Reverse Proxy on NGINX

Hi everyone,

I have successfully installed duplicati under docker, up and running, so far so good.

Now I try to put it behind Nginx and use proxy_pass. But not that successful.

In short, I try to do a proxy_pass to http://xxx/duplicati/. After I login, it redirects to http://xxxx instead of http://xxx/duplicati/agax/index.html. Is that something I can do on the nginx side, or duplicati is using rewrite which I could not fix without going into its source code ?

To avoid any doubt, duplicati is running perfectly even behind nginx, I just need to type the correct URL http://xxx/duplicati/agax/index.html after login. The only issue is the apparent rewrite / redirection after logging in.

Thanks.

Regaards
Alex

Hi @alexkwan, welcome to the forum!

While I’m not personally familiar with proxy_pass I’m curious if you’ve used it for anything else - particularly with a Docker container…

It is my practise to encapsulate every single application with web interface using nginx . I have a login system and SSL Cert on the nginx server so that all application behind nginx have extra layer of security and also a single SSL Cert.

To avoid messing up the system environment of the applications (like some appplications requires different version of JRE and MONO), I choose docker. Another advantage in using docker is that when I need to upgrade one of the applications, I just need to create another testing container. Further, by taking the advantage of snapshot features of file systems (or VMs), the whole docker environment could be snapshot-ed, this is super-convenient when migrating to a new hardware (or new pool in VM cases).

To answer your question directly: No. no other use, just to backup ^^.

Personally I’m just getting started with Docker and I like what I’ve seen so far, but your methods sound like a great standard to strive for. :slight_smile:

I asked about the Docker side of things because I know with my (limited) experience it can be easy to got confused as to what ports / paths are being exposed to the container, but it doesn’t sound like that’s likely the issue here.

Hopefully somebody more familiar with the GUI side of things (maybe @davegold or @kenkendk) will have more insight into your reverse proxy / nginx use.

When I need to use nginx or apache as a reverse proxy, instead of pointing to noodles, I use a subdomain, in my tests, it has worked better.

server {
listen 80;
server_name duplicati.domain.com;

location / {
    proxy_pass http://127.0.0.1:8200;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

}

1 Like

If you want to use a sub-path, you can use the nginx configuration I have for Synology:

It does the same as @tacioandrade’s version, but rewrites just a path, instead of using a subdomain.

1 Like

I can confirm that Duplicati works fine behind an Apache proxy. Here’s my configuration if it’s of any use:

<VirtualHost *:80>
    ServerName my.personal.subdomain
    # Password protection
     <Location />
        AuthType Basic
        AuthName "Authentication required"
        AuthBasicProvider file
        AuthUserFile /etc/apache2/passwords
        Require user myuser
    </Location>
    AllowEncodedSlashes On
    ProxyPass           / http://localhost:8200/ disablereuse=on
    ProxyPassReverse    / http://localhost:8200/
</VirtualHost>
2 Likes

Picking up this old thread…in need of some support.

So I have Duplicati running in Docker on an Ubuntu server. I can access it locally with http://local-ip:8200…all good.

Now I am trying to run it by using NGINXManager and have created the following rule here:

I had the following issue intially: I got a 404: Not found error when trying to access this urll:
https://mydomain.duckdns.org/duplicati

I found out, it tried to redirect to:

https://mydomain.duckdns.org/login.html

So basically, Duplicati forwards to the login page, because I have set a password for the WebUI. I have tried everything I could read and find here to get around this, but could not find a way. I am guessing it is the custom location rule, but do not know enough about NGINX to figure it out.
So…that is my first question…anyone an idea of what I could try?

I then went on and removed the webui password and…now it works, I can open the webui with this url (of course without the password now)
https://mydomain.duckdns.org/duplicati

Now where I have an issue with this is the panel_iframe I use from within my Homeassistant. I am using the following code for that:

panel_iframe:
  zigbee2mqtt:
    title: Zigbee2MQTT
    icon: mdi:zigbee
    url: "https://mydomain.duckdns.org/zigbee2mqtt"
    require_admin: true
  duplicati:
    title: Duplicati
    icon: mdi:backup-restore
    url: "https://mydomain.duckdns.org/duplicati"
    require_admin: true

As you can see I use the exact same rules and logic as for my zigbee2mqtt page. So, when I connect to my Homeassistant remotely by using https://mydomain.duckdns.org it opens the UI and I can use all the panel_iframe locations. Also Duplicati works fine.
Where the issue is when I connect to my Homeassistant via the internal url: http://localip:8123
Again, the Homeassistant UI comes up fine, I can use the panel_iframes, but…Duplicati gives an issue. It does show the duplicati web page, but immediately says it cannot connect:

So, it feels like Duplicati uses some internal URL forwarding or so, which conflicts with the NGINX setup.

I hope someone here can help me…

Hello everyone,
I had a similar problem, but with the following error message:

The host header sent by the client is not allowed

It turned out that Duplicati checks under Settings/Access to user interface/Hostnames [WebUI] whether the hostname of the proxy URL (e.g. duplicati.domain.com) matches the entered hostnames.
If this is not the case, the request is rejected with the error message mentioned above.

It helped me to simply enter my subdomain duplicati.domain.com into the Hostnames field.
For additional help, here is my duplicati.cfg file for nginx (nginx/conf.d/duplicati.conf):

server {
  server_name <duplicati.subdomain.tld>;
    location / {
        proxy_pass http://<Hostname>:<Port>;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 90;
        proxy_set_header X-Forwarded-Proto $scheme;
        set $xforwardedssl "off";
        if ($scheme = https) {
            set $xforwardedssl "on";
         }
        proxy_set_header X-Forwarded-Ssl $xforwardedssl;
    }

    listen [::]:443 ssl http2; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/<domain.tld>/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/<domain.tld>/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}
server {
    if ($host = duplicati.<domain.tld>:<Port>) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  listen [::]:80;
  server_name duplicati.<domain.tld>;
    return 404; # managed by Certbot
}

Make sure to replace every <example> with your settings.

1 Like