Nginx Reverse Proxy Set Up Guide – Docker

Share your Projects!
65

Sorry to keep bugging you. But I can’t seem to get this working for Grafana. I used your sample code and I could have sworn it worked but I can’t 100% confirm. I think it did. But either way it is not now. Only difference is I am using port 3000. Internally I can reach it. Any ideas?

### Grafana ####################################################################
server {
    listen 443 ssl;

    root /config/www;
    index index.html index.htm index.php;

    server_name graf.mydomain.duckdns.org;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
    #        auth_basic "Restricted";
    #        auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;
        proxy_pass http://<IP>:3000;
    }
}
66

I have exactly that same configuration. only difference is my Grafana is on port 3003

67

Yea thats what I see, same. Problem is trying to access the site it hangs and then eventually gets a 502 bad gateway. Nothing in logs that I can find so far.

68

Did you have it set up with ssl before? I had it, so I had to remove that.
Im using this container which has influxt and grafana
philhawthorne/docker-influxdb-grafana

69

I’m just using the official container. Will have to reference that build to see whats up.

70

specifically this one - Complete guide on setting up Grafana/InfluxDB with Home assistant using official Docker images

71

I see, oh right. It should work anyway

72

Damn iptables!!! I didn’t realize since my other containers are using bridge mode and this one is on net=host. That means you have to have the port open for it locally. Not forwarded in router, but open on the host thats behind the proxy.

73

uff, you lost me. My understanding is that router now only points to 80 and 443 on the host. no more

74

Correct. It does, but when the proxy passes from external to internal, the request still comes from outside to a container running in --net=host mode. Which means the container is literally on the host network. So I had to punch a hole in iptables for that traffic to be forwarded from the reverse proxy. So basically external > port 80 at router > forwarded to internal port 3000 on the host (container). If the container was in bridge mode, not needed.

75

and does grafana need to be host? mine is not.
In fact I read in another thread that you’re either host or you use ports…

76

Doesn’t need to be, mine just happens to be.

77

Looks like the equivalent package for anyone trying this on a raspberry pi is lsioarmhf/letsencrypt at https://github.com/linuxserver/docker-letsencrypt-armhf. If you get see an exec format error in your docker log when trying to start your container, this should fix it.

2 Likes
78

youre config file seems not working any more. could you re upload it?

79

How would I change things if I didn’t want to use a subdomain and just reach HA @ mydomain.duckdns.org? Is that possible?

80

@Martinvdm, i now inserted the conf in the post at the top.

81

@finity
I believe you have to create a subdomain as the “landing page” is only for that.
Just create a subdomain for hass. for example if you use hass. your address would be https://hass.mydomain.duckdns.org.

of course with all the hacking stories going on, I suggest you dont use hass. Use anything else.

82

Ok, thanks.

I had already gotten that part to work but I was just wondering (in part because of the hacking stories) if it was possible to just use my duckdns domain.

I’ll definitely have to look into switching it from hass then.

Thanks for this guide, BTW. It definitely helped me in moving my setup to Docker. before when I tried it I just got so confused and flustered I just gave up.

Now I suddenly have HA, Nginx and letsencrypt running in docker! I still need to figure out the right settings for my z wave & zigbee sticks tho.

And I have Syncthing running but I can’t figure out how to set the HA config directory as the directory to be backed up.

83

to add your z stick you need to give permission to your docker user.
In ubuntu I use these commands
ls -ltr /dev/tty*|tail -n 1
sudo usermod -G dialout dockeruser

I pressume it’ll be the same for zigbee

for syncthing assuming you’re using container this is my compose:

  syncthing:
    container_name: syncthing
    image: linuxserver/syncthing
    restart: unless-stopped
    volumes:
    - /home/user/docker/syncthing:/config
    - /home/user:/mnt/dir  <here you put the path to the folder you want to edit>
    environment:
    - PGID=1004
    - PUID=1000
    ports:
    - "8384:8384"
    - "22000:22000"
    - "21027:21027/udp"

on the host machine in syncthing you create a folder that points to /mnt/dir/ (per the volume)

84

I got the zigbee stick working with no issues.

For some reason the z wave stick is giving me issues and keeps giving me an invalid config warning and in the logs it says it can’t find the configuration files.

I’ll try to add my user to the dialout group and see if that fixes it. I won’t be able to look at that part for a couple of days tho. If I can’t figure it out I might be back then to ask more questions on that topic.

As for Syncthing, I have my HA config files in my users home directory: /home/finity/docker/hass-config.

for syncthing I have the volumes set up as:

/home/finity/docker/syncthing/config:/config
/home/finity/docker/hass-config:/hass-sync

when I open up the web interface for Syncthing I only see the default folder (which from the docs is the folder it auto creates in the config directory).

ex

Where do I access the directory for syncing up my hass-config directory to my other machine?