Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Docker can not communicate outside it's own IP range

Featured Replies

Docker seems to not be able to communicate outside the docker network after several problems i had initially when upgrading from 6.11.5 to 6.12.3.

 

I have a bit of a special setup:

 

I have a fritzbox 7590 as router with dhcp disabled. it's Ipv4 is 10.10.10.1 with the subnetmask 255.255.0.0

I have a raspberry pi with adguard home running - it acts as my dns server and has dhcp enabled. Its Ipv4 adress is 10.10.10.2 and gives out ip adresses from 10.10.100.1 to 10.10.100.255

My smart home devices have all set ip adresses in th range of 10.10.11.1 to 10.10.11.255

Home assistant runs as VM and has the ipv4 10.10.11.1

My unraid server has 10.10.10.10

I have a windows 11 VM with 10.10.10.11

 

I have several docker containers (nextcloud, guacamole, home assistance and others) which run all as bridge and are accessible from their respective subdomains.

While nextcloud, bitwarden and others work fine, Guacamole works semi (I can load up guacamole as service but can not connect to my VM) and home assistant just gives me a 502.

 

To my understanding the common thing here is that the docker containers seem to be unable connecting outside the dockernetwork itself. (at least that's how i would be able to explain why guacamole loads up fine but i can not connect to a vm and home assistant does not work)

 

This is my docker config:

image.png.984f54bc52d782440f6f5fac605c5b29.pngimage.png.3c34bc6d95e058dd5a52667dac158cee.png

In Swag:

nextcloud.subdomain.config:

 

## Version 2023/06/24
# make sure that your nextcloud container is named nextcloud
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['swag'],
#  'overwrite.cli.url' => 'https://nextcloud.example.com/',
#  'overwritehost' => 'nextcloud.example.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.example.com',
#  ),

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name cloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 10.10.10.10;
        set $upstream_port 1443;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        # Hide proxy response headers from Nextcloud that conflict with ssl.conf
        # Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan
        proxy_hide_header Referrer-Policy;
        proxy_hide_header X-Content-Type-Options;
        proxy_hide_header X-Frame-Options;
        proxy_hide_header X-XSS-Protection;

        # Disable proxy buffering
        proxy_buffering off;
    }
}

 

guacamole.subdomain.config:

 

## Version 2023/05/31
# make sure that your guacamole container is named guacamole
# make sure that your dns has a cname set for guacamole

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name remote.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth (requires ldap-location.conf in the location block)
    #include /config/nginx/ldap-server.conf;

    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;

    # enable for Authentik (requires authentik-location.conf in the location block)
    #include /config/nginx/authentik-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable for ldap auth (requires ldap-server.conf in the server block)
        #include /config/nginx/ldap-location.conf;

        # enable for Authelia (requires authelia-server.conf in the server block)
        #include /config/nginx/authelia-location.conf;

        # enable for Authentik (requires authentik-server.conf in the server block)
        #include /config/nginx/authentik-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 10.10.10.10;
        set $upstream_port 8088;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_buffering off;
    }
}

 

homeassistant.subdomain.config

## Version 2023/05/31
# make sure that your homeassistant container is named homeassistant
# make sure that your dns has a cname set for homeassistant

# As of homeassistant 2021.7.0, it is now required to define the network range your proxy resides in, this is done in Homeassitants configuration.yaml
# https://www.home-assistant.io/integrations/http/#trusted_proxies
# Example below uses the default dockernetwork ranges, you may need to update this if you dont use defaults.
#
# http:
#   use_x_forwarded_for: true
#   trusted_proxies:
#     - 172.16.0.0/12

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name home.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth (requires ldap-location.conf in the location block)
    #include /config/nginx/ldap-server.conf;

    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;

    # enable for Authentik (requires authentik-location.conf in the location block)
    #include /config/nginx/authentik-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable for ldap auth (requires ldap-server.conf in the server block)
        #include /config/nginx/ldap-location.conf;

        # enable for Authelia (requires authelia-server.conf in the server block)
        #include /config/nginx/authelia-location.conf;

        # enable for Authentik (requires authentik-server.conf in the server block)
        #include /config/nginx/authentik-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 10.10.11.1;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location ~ ^/(api|local|media)/ {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 10.10.11.1;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
}

 

The swag logs give absolutely no error:

[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] done
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗ 
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝ 

   Brought to you by linuxserver.io
───────────────────────────────────────

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    99
User GID:    100
───────────────────────────────────────

using keys found in /config/keys
Variables set:
PUID=99
PGID=100
TZ=Europe/Berlin
URL=mydomain.com
SUBDOMAINS=cloud,heim,home,media,remote,robot,vaultwarden,vpn
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
VALIDATION=http
CERTPROVIDER=
DNSPLUGIN=cloudflare
EMAIL=
STAGING=false

Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
Sub-domains processed are: cloud.mydomain.com,heim.mydomain.com,home.mydomain.com,media.mydomain.com,remote.mydomain.com,robot.mydomain.com,vaultwarden.mydomain.com,vpn.mydomain.com
No e-mail address entered or address invalid
http validation is selected
Certificate exists; parameters unchanged; starting nginx
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[custom-init] No custom files found, skipping...
[ls.io-init] done.
Server ready

So to my understanding swag should be configured correctly but the docker network seems to have a slight "hickup".

Just to clearify the log is with the correct domain not mydomain.com.

Also the VMs work fine when connecting to them within my own network or via vpn (windows can be loaded up via rdp) Home assitant can be accessed via 10.10.11.1:8123

 

Can someone please help me out? Thank you all so much!

Solved by Zeze21

  • Author

Unfortunately the update to 6.12.4 did not change anything

I still get a 502 Bad Request when trying to access home assistant via the web

  • 2 weeks later...
  • Author
  • Solution

Ok the solution was simple the dockers i wanted to connect to the rest of the Network had to be in br0 mode. Hope anybody who has the same issue finds this helpful

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.