I had this problem as well, I set the Scheme to http and went to the SSL tab and requested a cert. All my sites are accessible with https and working fine.
I can access my HA and NAS no problems. Im having trouble with transmission and pymedusa. I would like to be able to acces them as a sub-folder
1 Like
Try this for Transmission as subfolder (add to Advanced->Custom Nginx Configuration). I donāt use Pymedusa.
Last two lines refer to authentication done by NPM addon and you can remove them if not needed (Access List needs to be defined tough if NPM authentication is used).
Depending on the Transmission version that you have, you might need to fiddle with the full address passed by NPM when accessing it (ie: https://external_ip/transmission/web/ instead of https://external_ip/transmission/) as it might show a 409: Conflict error.
location /transmission/ {
proxy_read_timeout 300;
proxy_pass_header X-Transmission-Session-Id;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.0.100:9091/transmission/;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
Awesome, ill try it when I get home!
EDIT:
So I tried it, still no good
Is this correct?
Can someone help me setup a username and password for a site? Under Access List the only option I get is Publicly Accessible, nothing about passwords. It says I need to āEnable authenticationā but I donāt see a way to do that.
No, not in Location but in Advanced
From the dashboard go to Access Lists and create a new one.
In Authorization tab then enter user and password.
Then go back to the proxy hosts lists and the new access list should be available.
LE: keep in mind that, if you enable NPM authentication and you plan to use subfolders in tab Advanced, the authentication will be applicable only to the main host, not to the subfolders. For subfolders authentication you need to enable it manually for each subfolder (see my post above concerning Transmission).
Thank you so much. This has been driving me crazy.
Now I have another problem. I created an Access List and attached it to my site but now all I get is a ā401 Authorization Requiredā page and no place to enter a user name and password.
Hey Petrica,
I added the following Advanced (and deleted all items in customer locations):
location /sickchill/ {
proxy_read_timeout 300;
proxy_pass_header X-Transmission-Session-Id;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.86.100:8081/sickchill/;
}
I tried afew variations for proxy_pass, including http://192.168.86.100:8081/home/ which is how i access sickchill on my local network - both have the same 404 errors.
I was attempting to re-use what you did for transmission for sickchill, however only the text loads. I can see 404 errors in the logs.
404 404 - GET http xxx.duckdns.org "/js/ajaxNotifications.js?v=9ad35436f9ef5e663a065ff57ee2f1ec" [Client 192.168.86.1] [Length 2647] [Gzip -] [Sent-to 192.168.86.100] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" "http://xxx.duckdns.org/sickchill/"
My understanding of your items is that it would hit the local IP address for sickchill and then pass back the code as if it was on my local network. The 404 errors have thrown me completely as it shouldnāt need permissions to access those files?
All my docker containers are on that internal IP, but this port is not pointing to NPM - does that matter, the service im hitting works perfectly via the xxx.duckdns.org?
Hi @mitch,
Could you try:
location /sickchill/ {
proxy_pass http://192.168.86.100:8081/sickchill/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}
It doesnāt matter theyāre not on the same machine.
Iām gonna leave these here for others that might need them (but keep in mind that 1. most of the services donāt use their own authentication thus, if not setting and relying on external authentication such as NPM Access List - these two lines below - then they are accessible by anyone on the internet (WITHOUT ANY RESTRICTION), which is generally considered bad form 
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
and 2. some of them (where the address is http://ip:port/service_name) require a base path override; this is done in the gui settings or, some other times, in a file that needs to be modified on the server)
NGINX Reverse proxy examples
location /ombi {
proxy_pass http://192.168.0.45:3579;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /logarr/ {
proxy_pass http://192.168.0.45:8003/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /nagioslogserver {
proxy_pass http://192.168.0.222:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location ~* ^(/apps/portainer)(/api/websocket/.*)$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
set $upstream http://192.168.0.45:9000$2;
proxy_pass $upstream ;
}
location ~* ^(/apps/portainer)(/.*)$ {
proxy_http_version 1.1;
proxy_set_header Connection "";
set $upstream http://192.168.0.45:9000$2;
proxy_pass $upstream;
}
location /privatebin/ {
proxy_pass https://192.168.0.233/;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /webmin/ {
proxy_pass http://192.168.0.45:10000/webmin/;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /unmanic {
proxy_pass http://192.168.0.45:8889/;
proxy_set_header Host $host;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /plexpy {
proxy_pass http://192.168.0.45:8182;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /syncthing/ {
proxy_pass http://192.168.0.45:8384/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /lidarr {
proxy_pass http://192.168.0.45:8686;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /gui/ {
proxy_pass http://192.168.0.45:8888/gui/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location ~ ^/mylar($|./*) {
proxy_pass http://192.168.0.45:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location = /makemkv {return 301 $scheme://$http_host/makemkv/;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /makemkv/ {
proxy_pass http://192.168.0.45:5802/;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
location /makemkv/websockify {
proxy_pass http://192.168.0.45:5802/websockify/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
}
location /librarian {
proxy_pass http://192.168.0.45:5299/librarian/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location ~ ^/headphones($|./*) {
proxy_pass http://192.168.0.45:8181;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location = /handbrake {return 301 $scheme://$http_host/handbrake/;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /handbrake/ {
proxy_pass http://192.168.0.45:5801/;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
location /handbrake/websockify {
proxy_pass http://192.168.0.45:5801/websockify/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
}
location /ubooquity/ {
proxy_pass http://192.168.0.45:2202/ubooquity/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1 ;
}
location /varken/ {
proxy_pass http://192.168.0.45:3000/d/iTbnha5mkasdf/varken-official-v1-6-x/;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1 ;
}
location /bookstack/ {
proxy_pass http://192.168.0.45:6875/;
proxy_set_header Host $host;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /duplicati {
return 301 $scheme://$host/duplicati/;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location ^~ /duplicati/ {
rewrite /duplicati(.*) $1 break;
proxy_pass http://192.168.0.45:8200;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /codeserver/ {
proxy_pass http://192.168.0.45:8443/;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Accept-Encoding gzip;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location = /filebot {return 301 $scheme://$http_host/filebot/;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /filebot/ {
proxy_pass http://192.168.0.45:5800/;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
location /filebot/websockify {
proxy_pass http://192.168.0.45:5800/websockify/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
}
location /transmission/ {
proxy_read_timeout 300;
proxy_pass_header X-Transmission-Session-Id;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.0.45:9091/transmission/;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /jackett {
proxy_pass http://192.168.0.45:9117/jackett;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /htpc/ {
proxy_pass http://192.168.0.45:8085/htpc/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /calibre {
proxy_pass http://192.168.0.45:8083;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /calibre;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /radarr {
proxy_pass http://192.168.0.45:7878;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /sonarr {
proxy_pass http://192.168.0.45:8989;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /bazarr {
proxy_pass http://192.168.0.45:6767;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /booksonic {
proxy_pass http://192.168.0.45:4041/booksonic;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
location /cc/ {
proxy_pass http://192.168.0.45:8000/cc/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
1 Like
Hi Petrica,
Thanks for the quick reply, i had auth enabled via NPM and just disabled whilst testing the reverse proxy. Thanks for the reminder and warning.
I updated the config in āAdvancedā as per your suggestions, i still get the same error in the logs and unfortunately no assets are loading still (e.g. .js, .png or anything else reliant on a folder path)
[21/Jun/2020:16:31:55 +1000] - 404 404 - GET http xxx.duckdns.org "/images/sickchill.png?v=46e22e27089cf288c89fdd24dc7211fd" [Client 192.168.86.1] [Length 2647] [Gzip -] [Sent-to 192.168.86.100] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" "http://xxx.duckdns.org/sickchill/"
Could this be an issue with the base path, Iām unsure as to where to make this change in the gui/server options (is this on Sickchill side or within NPM?)
I was going to set-up ombi, will do this during the week and try your config to see if that works
Update: I just tested it with Heimdall and have the same issues.
Does the xxx.duckdns.org need to forward to NGINX port directly or to my preferred in-bound item for that port (e.g. home assistant?)
My bad. I didnāt use Sickchill before, but with a quick Docker install, this works for me (I see that you already enabled base path override to /sickchill).
location /sickchill/ {
proxy_pass http://192.168.86.100:8081/sickchill/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTPS $https;
auth_basic "Authorization required";
auth_basic_user_file /data/access/1;
}
Also, in Settings enabled reverse proxy headers.
No, it doesnāt need to be related (actually my default port points to a defunct page I initially had a webserver and now just throws an error).
No idea what iāve done to break it, iāve set-up my config exactly as yours (except i removed the auth items).
Still getting errors, now i am just clueless completely. Iāll try restarting my sickchill service in a moment in-case the reverse proxy settings need to do something funky.
[21/Jun/2020:18:01:37 +1000] - 404 404 - GET http xxx.duckdns.org ā/images/menu/system18-2.png?v=5e28687ae814113d5e4c9f3111544294ā [Client 192.168.86.1] [Length 2647] [Gzip -] [Sent-to 192.168.86.100] āMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36ā āhttp://xxx.duckdns.org/sickchill/ā
Update: restarted my sickchill docker container and no lucky. Feeling like iāve done something silly somewhere else!
Does http://192.168.86.100:8081/sickchill/ work in lan?
http://192.168.86.100:8081/home/
Thats how i access it on my LAN
I updated my config (based on your comment) to:
location /sickchill/ {
proxy_pass http://192.168.86.100:8081/home/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header HTTPS $https;
#auth_basic "Authorization required";
#auth_basic_user_file /data/access/1;
}
which gives me the same type of 404 errors i was receving
sickchill auto-redirects http://192.168.86.100:8081/ -> http://192.168.86.100:8081/home/, i tried putting the root (http://192.168.86.100:8081/) in my config. This just loads my generic server linked to http://xxx.duckdns.org/
1 Like
Thatās the problem. In the above comments you included it as
so I specifically mentioned this:
When you are accessing it through the reverse proxy it will actually go to / (so the address will be x.duckdns.org/ which will, in turn, result in an error when going to `x.duckdns.org/home/').
You need to edit the config.ini file for Sickchill container and modify web_root="" to web_root="/sickchill".
But first, you need to turn off the container (otherwise it wonāt save any change you do the files in the container).
Depending on your install, you should find the location of the config.ini file in Portainer at containerās Volumes section (about the lower quarter or the page)
It is working perfectly. Thank you for your patience, i did not understand the base path override comment.
Testing if iāve understood by installing ombi. Grabbed a fresh copy via
linuxserver/ombi:latest
Configured everything as per specs, loaded it and linked my accounts to make sure it was working. Dropped in the below and it 404ās on me.
I thought iād learnt!
location /ombi {
proxy_pass http://192.168.86.100:3579;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto $scheme;
#auth_basic "Authorization required";
#auth_basic_user_file /data/access/1;
}
I can hit http://192.168.86.100:3579 succesfully on my LAN, i can see a base_url option in ombi, but it appears you havenāt used this item this time (which is why i was curious to try ombi as you donāt have a base path listed).
[22/Jun/2020:13:28:40 +1000] - 500 500 - GET http x.duckdns.org "/images/favicon/favicon-16x16.png" [Client 192.168.86.1] [Length 572] [Gzip -] [Sent-to 192.168.86.100] "Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Mobile Safari/537.36" "http://x.duckdns.org/ombi/"
Actually I have Ombi installed in the Linux host, not Docker (this was the initial setup and then started moving bits to Docker after dependency issues started pilling up).
Iāve setup a second Ombi instance (this time in Docker) and youāre right, it does need to use the base path in NGINX (ie. proxy_pass http://192.168.86.100:3579/ombi/;), otherwise it blocks on the loading screen.
1 Like
Has anyone ever gotten this error before?
[11:16:48] INFO: Starting NGinx...
nginx: [emerg] unexpected ";" in /data/nginx/proxy_host/34.conf:41
After an internal error when trying to create a new proxy host with a SSL certificate, I restarted the addon. The addon now doesnāt start anymore and gives me this error.
I assume that 34.conf is the configuration for the proxy host that gave me the internal error. So I should be able to just delete the file.
How do i access the file 34.conf in hassio? Can I do that in the terminal addon?