NGINX configuration help

Configuration
,
1

Hi all,
Hope this is the correct section to post this.

I’ll explain my situation:

I have a NAS in which I have 2 VMs: Ubuntu and HA OS.

On Ubuntu i set up Traefik with ports 80 and 443 to work with my own domain and the other services i have on that. (this work perfectly with all subdomains in https).
On HA OS i just set up the port forwarding (on a different port → local 8123) on the router and I access HA with only http.

Last week i decided to try to set up DuckDNS with the addon and evertything went smoothly: I could access with https with the DuckDNS domain.

I just not want that anymore. Instead i want to connect to HA like i did the old way with my own domain but with https this time. (so that I can access locally too without going externally).

I tried to install the NGINX proxy manager addon but I can’t configure it with success. Can someone help me to make this work? I think the first step is to remove the DuckDNS?

Thanks all!

2

Why not just add a reverse proxy on Traefik (own domain) towards your HAOS on port 8123 (but https, as you enabled SSL through DuckDNS)?

You’ll have to switch off SSL validation on Traefik, though, as the certificate won’t match the url.

3

Hi toying thanks for the answer!

Basically you are saying that I can do a new “rule” on the Traefik in Ubuntu that points in the other HAOS VM?

So that I can access with ha.domain.com (same domain that I use to access my other docker services on Ubuntu)?

I only use Traefik with the docker compose rules, can you tell me what do I need to do to enable that?

If I switch off the certificate validation will https still work? Do I need to disable for all Traefik forwarding or just to this one?

Sorry for the confusion and thanks again!

4

Could you show the docker compose, please.

5

This is traefik:

Blockquote
traefik:
container_name: traefik
image: traefik:latest
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./volumes/traefik/acme:/acme
- ./volumes/traefik/logs:/logs
- ./letsencrypt:/letsencrypt
- ./volumes/traefik/rules:/rules
command:
- --api.insecure=true
- --api
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entryPoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entryPoints.web.http.redirections.entryPoint.to=websecure
- --entryPoints.web.http.redirections.entryPoint.scheme=https
- --entryPoints.web.http.redirections.entrypoint.permanent=true
- [email protected]
- --certificatesResolvers.letsencrypt.acme.storage=acme/acme.json
- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
- --providers.file.directory=/rules
- --providers.file.watch=true
- traefik.docker.network=lmds_default
restart: always

And this is a standard application:

Blockquote
prometheus:
image: prom/prometheus
container_name: prometheus
restart: unless-stopped
volumes:
- ./volumes/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
- ./volumes/prometheus/web.yml:/etc/prometheus/web.yml
ports:
- 9090:9090
labels:
- com.centurylinklabs.watchtower.enable=true

6

The rules are not in the docker compose.
I guess they are in the rules directory, so you defined them, didn’t you?

7

Yeah sorry I picked up a container without rules for traefik…

These are the rules per container (example NextCloud):

  • traefik.enable=true
  • traefik.http.routers.nextcloud.entrypoints=websecure
  • traefik.http.routers.nextcloud.tls.certresolver=letsencrypt
  • traefik.http.routers.nextcloud.rule=Host(nextcloud.domain.com)
  • traefik.http.routers.nextcloud.tls=true
  • traefik.http.services.nextcloud.loadbalancer.server.port=80