Docker install fails as soon as its behind a proxy

smileBeda · October 28, 2024, 9:16am

So I’ve tried out the docker install. It works great as long as I access it via IP:Port (either internal DockerIP:Port or MachineIP:Port).

As soon its behind a proxy, I lose all my settings, and a log of console errors appears (mostly Failed to load resource: the server responded with a status of 500 () on domain.tld/index.json)

Here’s my setup:

local SSD disk with folder /silverbullet/space
Docker file pasted below
CloudFlare DNS’s a subdomain to a remote VPS where I have Caddy installed. Caddy proxies the request to the internal network built with WireGuard, which tunnels the request to my home-server, where NGINX Proxy Manager proxies the incoming request to DockerIP:Port.

This sounds more complicated than it is - the setup works very well for a two dozen of other services (websites, jellyfin, wordpress installs, you name it).

When I look at Silverbullet via DockerIP:Port (or MachineIP:Port) I have all my customizations in place and no errors. When I look at it via the domain.tld then above failure happens.

Docker file:

services:
  silverbullet:
    image: zefhemel/silverbullet
    container_name: silverbullet
    restart: unless-stopped
    environment:
    - SB_USER=admin:***
    volumes:
      - /silverbullet/space:/space
    ports:
      - 3001:3000
    networks:
      - proxy

  watchtower:
    image: containrrr/watchtower
    container_name: watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
 
networks:
  proxy:
    external: true
    name: npm_proxy

Points to consider:

Yes I need the extra network, it is for NPM to handle the proxying.
Yes I need port 3001 because port 3000 is occupied by gitea. Anyway it shouldn’t matter unless I use the MachineIP (which is what I often do and exactly why I need another port)
when I go to the silverbullet in a browser (be it via DockerIP/MachineIP or via domain) I get an alert saying a redirect was detected, I have to dismiss it twice until I can sign in. This happens only when I’m signed out.
I notice docker up created a data folder in my /silverbullet/ path… which I have not created myself. I suppose this is expected to store the data? In any case, it is empty.

Anyone has any clue of what I can do to fix the main issue being Silverbullet not reading my SETTINGS etc when accessed via the domain?

For fun, an image of the network setup

bent0n · October 28, 2024, 11:49am

I have a similar setup except that I use caddy both on my VPS and my local machine. I’m guessing that like me you are behind CGNAT or similar on your home ip?

I would say it’s most likely a misconfiguration on one of the proxy considering that direct ip access works.

Could you share the relevant part of your config?

Wild guess… Is NPM pointing to port 3000 or 3001? As it is using docker network between NPM and SB, you need to point to the container internal port, not the one published externally.

smileBeda · October 29, 2024, 9:10am

Thanks

Yes I point it to the proper IP (Docker internal) with proper Port (Docker internal 3001)
Am I behind a CGNAT? Well most likely. My (home) internet is actually a LTE connection distributed via portable router (I know it is insane, but hey, it works)

The thing is the same setup works fine for a plethora (around 20) other services I self host, many of which are easily more complex than SB (WP Docker can be a REAL pain, for example). I am pretty sure I did not misconfigure anything, also because it “works” - meaning I can reach the thing, just that the thing breaks inside itself (JS errors, etc)

There is not much config about the NPM to share - it is literally just GUI settings > new proxy > http + Local DockerIP:3000, support websocket. That’s it

Now… I just saw this:

Apparently SB cannot be installed in a subdomain, so that is probably the issue? I do run this on notes.domain.tld, as I do not want to buy a dedicate domain just for the SB instance.

Apologies for the ping - @zef, can you confirm my above described attempt will simply not work on a subdomain? I mean, if that is not supported, I think the whole shebang between Cloudflare and my local docker are not the issue, rather that the instance is called over a subdomain is the problem?

Thanks!

bent0n · October 29, 2024, 10:00am

It works on the root of a subdomain. It wouldn’t work to host it on a specific path like domain.tld/notes.

To troubleshoot, I would try to check where the issue is. You could add notes.domain.tld Machine.IP or notes.domain.tld VPS.IP in your host file to bypass part of the chain and see where it breaks.

smileBeda · October 29, 2024, 10:18am

Got it, thanks - misunderstood the other post then.

I will debug and feedback!
Might need a few days since I am about to board some planes

Cheers

paletochen · October 30, 2024, 8:57am

I have SilverBullet working within Docker and a reverse proxy + Authelia.
By now I may have configurations for several reverse proxies (unless i lost the notes), as I tried:

Caddy
Nginx Proxy Manager (NPM)
Traefik
SWAG

I currently use SWAG.

Let me know if you use any of this and it is not working as I could provide my config details