DietPi-Dashboard
DietPi-Dashboard copied to clipboard
ravenclaw900
[Request] Adding base URL support for reverse proxy possibility
I'd like to add the dashboard to my reverse proxy. With the nodes update its even easier to access all my RPI from one URL. I'd think it would make it much easier if it also could be added to a reverse proxy.
EDIT: btw I Had a problem displaying other nodes on the single web ui. fyi It was caused by my ad blocker not allowing other domains. Might want to add a warning for other users. It displays this message forever: "Connecting to API..."
Adding it to your revers proxy is something you would need to do yourself. At the moment non of DietPi offered software has such a function to setup a revers proxy. 🤔
Yes I get that, what im saying is there should be an option for a custom base url so I can proxy it under mydomain.com/dashboard. I guess it can be done with subdomains as that doesnt require a custom base URL but atm im using subdirectory.
I guess it can be done with rewrite rules, but I havent gotten into them ill have to do some research
ah ok now I understood. That indeed what is missing to specify a customer url sub path
I think it would work for other nodes if you just put the URL in the nodes box (e.g. example.com:5252/baseurl). However, the current node would require another setting.
I'm still wondering in which case, proxy + application combination this is actually required. I successfully setup reverse proxies like https://<host>/<app> => http://127.0.0.1:<port>, but in some cases indeed it fails without having the proxy path as application base path as well. Probably it depends on how internal URLs and links are generated. Will try it with DietPi-Dashboard, Nginx, Apache2 and Lighttpd the next days, but need to concentrate on some Odroid N2 development first.
Okay, so I totally forgot about this. Just tested it seems I get a 404 with the reverse proxy pointing to subfolder /dashboard/. Nginx config:
location /dashboard/ {
#Authentication required for reverse proxy access, allows lan clients
include /etc/nginx/snippets/reverse-proxy-authentication-admin.conf;
include /etc/nginx/config/[domain]/proxy.conf;
proxy_pass http://127.0.0.1:5252/;
}
/etc/nginx/config/[domain]/proxy.conf
#client_max_body_size 0;
client_body_buffer_size 128k;
proxy_bind $server_addr;
proxy_buffers 32 4k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
proxy_hide_header X-Frame-Options;
#add_header X-Frame-Option "DENY";
# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_no_cache $cookie_session;
proxy_cache_bypass $cookie_session;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Original-URL $request_uri;
proxy_set_header X-Forwarded-Host $host;
/etc/nginx/snippets/reverse-proxy-authentication-admin.conf
# Organizr Auth v2 #
######################
#auth_request /auth-0; #=Admin
#auth_request /auth-1; #=Co-Admin
#auth_request /auth-2; #=Super User
#auth_request /auth-3; #=Power User
#auth_request /auth-4; #=User
#auth_request /auth-998; # logged in
#auth_request /auth-999; #=Guest
#Not challenge if client is on lan or localhost
satisfy any;
allow 10.0.0.0/8;
allow 192.168.1.0/24;
allow 127.0.0.0/8;
deny all;
#https://docs.organizr.app/books/setup-features/page/serverauth
#Allows access to Co-Admins authenticated on organizr
auth_request /auth-0;
It seems a base url configuration option is needed: (chrome console)
GET https://[domain]/assets/index.78a32cef.js net::ERR_ABORTED 404
GET https://[domain]/assets/xterm.6fe708e6.js net::ERR_ABORTED 404
GET https://[domain]/assets/index.69f8c40f.css net::ERR_ABORTED 404
Hi there, was that added somehow? did someone make it work? Im making the same thing, I need a custom url... currently I use this schema to get urls out of my services (apache 2) ProxyPass /ubooquity http://localhost:2039/ubooquity ProxyPassReverse /ubooquity http://localhost:2039/ubooquity
tho in this example, ubooquity gives you the option for a custom proxy "/ubooquity" (like lidarr, readarr, jacket etc)
that'd be great to add to my main dash with all my services!!
I get stuck at "Connecting to API..." with this error periodically showing up
My NGINX configuration is as follows:
server {
# DietPi Dashboard
listen 80;
server_name dietpi.local;
location / {
proxy_pass http://127.0.0.1:5252/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
Am I doing something wrong or is this still unsupported?
As the error message indicates, you need to setup a websocket proxy as well:
location /ws { proxy_pass ws://127.0.0.1:5252/ws; }
location / { proxy_pass http://127.0.0.1:5252/; }
Try to skip the extra headers first. AFAIK, most of them are set automatically by Nginx, and the dashboard does not handle them anyway (also AFAIK).
It would seem I had made a minor mistake without realizing. This configuration works fine (also removed what didn't seem to matter).
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
# DietPi Dashboard
listen 80;
server_name dietpi.local;
location / {
proxy_pass http://127.0.0.1:5252/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
Thanks for the help!