Hey Guys,
so I still have no clue about most of the stuff im doing hence why I am doing it :)
I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.
Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:
homeassistant:
internal_url: http://192.168.178.214:8123
external_url: https://ha.xxxxx.duckdns.org
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.22.0.0/24
Following is my Homeassistant Configuration:
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
volumes:
- /homeassistant/:/config
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
network_mode: host
privileged: true
ports:
- 8123:8123
- 5683:5683
nginx-proxy-manager:
container_name: nginx
privileged: true
image: 'jc21/nginx-proxy-manager:latest'
ports:
- '80:80'
- '81:81'
- '443:443'
environment:
DB_MYSQL_HOST: "nginx-db"
DB_MYSQL_PORT: 3306
volumes:
- /nginx/data:/data
- /nginx/letsencrypt:/etc/letsencrypt
nginx-db:
container_name: nginx-db
image: 'jc21/mariadb-aria:latest'
environment:
volumes:
- /nginx/mysql:/var/lib/mysql
vaultwarden:
container_name: vaultwarden
image: vaultwarden/server:latest
restart: unless-stopped
volumes:
- /vaultwarden:/data/
ports:
- 8125:3012
- 8124:80
environment:
- DOMAIN=https://vw.xxxxx.duckdns.org
- LOGIN_RATELIMIT_MAX_BURST=10
- LOGIN_RATELIMIT_SECONDS=60
- ADMIN_RATELIMIT_MAX_BURST=10
- ADMIN_RATELIMIT_SECONDS=60
- ADMIN_TOKEN=
- SENDS_ALLOWED=true
- EMERGENCY_ACCESS_ALLOWED=true
- WEB_VAULT_ENABLED=true
- SIGNUPS_ALLOWED=true
I have forwarded the ports in the router.
I have set up nginx the following:
Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).
What is the reason for this?
Do I have to set some sort of header?
Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.
I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.