hello
i am trying to setup remote access using swag and duckdns, and am having issues. when i go to homeassistant.<subdomain>.duckdns.com, i get a nginx 403 error after signing in. i have tried disabling ip_ban in my configuration.yaml, and that did not work. i also do not have a ip_bans.yaml to check if my ip is there. any suggestions on how i could fix this would be appreciated.
thanks!
my docker-compose
services:
portainer:
container_name: portainer
image: portainer/portainer-ce
restart: always
ports:
- "9000:9000/tcp"
environment:
- TZ=America/Chicago
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/portainer:/data
swag:
container_name: swag
image: lscr.io/linuxserver/swag
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- TZ=American/Chicago
- URL=<subdomain>.duckdns.org
- SUBDOMAINS=wildcard
- VALIDATION=duckdns
- DUCKDNSTOKEN=<token>
volumes:
- /opt/swag/config:/config
ports:
- 444:443
restart: unless-stopped
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
volumes:
- /opt/homeassistant/config:/config
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
network_mode: swag
ports:
- 8123:8123
privileged: true
i created a user-defined bridge as swag for the home assistant and the other containers to connect to
my homeassistant.subdomain.conf
## Version 2023/02/05
# make sure that your homeassistant container is named homeassistant
# make sure that your dns has a cname set for homeassistant
# As of homeassistant 2021.7.0, it is now required to define the network range your proxy resides in, this is done in Homeassitants configuration.yaml
# https://www.home-assistant.io/integrations/http/#trusted_proxies
# Example below uses the default dockernetwork ranges, you may need to update this if you dont use defaults.
#
# http:
# use_x_forwarded_for: true
# trusted_proxies:
# - 172.16.0.0/12
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name homeassistant.<subdomain>.duckdns.org;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
enable the next two lines for http auth
auth_basic "Restricted";
auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 192.168.XX.XXX;
set $upstream_port 8123;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ ^/(api|local|media)/ {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 192.168.XX.XXX;
set $upstream_port 8123;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
home assistant configuration.yaml
http:
ip_ban_enabled: true
login_attempts_threshold: 5
use_x_forwarded_for: true
trusted_proxies:
- 192.168.XX.0/24
- 172.10.0.0/24
duckdns:
domain: <subdomain>.duckdns.org
access_token: <token>