Docker containers using br0 can't access the UnRAID IP address


Go to solution Solved by strend,

Recommended Posts

I'm running an NGINX proxy in a docker container (swag from Linuxserver.io) with a wildcard cert for my local LAN domain available. I want to be able to access the UnRAID web GUI through HTTPS without getting that pesky "Woah this is a self signed cert, are you sure you want to do this??" error message every time I open the page.

 

My container is running a static IP 192.168.1.254 and my UnRAID is using ip 192.168.1.4 which is also static.

When trying to connect I get a 502 Bad Gateway error in my browser and the NGINX logs show that the host in unreachable:

2021/02/12 10:45:42 [error] 472#472: *1 connect() failed (113: Host is unreachable) while connecting to upstream, client: 192.168.1.10, server: unraid.example.com, request: "GET / HTTP/2.0", upstream: "http://192.168.1.4:80/", host: "unraid.example.com"

 

My NGINX config looks like so:

## Version 2020-02-12

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    allow 192.168.0.0/16;
    allow 10.0.0.0/8;
    allow 172.16.0.0/12;
    deny all;

    server_name unraid.example.com;

    include /config/nginx/ssl.conf;

    location / {
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.1.4:80;
    }

    error_page 403 =301 https://www.example.com/404.html;
}

 

I think it may be an issue with the default route table, but I have no idea what I should change here:

image.thumb.png.32de06010b50da4c6eb9571a54e54e58.png

 

Link to comment
On 2/15/2021 at 7:35 AM, Squid said:

A container running on br0 (ie: a separate IP address) does not have access to the host by design.  It's on a totally separate network.

 

Why not run nginx on the bridge network?

 

I'm running on br0 because I want each of the containers to have a separate IP address that I specify. There are multiple containers running web servers on port 80, so it wouldn't be even possible to have them all running without separate IP's. I don't understand why containers running on br0 are blocked from accessing the host IP, there should be no reason as to why I can't allow that network traffic to just be routed from that virtual bridge to the router and back to the Unraid IP.

Link to comment
  • 1 year later...
  • Solution

My docker would not start after enabling "host access to custom networks". Might never troubleshoot that later. But setting the Nginx proxy manager docker to privileged fixed this for me. If anyone else should find this post when googling, like i did 😃

Link to comment
  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.