Docker Containers behind NGINX Manager (Vaultwarden initially, now more around Duplicati)

Installation
1

I have migrated my entire system from HAOS on Raspberry to a full docker environment on a NUC. So far so good, all is working. I just keep having one issue, which I am not able to resolve; I cannot use the Bitwarden app on Android to login to my hosted server and am hoping someone here might have an idea.

Following is my environment:

  • Intel NUC with Ubuntu
  • Docker environment with NGINX manager and Vaultwarden
  • Certificates folder from NGINX mapped to Vaultwarden at the right place using folllowing docker-compose file:
  vaultwarden:
    container_name: vaultwarden
    image: vaultwarden/server:latest
    restart: unless-stopped
    volumes:
      - /opt/vaultwarden:/data/
      - /opt/nginxmanager/letsencrypt:/etc/letsencrypt
    ports:
      - xxxx:80
      - 3012:3012
    environment:
      WEBSOCKET_ENABLED: "true"
      ROCKET_TLS: '{certs="/etc/letsencrypt/live/npm-1/cert.pem",key="/etc/letsencrypt/live/npm-1/privkey.pem"}'
  • The port xxxx is forwarded on my router.

Now when I use the App on Apple, I can login to my custom hosted environment with this url:
https://xxxxxxx.duckdns.org:xxxx

But with the Android app I get following error:
image

And on the Vaultwarden Docker log it shows this:

[2023-03-27 06:12:23.169][rocket_http::tls::listener][WARN] tls handshake with EXTERNAL_IP:56364 failed: received fatal alert: CertificateUnknown

Anyone an idea of what I could try?

2

So, I solved this issue… I created a custom location in nginxmanager so I can now access Vaultwarden through ssl with the https://mydomain.duckdns.org/bitwarden url. Happy so far, but…

I have Duplicati running in Docker on the same Ubuntu server. I can access it locally with http://local-ip:8200…all good.

Now I am trying to run it by using NGINXManager and have created the following rule here:

image
image1345×887 45.1 KB

I had the following issue intially: I got a 404: Not found error when trying to access this url:
https://mydomain.duckdns.org/duplicati

I found out, it tried to redirect to:

https://mydomain.duckdns.org/login.html

So basically, Duplicati forwards to the login page, because I have set a password for the WebUI. I have tried everything I could read and find here to get around this, but could not find a way. I am guessing it is the custom location rule, but do not know enough about NGINX to figure it out.
So…that is my first question…anyone an idea of what I could try?

I then went on and removed the webui password and…now it works, I can open the webui with this url (of course without the password now)
https://mydomain.duckdns.org/duplicati

Now where I have an issue with this is the panel_iframe I use from within my Homeassistant. I am using the following code for that:

panel_iframe:
  zigbee2mqtt:
    title: Zigbee2MQTT
    icon: mdi:zigbee
    url: "https://mydomain.duckdns.org/zigbee2mqtt"
    require_admin: true
  duplicati:
    title: Duplicati
    icon: mdi:backup-restore
    url: "https://mydomain.duckdns.org/duplicati"
    require_admin: true

As you can see I use the exact same rules and logic as for my zigbee2mqtt page (and a few others). So, when I connect to my Homeassistant remotely by using https://mydomain.duckdns.org it opens the UI and I can use all the panel_iframe locations. Also Duplicati works fine.
Where the issue is when I connect to my Homeassistant via the internal url: http://localip:8123
Again, the Homeassistant UI comes up fine, I can use the panel_iframes, but…Duplicati gives an issue. It does show the duplicati web page, but immediately says it cannot connect:

image
image1836×930 47.6 KB

So, it feels like Duplicati uses some internal URL forwarding or so, which conflicts with the NGINX setup.

I hope someone here can help me…