Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proper way of running unifi behind nginx reverse proxy #779

Open
tim-oe opened this issue Dec 18, 2024 · 3 comments
Open

proper way of running unifi behind nginx reverse proxy #779

tim-oe opened this issue Dec 18, 2024 · 3 comments
Assignees
@jacobalberty
Labels
bug

Comments

@tim-oe
Copy link

tim-oe commented Dec 18, 2024

Operating system

Ubuntu 24.04.1 LTS

UniFi Tag

jacobalberty/unifi:v8.6.9

Docker run

docker compose up

Bug description

this is probably operator error and there's got to be simple solution for this.

I'm trying to put unifi behind nginx reverse proxy doing hostname resolution instead of needing custom ports
i've got working stand alone with ssl using certs but putting it behind nginx causes connection refused and bad gateway issues.

i have the following docker compose:

services:
unifi:
image: jacobalberty/unifi:v8.6.9
container_name: "unifi"
restart: "unless-stopped"
volumes:
# TODO move to volume
- "./unifi:/unifi"
- "./cert:/unifi/cert"
- unifi-run:/unifi/run
ports:
- "3478:3478/udp"
- "10001:10001/udp"
- "8882:8882/tcp"
- "8443:443/tcp"
environment:
- "UNIFI_HTTP_PORT=8882"
- "UNIFI_HTTPS_PORT=443"
- "TZ=America/Chicago"
volumes:
unifi-run:
name: unifi-run
networks:
default:
external: true
name: "share-net"

and this is the proxy mapping from nginx.conf

server {
listen 443 ssl;
ssl_certificate /ssl/vaultwarden/cert.pem;
ssl_certificate_key /ssl/vaultwarden/privkey.pem;

server_name vaultwarden.localdomain;
location / {
  proxy_pass http://vaultwarden:8860;
  rewrite ^/(.*)$ /$1 break;
}

}

Steps to reproduce

front app with nginx try proxying to unifi container

Relevant log output

the unifi container log starts fine getting connection refused in nginx:

2024/12/18 05:19:42 [error] 30#30: *14 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.60, server: unifi.localdomain, request: "GET /favicon.ico HTTP/1.1", upstream: "https://172.30.0.10:8443/favicon.ico", host: "unifi.localdomain", referrer: "https://unifi.localdomain/"
@tim-oe tim-oe added the bug label Dec 18, 2024
@anonymouspage
Copy link

@tim-oe I'm confused. How does the vaultwarden configuration in your nginx.conf relate? Is that a copy/paste error? Where is nginx being run? Directly on the host, or in its own container?

FWIW, I put caddy in front of all my containerized services, including unifi and it works fine.

@tim-oe
Copy link
Author

tim-oe commented Jan 9, 2025
edited
Loading

sorry, ya bad ccp.
I got a local self signed cert that iam that i was using to access it via https directly
for nginx i got a let'sencrypt cert of the registerd domain tecronin.uk
I'm running multiple docker containers including nginx on the same system
i couldn't seem to get it to even proxy on http so not sure about the double cert.

here's what i was trying in the nginx.conf:

  # server {
  #   listen 443 ssl;
  #   server_name unifi.tecronin.uk;
  #
  #   ssl_certificate /etc/ssl/unifi.chain.pem;
  #   ssl_certificate_key /etc/ssl/unifi.privkey.pem;
  #
  #   location / {
  #     proxy_pass https://unifi.localdomain:8443;
  #     rewrite ^/(.*)$ /$1 break;
  #   }
  # }

@anonymouspage
Copy link

anonymouspage commented Jan 11, 2025
edited
Loading

@tim-oe So this doesn't seem like an issue with the unifi container. This issue may get closed by maintainers. I assume you have verified that your nginx container can resolve unifi.localdomain and connect to it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jacobalberty jacobalberty

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jacobalberty @tim-oe @anonymouspage