Zeze21 Posted September 1, 2023 Share Posted September 1, 2023 Docker seems to not be able to communicate outside the docker network after several problems i had initially when upgrading from 6.11.5 to 6.12.3. I have a bit of a special setup: I have a fritzbox 7590 as router with dhcp disabled. it's Ipv4 is 10.10.10.1 with the subnetmask 255.255.0.0 I have a raspberry pi with adguard home running - it acts as my dns server and has dhcp enabled. Its Ipv4 adress is 10.10.10.2 and gives out ip adresses from 10.10.100.1 to 10.10.100.255 My smart home devices have all set ip adresses in th range of 10.10.11.1 to 10.10.11.255 Home assistant runs as VM and has the ipv4 10.10.11.1 My unraid server has 10.10.10.10 I have a windows 11 VM with 10.10.10.11 I have several docker containers (nextcloud, guacamole, home assistance and others) which run all as bridge and are accessible from their respective subdomains. While nextcloud, bitwarden and others work fine, Guacamole works semi (I can load up guacamole as service but can not connect to my VM) and home assistant just gives me a 502. To my understanding the common thing here is that the docker containers seem to be unable connecting outside the dockernetwork itself. (at least that's how i would be able to explain why guacamole loads up fine but i can not connect to a vm and home assistant does not work) This is my docker config: In Swag: nextcloud.subdomain.config: ## Version 2023/06/24 # make sure that your nextcloud container is named nextcloud # make sure that your dns has a cname set for nextcloud # assuming this container is called "swag", edit your nextcloud container's config # located at /config/www/nextcloud/config/config.php and add the following lines before the ");": # 'trusted_proxies' => ['swag'], # 'overwrite.cli.url' => 'https://nextcloud.example.com/', # 'overwritehost' => 'nextcloud.example.com', # 'overwriteprotocol' => 'https', # # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: # array ( # 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. # 1 => 'nextcloud.example.com', # ), server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name cloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app 10.10.10.10; set $upstream_port 1443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; # Hide proxy response headers from Nextcloud that conflict with ssl.conf # Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan proxy_hide_header Referrer-Policy; proxy_hide_header X-Content-Type-Options; proxy_hide_header X-Frame-Options; proxy_hide_header X-XSS-Protection; # Disable proxy buffering proxy_buffering off; } } guacamole.subdomain.config: ## Version 2023/05/31 # make sure that your guacamole container is named guacamole # make sure that your dns has a cname set for guacamole server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name remote.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth (requires ldap-location.conf in the location block) #include /config/nginx/ldap-server.conf; # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable for ldap auth (requires ldap-server.conf in the server block) #include /config/nginx/ldap-location.conf; # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app 10.10.10.10; set $upstream_port 8088; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_buffering off; } } homeassistant.subdomain.config ## Version 2023/05/31 # make sure that your homeassistant container is named homeassistant # make sure that your dns has a cname set for homeassistant # As of homeassistant 2021.7.0, it is now required to define the network range your proxy resides in, this is done in Homeassitants configuration.yaml # https://www.home-assistant.io/integrations/http/#trusted_proxies # Example below uses the default dockernetwork ranges, you may need to update this if you dont use defaults. # # http: # use_x_forwarded_for: true # trusted_proxies: # - 172.16.0.0/12 server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name home.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth (requires ldap-location.conf in the location block) #include /config/nginx/ldap-server.conf; # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable for ldap auth (requires ldap-server.conf in the server block) #include /config/nginx/ldap-location.conf; # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app 10.10.11.1; set $upstream_port 8123; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location ~ ^/(api|local|media)/ { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app 10.10.11.1; set $upstream_port 8123; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } The swag logs give absolutely no error: [migrations] started [migrations] 01-nginx-site-confs-default: skipped [migrations] done ─────────────────────────────────────── ██╗ ███████╗██╗ ██████╗ ██║ ██╔════╝██║██╔═══██╗ ██║ ███████╗██║██║ ██║ ██║ ╚════██║██║██║ ██║ ███████╗███████║██║╚██████╔╝ ╚══════╝╚══════╝╚═╝ ╚═════╝ Brought to you by linuxserver.io ─────────────────────────────────────── To support the app dev(s) visit: Certbot: https://supporters.eff.org/donate/support-work-on-certbot To support LSIO projects visit: https://www.linuxserver.io/donate/ ─────────────────────────────────────── GID/UID ─────────────────────────────────────── User UID: 99 User GID: 100 ─────────────────────────────────────── using keys found in /config/keys Variables set: PUID=99 PGID=100 TZ=Europe/Berlin URL=mydomain.com SUBDOMAINS=cloud,heim,home,media,remote,robot,vaultwarden,vpn EXTRA_DOMAINS= ONLY_SUBDOMAINS=true VALIDATION=http CERTPROVIDER= DNSPLUGIN=cloudflare EMAIL= STAGING=false Using Let's Encrypt as the cert provider SUBDOMAINS entered, processing Sub-domains processed are: cloud.mydomain.com,heim.mydomain.com,home.mydomain.com,media.mydomain.com,remote.mydomain.com,robot.mydomain.com,vaultwarden.mydomain.com,vpn.mydomain.com No e-mail address entered or address invalid http validation is selected Certificate exists; parameters unchanged; starting nginx The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [custom-init] No custom files found, skipping... [ls.io-init] done. Server ready So to my understanding swag should be configured correctly but the docker network seems to have a slight "hickup". Just to clearify the log is with the correct domain not mydomain.com. Also the VMs work fine when connecting to them within my own network or via vpn (windows can be loaded up via rdp) Home assitant can be accessed via 10.10.11.1:8123 Can someone please help me out? Thank you all so much! Quote Link to comment
Zeze21 Posted September 2, 2023 Author Share Posted September 2, 2023 Unfortunately the update to 6.12.4 did not change anything I still get a 502 Bad Request when trying to access home assistant via the web Quote Link to comment
Solution Zeze21 Posted September 12, 2023 Author Solution Share Posted September 12, 2023 Ok the solution was simple the dockers i wanted to connect to the rest of the Network had to be in br0 mode. Hope anybody who has the same issue finds this helpful Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.