[Request] Adding base URL support for reverse proxy possibility

[Tooloco]

I'd like to add the dashboard to my reverse proxy. With the nodes update its even easier to access all my RPI from one URL. I'd think it would make it much easier if it also could be added to a reverse proxy.

EDIT: btw I Had a problem displaying other nodes on the single web ui. fyi It was caused by my ad blocker not allowing other domains. Might want to add a warning for other users. It displays this message forever: "Connecting to API..."

[Joulinar]

Adding it to your revers proxy is something you would need to do yourself. At the moment non of DietPi offered software has such a function to setup a revers proxy. 🤔

[Tooloco]

Yes I get that, what im saying is there should be an option for a custom base url so I can proxy it under mydomain.com/dashboard. I guess it can be done with subdomains as that doesnt require a custom base URL but atm im using subdirectory.

I guess it can be done with rewrite rules, but I havent gotten into them ill have to do some research

[Joulinar]

ah ok now I understood. That indeed what is missing to specify a customer url sub path

[ravenclaw900]

I think it would work for other nodes if you just put the URL in the nodes box (e.g. example.com:5252/baseurl). However, the current node would require another setting.

[MichaIng]

I'm still wondering in which case, proxy + application combination this is actually required. I successfully setup reverse proxies like https://<host>/<app> => http://127.0.0.1:<port>, but in some cases indeed it fails without having the proxy path as application base path as well. Probably it depends on how internal URLs and links are generated. Will try it with DietPi-Dashboard, Nginx, Apache2 and Lighttpd the next days, but need to concentrate on some Odroid N2 development first.

[Tooloco]

I can do some testing on my setup tomorrow as well, I'm using Nginx.

[Tooloco]

Okay, so I totally forgot about this. Just tested it seems I get a 404 with the reverse proxy pointing to subfolder /dashboard/. Nginx config:

location /dashboard/ {
          #Authentication required for reverse proxy access, allows lan clients
          include /etc/nginx/snippets/reverse-proxy-authentication-admin.conf;
          include /etc/nginx/config/[domain]/proxy.conf;
          proxy_pass http://127.0.0.1:5252/; 
}

/etc/nginx/config/[domain]/proxy.conf

#client_max_body_size 0;
client_body_buffer_size 128k;
proxy_bind $server_addr;
proxy_buffers 32 4k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
proxy_hide_header X-Frame-Options;
#add_header X-Frame-Option "DENY";

# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_no_cache $cookie_session;
proxy_cache_bypass $cookie_session;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Original-URL $request_uri;
proxy_set_header X-Forwarded-Host $host;

/etc/nginx/snippets/reverse-proxy-authentication-admin.conf

        # Organizr Auth  v2  #
        ######################
        #auth_request /auth-0;   #=Admin
        #auth_request /auth-1;   #=Co-Admin
        #auth_request /auth-2;   #=Super User
        #auth_request /auth-3;   #=Power User
        #auth_request /auth-4;   #=User
        #auth_request /auth-998; # logged in
        #auth_request /auth-999; #=Guest

        #Not challenge if client is on lan or localhost
        satisfy    any;
        allow      10.0.0.0/8;
        allow      192.168.1.0/24;
        allow      127.0.0.0/8;
        deny       all;
        #https://docs.organizr.app/books/setup-features/page/serverauth
        #Allows access to Co-Admins authenticated on organizr
        auth_request /auth-0;

It seems a base url configuration option is needed: (chrome console)

GET https://[domain]/assets/index.78a32cef.js net::ERR_ABORTED 404
GET https://[domain]/assets/xterm.6fe708e6.js net::ERR_ABORTED 404
GET https://[domain]/assets/index.69f8c40f.css net::ERR_ABORTED 404

[surtarso]

Hi there, was that added somehow? did someone make it work? Im making the same thing, I need a custom url... currently I use this schema to get urls out of my services (apache 2) ProxyPass /ubooquity http://localhost:2039/ubooquity ProxyPassReverse /ubooquity http://localhost:2039/ubooquity

tho in this example, ubooquity gives you the option for a custom proxy "/ubooquity" (like lidarr, readarr, jacket etc)

that'd be great to add to my main dash with all my services!!

[Joulinar]

this is still on the agenda and has not been implemented yet.

[Exioncore]

I get stuck at "Connecting to API..." with this error periodically showing up My NGINX configuration is as follows:

    server {
        # DietPi Dashboard
        listen 80;
        server_name dietpi.local;
        location / {
            proxy_pass      http://127.0.0.1:5252/;
            proxy_http_version  1.1;
            proxy_set_header    Host        $host;
            proxy_set_header    Upgrade     $http_upgrade;
            proxy_set_header    Connection  "upgrade";
            proxy_set_header    X-Real-IP   $remote_addr;
            proxy_set_header    X-Forwarded-For $remote_addr;
        }
    }

Am I doing something wrong or is this still unsupported?

[MichaIng]

As the error message indicates, you need to setup a websocket proxy as well:

location /ws { proxy_pass ws://127.0.0.1:5252/ws; }
location / { proxy_pass http://127.0.0.1:5252/; }

Try to skip the extra headers first. AFAIK, most of them are set automatically by Nginx, and the dashboard does not handle them anyway (also AFAIK).

[Exioncore]

It would seem I had made a minor mistake without realizing. This configuration works fine (also removed what didn't seem to matter).

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    server {
        # DietPi Dashboard
        listen 80;
        server_name dietpi.local;
        location / {
            proxy_pass      http://127.0.0.1:5252/;
            proxy_http_version  1.1;
            proxy_set_header    Upgrade     $http_upgrade;
            proxy_set_header    Connection  "Upgrade";
        }
    }

Thanks for the help!

[MichaIng]

Looks like the Upgrade header makes the websocket proxy obsolete 👍.