Nginx Reverse Proxy Set Up Guide – Docker

This was my fault. I broke it because I tried to use --net=host for the letsencrypt container. I used that because whenever I have containers that run on the virtual bridge network, it causes my dasher container to not be able to see ARPs and I can’t use my dash buttons. When I switched letsencrypt to --net=host, it broke all my external communication. I just switched back and Ngnix works again but Dasher is broke. I need to find a solution.

thank you so much for this - SUPER useful! and works like a treat. Couple of things to help others reading this:

  1. lets encrypt wasnt part of the pre-formatted text
letsencrypt:
  image: linuxserver/letsencrypt
  container_name: letsencrypt
  restart: unless-stopped
  cap_add:
  - NET_ADMIN
  volumes:
  - /etc/localtime:/etc/localtime:ro
  - /home/user/docker/letsencrypt/config:/config
  environment:
  - PGID=1004
  - PUID=1000
  - [email protected]
  - URL=mydomain.duckdns.org
  - SUBDOMAINS=hass,conf,graf
  - VALIDATION=http
  - TZ=XXX/XXXX
  ports:
  - "80:80"
  - "443:443"
  1. I’d point out your hastebin file replaces the nginx/default.conf (the way it read i thought proxy.conf

  2. the hastebin has a } at line 52 - but i’d move it up to 41 as that commented out section is easily deleted (and i missed the } ) :wink:

Your efforts saved me so much time, we should make it a docker sticky/pinned file! thank you :slight_smile:

Will post my docker-compose and traefik.toml tonight.

3 Likes

I was able to figure this out. It’s not perfect but it works. I moved my Letsencrypt container to another VM that any containers using --net=host are not on and I am able to get Dasher working again internal to my network. I’d really love to figure out why Dasher has this symptom but for now it at least works.

Thank you. I’ve made the amendments.

Good news. So you’re runing a vm also in the same machine with the containers and all else?
What are you using?

1 Like

I looked into this further and I found that Docker adds a veth interface to the network and thus the Dasher container started using it instead of my eth0. I don’t know why. Maybe highest interface selection? Either way, Dasher config allows you to specify the interface and when I did that, it works while having any containers in bridge mode that adds a veth interface to the host.

I am using a NUC i5 with ESXI and two VM’s. One VM has mostly all smart stuff and or home automation related containers. The other has some more but mostly tools and other random apps. Makes things much easier having everything virtualized and simple to back up and deploy if something is broke or lost.

OMG @juan11perez I can’t tell you how awesome this help was!

I don’t know how many times I have attempted to setup reverse proxy and bailed on it after thoroughly confusing myself.

Thank you for taking the time and helping the community (and not being a d#@k about it).

Cheers!

@ShaunID very welcome. exactly my feelings when I started with this. That’s why I posted it in a way that provides a full walk through.

hey, any objection if i combine this with some other docker components to update the docker set up page? wil credit your hard work of course!

learning as i go, and @edif30 has been SUPER helpful too!

figured it would help bridge the gap to those a little worried about trying docker

@jaburges
no objection at all. By all means share it how you see fit. The more people it helps the more meaningful it is.
Honestly credit is the least of my worries.
Im just trying to pay forward what other good people have done for me!!

1 Like

There is a docker setup page? Where is this wizardry? :slight_smile:

WOW, Thank you so much I was using jwilder image before which was nice cause it auto created files when u created new containers but this fixed my Hass back up.
Having issues getting jackett, grafana and duplicati up but I’ll work on em.

I used to use Jwilder proxy. I’m having issues w/
When i created other containers I would put env vars in, are those unnecessary now?

        image: linuxserver/tautulli:latest
        container_name: tautulli
        restart: unless-stopped
        network_mode: bridge
        ports:
         - "8181:8181"
        depends_on:
         - plex
        volumes:
         - ${DOCKER_CONFIG}/tautulli/config:/config
         - ${DOCKER_CONFIG}/plex/config/Library/Application Support/Plex Media Server/Logs:/logs:ro
        environment:
         - PUID=${PUID}
         - PGID=${PGID}
         - TZ=America/Chicago
         - VIRTUAL_HOST=plexpy.${DOMAIN_NAME}
         - VIRTUAL_PROTO=http
         - LETSENCRYPT_HOST=plexpy.${DOMAIN_NAME}
         - LETSENCRYPT_EMAIL=${EMAIL_ADDRESS}```

Hi, you need to put the environment variables as per my sample above.

Sorry sir, I didnt see any examples of other containers? just the letsencrypt one?

@vulcan apologies my mistake. I thought you were asking about the letsencrypt container.
I really dont know about other containers.

Here you go:

docker-compose file:
version : ‘3’
services:
########################traefik########################
traefik:
image: traefik:latest
command: --web --docker --docker.watch --docker.domain=${DOMAIN} --docker.exposedbydefault=false
container_name: traefik
hostname: traefik
restart: always
ports:
- “80:80”
- “443:443”
- “9090:8080”
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/xxx/traefik/acme.json:/acme.json
- /home/xxx/traefik/traefik.toml:/traefik.toml
network_mode: host
labels:
traefik.frontend.entryPoints: “https”
traefik.frontend.headers.forceSTSHeader: “true”
traefik.frontend.headers.STSSeconds: “31536000”
traefik.frontend.headers.STSIncludeSubdomains: “true”
traefik.frontend.headers.STSPreload: “true”
com.centurylinklabs.watchtower.enable: “true”

traefik.toml file:

#Enable logging

debug = true

logLevel = “DEBUG”

#Set default entrypoint
defaultEntryPoints = [“http”, “https”]

#Redirect http to https
[entryPoints]
[entryPoints.http]
address = “:80”
[entryPoints.http.redirect]
entryPoint = “https”
[entryPoints.https]
address = “:443”
[entryPoints.https.tls]
minVersion = “VersionTLS11”
cipherSuites = [ “TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256”, “TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256”, “TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305”, “TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA”, “TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA” ]
[retry]

#lets encrypt http challange
[acme]
provider = “namecheap”
email = “[email protected]
storage = “acme.json”
entryPoint = “https”
OnHostRule = true
[acme.httpChallenge]
entryPoint = “http”

Home-assistant docker-compose:

  version: '3'

services:
home-assistant:
image: homeassistant/home-assistant
container_name: home-assistant
network_mode: “host”
volumes:
- /home/xxx/home-assistant:/config
- /home/xxx/home-assistant/custom_components:/config/custom_components
- /etc/localtime:/etc/localtime:ro
devices:
- /dev/ttyACM0:/dev/ttyACM0
labels:
traefik.backend: “hass”
traefik.enable: “true”
traefik.frontend.rule: “Host:sub.mydomain.com”
traefik.port: “8123”
com.centurylinklabs.watchtower.enable: “true”
ports:
- “8123:8123”
- “51826:51826”
restart: always

Note the list of supported providers here: https://docs.traefik.io/configuration/acme/

1 Like

Thanks! As I’m using hassio, I don’t see how I could add labels to the existing containers, but perhaps there are alternatives (i’m not a docker genius). It would probably help if hassio and/or plugins would support this.