Problems setting up Nginx docker with SSL certs

Hs82H · February 18, 2022, 2:19pm

I want to setup external access to my Home Assistant via Cloudflare proxy with SSL and through an internal dockerized Nginx reverse proxy server.
Nginx is new to me and I already read a lot of guides en topics, but it won’t succeed.

What do I have:

I have my own domain (mydomain.net) with a long lifetime cert and key, so I don’t need certbot.
I also have proxied my domain to my home IP: root and wildcard.
I got Home Assistant running as a VM on my Proxmox server, it has it own IP in LAN: 192.168.1.64. In my configuration.yaml I have:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.62 #(see below)

I got an Ubuntu server with docker running in the same LAN: 192.168.1.62.
My router is forwarding port 443 to my Ubuntu server, 192.168.1.62. My firewall only allows the destination IP range from Cloudflare.

So I need/want to setup Nginx as a container in docker which is listening on port 443 and proxies requests for hass.mydomain.net to my Home Assistant 192.168.1.64:8123.

When I now browse to https://hass.mydomain.net I get a Error 521 Web server is down.

See here my relevant dockerfiles for Nginx:

Dockerfile

FROM nginx
COPY ./default.conf /etc/nginx/conf.d/default.conf
COPY ./backend-not-found.html /var/www/html/backend-not-found.html
COPY ./includes/ /etc/nginx/includes/
COPY ./ssl/ /etc/ssl/certs/nginx/

docker-compose.yml

version: '3'
services:
  nginx:
    build: ./
    ports:
      - 443:443

default.conf

upstream hass-mydomain {
        server 192.168.1.64:8123;
}

# hass.mydomain.net config.
server {
  #listen 80;
  listen 443 ssl http2;
  server_name hass.mydomain.net;
  
  #ssl on;
  ssl_certificate /etc/ssl/certs/nginx/mydomain.net.pem;
  ssl_certificate_key /etc/ssl/certs/nginx/mydomain.net.key;
  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:50m;
  ssl_session_tickets off;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;
  ssl_prefer_server_ciphers on;
  location / {
    include /etc/nginx/includes/proxy.conf;
    proxy_pass http://hass-domain;
    }
  access_log off;
  error_log /var/log/nginx/error.log error;
  }

# Default
server {
  listen 80 default_server;
  server_name _;
  root /var/www/html;
  charset UTF-8;
  error_page 404 /backend-not-found.html;
  location = /backend-not-found.html {
    allow all;
    }
  location / {
    return 404;
    }
  access_log off;
  log_not_found off;
  error_log /var/log/nginx/error.log error;
  }

tteck · February 19, 2022, 9:02am

Are you set on using Nginx in a Docker container, or are you willing to try Nginx Proxy Manager in a LXC? GUI is helpful. Proxmox Helper Scripts | Proxmox Scripts For Home Automation

Hs82H · February 19, 2022, 10:51am

I’m using Nginx in docker container.