hispeedzintarwebz

joined 1 year ago

That makes sense - thanks for the explanation!

[–] hispeedzintarwebz@kbin.social 0 points 1 year ago (2 children)

Interestingly - when I point it to port 80 at the freshrss host, it works. Which doesn't make sense to me, likely due to a fundamental misunderstanding of how Docker works? My understanding was the above compose would expose port 8040, not port 80. Setting it to port 80 didn't even cross my mind. I noticed that my wordpress compose listed "8080:80" and NPM was set to port 80, and it was already working...it was late last night when I got that up and running, so that might explain some of the confusion...

[–] hispeedzintarwebz@kbin.social 1 points 1 year ago* (last edited 1 year ago) (3 children)

Awesome, thanks...I'll try that. So to be sure I'm understanding - I want to add "external: true" beneath "name: proxy: and then add the following to each container in the compose? Edit: I now realize the below is the freshrss stack and not the miniflux stack, but I have the same issue with both compose files and the proxy host

networks:
      - proxy

I believe I might be doing that wrong because I get an error about undefined network when I try the below, and simply defining "external" doesn't fix it:

***
version: "2.1"
services:
  freshrss:
    image: lscr.io/linuxserver/freshrss:latest
    container_name: freshrss
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/New_York
      - BASE_URL=[redacted]
    volumes:
      - /media/config/freshrss:/config
    ports:
      - 8040:80
    restart: unless-stopped
    networks:
      - proxy

networks:
  default:
    name: proxy
    external: true

 

After my previous post here looking for input on an easily maintained docker and reverse proxy setup, I opted to go for NPM. I also moved my domain registration and DNS from Google Domains to Cloudflare.

It was a breeze to set up for the most part, I did have some pain getting my certs in order - NPM easily pulled down certs from LetsEncrypt, but Cloudflare didn't like it unless I used their 15-year origin server cert, which worked perfectly. I set up Portainer first, then wordpress and NPM. (I'm generally comfortable with command-line stuff, but I have much less experience with Docker so Portainer is great for someone like me.)

I specified a network I created ("proxy") in the docker compose files, and that allowed me to use the container name in NPM to set up the proxy hosts. I quickly and easily set up proxy hosts for the main domain (points toward the WP container), a portainer subdomain pointing to the portainer container, and an NPM subdomain pointing to NPM. At this point things have been easy, everything is working beautifully, and I'm thinking about all the other things I want to eventually spin up and host.

Then I started with FreshRSS. I was able to set it up - I could access it via the IP:port but no matter what I did, the subdomain gave me Cloudflare's 502 Bad Gateway error. I adjusted the BASE_URL in the container, I've tried all sorts of settings in NPM - http, https, using different subdomains, different ports, etc (changing them in the docker compose as well of course) but no dice. I did some searching around and found a few examples like this and this where I've seen others having similar issues and not being able to fix them.

So I thought maybe it was some kind of weird issue with FreshRSS specifically, so I removed it and spun up Miniflux instead. Same as the previous time - I could access Miniflux perfectly well via the IP:port but the reverse proxy gives me a 502 every single time. The containers are on the same network. What am I missing with these?

For reference, here's the docker compose for the miniflux stack:

services:
  miniflux:
    image: miniflux/miniflux:latest
    container_name: miniflux
    ports:
      - "8099:8080"
    depends_on:
      db:
        condition: service_healthy
    environment:
      - DATABASE_URL=postgres://miniflux:secret@db/miniflux?sslmode=disable
      - BASE_URL=[redacted]

  db:
    image: postgres:15
    container_name: miniflux_db
    environment:
      - POSTGRES_USER=miniflux
      - POSTGRES_PASSWORD=secret
    volumes:
      - /media/config/miniflux:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "miniflux"]
      interval: 10s
      start_period: 30s

networks:
  default:
    name: proxy

Here is an example of the NPM setup. Cloudflare is the access list I created that limits it to Cloudflare's IP ranges, and the site-wide origin cert is selected on the SSL tab, just like my other proxy entries which are currently working.

That's pretty much where I am. This isn't my day job, it's something I mess with for fun and so I'd like to make it easy not just to set up but to expand if necessary, and easy enough that if I don't touch it for a year and come back to it I won't be completely clueless!

[–] hispeedzintarwebz@kbin.social 2 points 1 year ago (1 children)

Thank you! Caddy rings a bell as well - I will add that to the list. My current main site is still behind apache...it took my forever to figure out how to get it working so I've been afraid to touch it. I definitely don't think I want to go down that route again if at all possible.

[–] hispeedzintarwebz@kbin.social 1 points 1 year ago (1 children)

Thanks for the suggestion! Does cloudflare essentially fulfill the same role as letsencrypt (with DDOS protection added)? I've heard of cloudflare but I'm not particularly familiar with them.

[–] hispeedzintarwebz@kbin.social 2 points 1 year ago (4 children)

Awesome, thanks! That's 2 votes for NPM so far

Awesome, thanks for the reply. (My first reply on my first Kbin post, I'll add!)

I'll look into NPM

 

I've been running 2 linodes for a number of years now - one has my website (wordpress) on it and one has a Foundry VTT server running. Both are separate linodes, and I use Google Domains to point [site.tld] to the wordpress VPS and foundry.[site.tld] to the other linode.

For a few services I run at home within my own network (Sonarr, Lidarr, Plex, etc.) I've started to use Docker and Portainer, and I like how easy it is to set things up (and remove them if they don't work). I'd like to redo my VPS similarly - I'd like to have a single linode, as a Docker host, and have the main domain point to a Wordpress container, a subdomain point to a Foundry container, and be able to easily add other containers for something like freshrss, etc. My goal is to be able to quickly spin up a docker via a compose file (portainer would be preferred), have it automatically reach out to letsencrypt to get a cert for the relevant subdomain, and have that subdomain point to that docker container.

I've been doing some searching around, and there seem to be a number of options, things like nginx reverse proxy, traefik, etc. and there are a lot of conflicting results.

Does anyone here have an opinion on this or some advice as to what the best option to look into might be?