Hey Guys,
so I still have no clue about most of the stuff im doing hence why I am doing it :)
I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.
Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:
homeassistant:
internal_url: http://192.168.178.214:8123
external_url: https://ha.xxxxx.duckdns.org
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.22.0.0/24
Following is my Homeassistant Configuration:
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
volumes:
- /homeassistant/:/config
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
network_mode: host
privileged: true
ports:
- 8123:8123
- 5683:5683
nginx-proxy-manager:
container_name: nginx
privileged: true
image: 'jc21/nginx-proxy-manager:latest'
ports:
- '80:80'
- '81:81'
- '443:443'
environment:
DB_MYSQL_HOST: "nginx-db"
DB_MYSQL_PORT: 3306
volumes:
- /nginx/data:/data
- /nginx/letsencrypt:/etc/letsencrypt
nginx-db:
container_name: nginx-db
image: 'jc21/mariadb-aria:latest'
environment:
volumes:
- /nginx/mysql:/var/lib/mysql
vaultwarden:
container_name: vaultwarden
image: vaultwarden/server:latest
restart: unless-stopped
volumes:
- /vaultwarden:/data/
ports:
- 8125:3012
- 8124:80
environment:
- DOMAIN=https://vw.xxxxx.duckdns.org
- LOGIN_RATELIMIT_MAX_BURST=10
- LOGIN_RATELIMIT_SECONDS=60
- ADMIN_RATELIMIT_MAX_BURST=10
- ADMIN_RATELIMIT_SECONDS=60
- ADMIN_TOKEN=
- SENDS_ALLOWED=true
- EMERGENCY_ACCESS_ALLOWED=true
- WEB_VAULT_ENABLED=true
- SIGNUPS_ALLOWED=true
I have forwarded the ports in the router.
I have set up nginx the following:
Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).
What is the reason for this?
Do I have to set some sort of header?
Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
I did some reading and found that the
trusted_proxies
setting is required. Can you try setting it to0.0.0.0/0
?I have set it but it wont change anything. You can access the docker inspect here https://pastebin.com/t1T98RCw I can imagine that this problem is before homeassistant as even if I ignore the certificate error , it will not forward me to homeassistant but to my router / a warning page from my router saying it has blocked me.
If I test the server reachability inside nginx manager it will ask me if npm is configured correctly, so you might be onto something with NPM configuration …
I have now set up duckdns over docker instead of over my router, but it hasnt helped anything. My Duckdns IP is the same (and its correct, if I just open this IPV4 Address it will redirect to my nginx landing page).
Okay I think here is the error. AFter doing the Test Server Reachability the following will come up in the nginx-db logs: 2023-12-29 21:06:25 3 [Warning] Aborted connection 3 to db: ‘npm’ user: ‘npm’ host: ‘172.22.0.8’ (Got an error reading communication packets)
Now I have no clue why this is ( I think this is the end for today as my head is about to explode). Docker inspect nginx reveals that this request for sure came from nginx (as it has the .0.8 ip).