Hey Guys,

so I still have no clue about most of the stuff im doing hence why I am doing it :)

I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.

Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:

homeassistant:
  internal_url: http://192.168.178.214:8123
  external_url: https://ha.xxxxx.duckdns.org

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.22.0.0/24

Following is my Homeassistant Configuration:

  homeassistant:
    container_name: homeassistant
    image: "ghcr.io/home-assistant/home-assistant:stable"
    volumes:
      - /homeassistant/:/config
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    network_mode: host
    privileged: true
    ports:
      - 8123:8123
      - 5683:5683

  nginx-proxy-manager:
    container_name: nginx
    privileged: true
    image: 'jc21/nginx-proxy-manager:latest'
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    environment:
      DB_MYSQL_HOST: "nginx-db"
      DB_MYSQL_PORT: 3306
    volumes:
      - /nginx/data:/data
      - /nginx/letsencrypt:/etc/letsencrypt

  nginx-db:
    container_name: nginx-db
    image: 'jc21/mariadb-aria:latest'
    environment:
    volumes:
      - /nginx/mysql:/var/lib/mysql

  vaultwarden:
    container_name: vaultwarden
    image: vaultwarden/server:latest
    restart: unless-stopped
    volumes:
      - /vaultwarden:/data/
    ports:
      - 8125:3012
      - 8124:80
    environment:
      - DOMAIN=https://vw.xxxxx.duckdns.org
      - LOGIN_RATELIMIT_MAX_BURST=10
      - LOGIN_RATELIMIT_SECONDS=60
      - ADMIN_RATELIMIT_MAX_BURST=10
      - ADMIN_RATELIMIT_SECONDS=60
      - ADMIN_TOKEN=
      - SENDS_ALLOWED=true
      - EMERGENCY_ACCESS_ALLOWED=true
      - WEB_VAULT_ENABLED=true
      - SIGNUPS_ALLOWED=true

I have forwarded the ports in the router.

I have set up nginx the following:

Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).

What is the reason for this?

Do I have to set some sort of header?

Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.

  • redcalcium@lemmy.instituteEnglish
    4·
    6 months ago

    What happened when you tried to open it on incognito mode / private browsing mode?

    Btw, if you’re using Chrome, you can type thisisunsafe to bypass hsts warning if nothing else work.

    • Lobotomie@lemmy.worldOPEnglish
      1·
      6 months ago

      if I close the 8123 port and remove my cache, firefox will warn me, if I click on forward anyways it will forward to a website from my router for some reason saying that the DNS-Rebind-Protection has blocked my attempt and that there is some issue with the host-header.

      • redcalcium@lemmy.instituteEnglish
        2·
        6 months ago

        Instead of forwarding ha.yourdomain.com to 192.168.178.214 (which I assume is the lan ip address for your machine), you should forward it to a hostname called homeassistant (which is the hostname for the home assistant instance inside your docker compose network).

        • Lobotomie@lemmy.worldOPEnglish
          1·
          6 months ago

          Now I get a error Fehlercode: SEC_ERROR_UNKNOWN_ISSUER, and if I continue it will again go to my router with the DNS-REbind / Host-Header Issue