Nginx Reverse Proxy Set Up Guide – Docker

@damylen for hassio i suggest you look at this caddy add-on developed by the community.
it’s even simpler to set up with the same end result. for installation guidance search for “caddy” in the forum; there are several examples.

What was your method for user access? I realize you posted to add the docker user but how did you do this? How it is written is confusing to me. I just did this with root and thus I get these in my container logs.

ERROR: [pool www] please specify user and group other than root
ERROR: FPM initialization failed

Thanks!

my docker user is the user Im logged in with . so /home/user

I just re-did the docker run command to add in my main user and log spam is gone. :slight_smile: I didn’t think the image cared if root was used or not. But meh, works still either way.

Thanks!

Sorry to keep bugging you. But I can’t seem to get this working for Grafana. I used your sample code and I could have sworn it worked but I can’t 100% confirm. I think it did. But either way it is not now. Only difference is I am using port 3000. Internally I can reach it. Any ideas?

### Grafana ####################################################################
server {
    listen 443 ssl;

    root /config/www;
    index index.html index.htm index.php;

    server_name graf.mydomain.duckdns.org;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
    #        auth_basic "Restricted";
    #        auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;
        proxy_pass http://<IP>:3000;
    }
}

I have exactly that same configuration. only difference is my Grafana is on port 3003

Yea thats what I see, same. Problem is trying to access the site it hangs and then eventually gets a 502 bad gateway. Nothing in logs that I can find so far.

Did you have it set up with ssl before? I had it, so I had to remove that.
Im using this container which has influxt and grafana
philhawthorne/docker-influxdb-grafana

I’m just using the official container. Will have to reference that build to see whats up.

specifically this one - Complete guide on setting up Grafana/InfluxDB with Home assistant using official Docker images

I see, oh right. It should work anyway

Damn iptables!!! I didn’t realize since my other containers are using bridge mode and this one is on net=host. That means you have to have the port open for it locally. Not forwarded in router, but open on the host thats behind the proxy.

uff, you lost me. My understanding is that router now only points to 80 and 443 on the host. no more

Correct. It does, but when the proxy passes from external to internal, the request still comes from outside to a container running in --net=host mode. Which means the container is literally on the host network. So I had to punch a hole in iptables for that traffic to be forwarded from the reverse proxy. So basically external > port 80 at router > forwarded to internal port 3000 on the host (container). If the container was in bridge mode, not needed.

and does grafana need to be host? mine is not.
In fact I read in another thread that you’re either host or you use ports…

Doesn’t need to be, mine just happens to be.

Looks like the equivalent package for anyone trying this on a raspberry pi is lsioarmhf/letsencrypt at https://github.com/linuxserver/docker-letsencrypt-armhf. If you get see an exec format error in your docker log when trying to start your container, this should fix it.

2 Likes

youre config file seems not working any more. could you re upload it?

How would I change things if I didn’t want to use a subdomain and just reach HA @ mydomain.duckdns.org? Is that possible?

@Martinvdm, i now inserted the conf in the post at the top.