response = await self.request("status")
  File "/usr/local/lib/python3.8/site-packages/adguardhome/adguardhome.py", line 164, in request
    raise AdGuardHomeError(
adguardhome.exceptions.AdGuardHomeError: (404, {'message': '404 page not found\n'})
2

As soon as I typed this all out and submitted I thought hey, lets try port 443 and of cause it now works.

Ah well, thanks for reading anyway. :grin:

3

I’m having a problem almost like yours … Can you share your docker-compose.yaml?

4

I got the same Setup:
2 times AdGuard Home behind Traefik Reverse Proxy on 2 Raspberry Pis to protect my home network.

I can confirm that port 443 works (as long you are using HTTPS/SSL:

Host: adguard.my-local-domain.lan
Port: 443

5

If you’ve got it setup in docker-compose you could probably route to the adguard container directly from home assistant without going through ‘my domain.com’. e.g. by using the adguard container name as the host address, or by pointing the host address to 0.0.0.0 and the port to the one exposed by adguard.

(that last option is the one I chose)

6

Been a while since I even looked at this but in case anyone wants the docker-compose.yml here it is:

version: "3"

services:
  adguard:
    container_name: adguard
    image: adguard/adguardhome:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    expose:
      - "80"
    volumes:
      - '/mnt/data/adguard/work:/opt/adguardhome/work'
      - '/mnt/data/adguard/conf:/opt/adguardhome/conf'
    cap_add:
      - NET_ADMIN
    restart: always
    networks:
      - proxy
    labels:
      - "traefik.port=80"
      - "traefik.enable=true" 
      - "traefik.http.routers.adguard.rule=Host(`adguard.mydomain.com`)" 
      - "traefik.http.routers.adguard.entrypoints=web" 
      - "traefik.http.routers.adguard.middlewares=redirect@file" 
      - "traefik.http.routers.adguard-secure.rule=Host(`adguard.mydomain.com`)"
      - "traefik.http.routers.adguard-secure.entrypoints=websecure" 
      - "traefik.http.routers.adguard-secure.tls.certresolver=myresolver" 
      - "traefik.http.services.adguard-secure.loadbalancer.server.port=80"
      - "traefik.docker.network=proxy"


networks:
  proxy:
    external: true
7

Hey this is what I have but can’t get it to work in traefik, could you please share your traefik config?

currently I have this but i get 404 and the “sheild” on traefik dashboard is not there

http:
  routers:
    doh:
      rule: "Host(`x.domain.pw`)"
      service: "doh"
      entryPoints: ["websecure"]

  services:
    doh:
      loadBalancer:
        servers:
          - url: "https://dns.domain.pw/dns-query"
          - url: "https://dns2.domain.pw/dns-query"

I can reach dns and dns2 from inside docker running trafeik so that is not the issue

ps sorry from bumping old thread