DNS makes my router, as it can see only the docker ip all container names have the same ip.
But i think i found the problem, it is about my ipv4 / v6 configuration.
Described here
In host mode it is passed. But host mode is only available on Linux.
A special situation is when the docker host is ipv4 and ipv6 (which is quite normal today) and the containers are ipv4 only.
Then clients connecting per ipv4 are connecting the host per ipv4 (host mode/Linux only) and the correct client source address is seen in the container.
But if the client connects with ipv6 it is routed through the docker_gwbridge per ipv4 and the container can only see the IP address of the bridge. MS would say this is a feature
For a test i disabled ipv6 on my machine connecting to ha. And voila, the logs show my external ip (the one from my provider). Enabled v6 again, and it reverted to 172.30.32.1. So nginx x_forwarded_for works, but nginx does not see the real adress but only the docker ip.
Only solution at the moment seems to be to start the docker container with network_mode: host but i think this is not possible using one of the addons.
Again, thank you for helping, in the end it shoed me where to look further and my originally problem ist solved
Hi! I’m using the NGINX addon with DuckDNS + Letsencrypt to access my HA (VM in ProxMox) instance externally. Now,I’d like to access additional internal VM:s through the reverse proxy. Is this possible? If it is - is there a guide?
Yes, this is possible.
Not sure if there is a guide somewhere, but you can even achieve that with additional duckdns subdomains from you current duckdns domain. I went through this, maybe this post and the following ones by me help:
btw ! help ! i have problems while accesing ESPHOME and VSCODE addons iternaly by the addon , chrome browser shows blank page. other addons works well
edge shows 401: Unauthorized
Has anyone experienced getting their domains flagged as deceptive/phishing from Google after using NPM?
I moved from using NGINX Proxy SSL to NPM a few weeks ago due to needing to redirect more than 1 domain to different services, and wanted secure access. Not sure how long after, my the subdomain (from DuckDNS) that I was using to access HA was flagged as dangerous.
Shortly after, the other subdomain I was using to access this other addon was also flagged.
I have seen reports of people using DuckDNS subdomains of these issues. So I went and decided to use a domain of my own.
It was instaflagged too, and not only my own subdomain, but the main domain too (which was pointing to our business website). It caused quite a big deal of trouble tbh. Since it’s Google’s flagging system, it doesn’t allow you to use OAuth services with Google’s either.
After that I went ahead and did further testing today. I retraced my steps, went back to DuckDNS (same subdomain I was using) + NGINX Proxy SSL (NPM deactivated). So far it’s not being flagged, which is making me strongly suspicious NPM was indeed the culprit, and I’m not sure why.
I actually need to use NPM, as I said, since I need more than just HA to be accessible remotely. And NPM was easy enough for me (non-dev) to use, including the SSL certs.
My domain has also been flagged and as far as i can see this happens to a lot of us. (i have also seen something similar with other software)
you can read more about it at:
What do you mean by NPM? is that an option in Nginx Proxy Manager?
edit: did not know it was short for Nginx proxy manager.
I am looking for a solution for this.
but it is still interesting that NGINX Proxy SSL works but NPM not, but still implements the NGINX, this sounds like a option
@grosilver And did it never happen again? I cannot risk my entire domain to this happening once in a while. It fucked up our emails, everything started being rejected everywhere… it was a bit of chaos. Actually I’ve reported it this morning and I’m still waiting for it to be fixed.
@DJJo14 Yeah, I’ve seen that thread but it relates to DuckDNS. It was my first thought. But as I said, I tested with a domain of my own, doing DDNS on my own, without any connection to DuckDNS. And the domain was instantly flagged as soon as it connected to my local server. Which leads me to believe it’s not DuckDNS fault, but NPM…
Edit: so… today the DuckDNS subdomain shows as dangerous again, just using NGINX Proxy SSL. So NPM itself is not to blame then. I’m going to deactivate it and see if DuckDNS alone is still flagged, so I can blame reverse proxies in general.
I had to restore HomeAssistant from a backup and ever since my NGINX proxies don’t work anymore.
I was able to renew the certificates, all the port forwarding is still the same as before.
When I try to test the server reachability in NGINX I get this error: Communication with the API failed, is NPM running correctly?
I was reading through this thread but couldn’t find anything on how to restart/reinstall NPM in homeasssistant or in the NGINX add-on.
Can anyone help me here?
EDIT: Oh just realized NPM stands for NGINX Proxy Manager haha now I am even more confused. I have reinstalled the addon already and nothing changed
SOLVED: Now I feel stupid: It was all caused by a typo in the general network gateway settings of the Pi… Thanks for coming to my TED Talk
same, in 2023. I haven’t accessed the addon for a couple of months because I didn’t need to, and now I cannot log in. Password is managed by Bitwarden and should be correct.
Hi, with the Nginx Proxy Manager is the ZeroSSL cert with automated renew supported, if so, how to configure it? The ZeroSSL support page says it’s a partner with nginx-proxy, but there are two nginx proxy’s available inside the HA Add-on store, which one is it? I’m a noob when it comes to ssl certificates, until now i configured them manually (generating the cert inside ZeroSSL web and downloading the certs and uploading to HA and using the configuration.yaml to locate the cert and key)
Hi, I’m trying to configure access lists on NPM to prevent external access to some services I am going to add, but they don’t seem to be working because the IP that Nginx sees for every client is 172.30.32.1.
This is also an issue because the HA ip_ban system also detects the same IP.
If I use WireGuard, the IP which gets recorded is my home network public IP.
From what I read, adding an X-Forwarded For header should do the trick, but I don’t know how to do that, especially for the VPN traffic.
Also, how do I decide if I can enable cache assets, web sockets support and http/2 support depending on the service I’m using? (I’m my case I’d like to configure HA, Bitwarden, UniFi app, Node-RED dashboard and Nginx itself)
HA, WG (add-on) and NPM (add-on) are all hosted on my RPi.
I would like to setup https access to the Plex addon, as well as Overseerr and it looks like the Nginx Proxy Manager is designed to do this, but I’m worried that either it won’t work or will conflict with the ubios-cert setup.
So can I simply install the Nginx Proxy Manager addon, or do I first need to undo the ubios-cert and dydns setup on my UDM Pro?