Apache Guacamole + Portainer + Nginx Proxy Manager + Cloudflare

Question

maybe somebody could help with this...

My setup:

Qnap TS-664

Docker containers (Portainer managed)

Domain at porkbun (lets call it example.com)

Cloudflare DNS:

A Name: example.com

C Name: Name: nginx, Content: example.com, Proxied

C Name: Name: g, Content: example.com, Proxied

C Name: Name: portainer, Content: example.com, Proxied

nginx config:

Source: nginx.example.com Destination: http://192.168.1.210:9081 HTTP only

Source: g.example.com Destination: http://192.168.1.210:32768 HTTP only

Source: portainer.example.com Destination: http://192.168.1.210:9000 HTTP only

Docker config for nginx:

services:
mariadb:
image: jc21/mariadb-aria:latest
container_name: npm_db
environment:
MYSQL_ROOT_PASSWORD: 'npm'
MYSQL_DATABASE: 'npm'
MYSQL_USER: 'npm'
MYSQL_PASSWORD: 'insecure'
volumes:
- /etc/localtime:/etc/localtime:ro
- ./npm_db:/var/lib/mysql
restart: unless-stopped

nginx-proxy-manager:
image: jc21/nginx-proxy-manager:latest
container_name: npm
depends_on:
- mariadb
ports:
- '9080:80'
- '9081:81'
- '9443:443'
environment:
DB_MYSQL_HOST: 'mariadb'
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: 'npm'
DB_MYSQL_PASSWORD: 'insecure'
DB_MYSQL_NAME: 'npm'
volumes:
- /etc/localtime:/etc/localtime:ro
- ./npm_data:/data
- ./npm_letsencrypt:/etc/letsencrypt
restart: unless-stopped

Docker config for guacamole:

version: '2.0'
networks:
guacnetwork_compose:
driver: bridge

services:
guacd:
container_name: guacd_compose
image: guacamole/guacd
networks:
guacnetwork_compose:
restart: always
volumes:
- ./drive:/drive:rw
- ./record:/record:rw

postgres:
container_name: postgres_guacamole_compose
environment:
PGDATA: /var/lib/postgresql/data/guacamole
POSTGRES_DB: guacamole_db
POSTGRES_PASSWORD: insecure
POSTGRES_USER: guacamole_user
image: postgres:15.2-alpine
networks:
guacnetwork_compose:
restart: always
volumes:
- ./init:/docker-entrypoint-initdb.d:z
- ./data:/var/lib/postgresql/data:Z

guacamole:
container_name: guacamole_compose
depends_on:
- guacd
- postgres
environment:
GUACD_HOSTNAME: guacd
POSTGRESQL_DATABASE: guacamole_db
POSTGRESQL_HOSTNAME: postgres
POSTGRESQL_PASSWORD: insecure
POSTGRESQL_USER: guacamole_user
image: guacamole/guacamole
links:
- guacd
networks:
guacnetwork_compose:
ports:
- 32768:8080/tcp
restart: always

docker config for portainer

version: '3'
services:
portainer:
image: portainer/portainer-ee:latest
container_name: portainer
restart: always
security_opt:
- no-new-privileges:true
ports:
- 9001:8000
- 9000:9000
- 9043:9443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./portainer-ee/data:/data:rw
environment:
TZ: Europe/Vienna

I also have some other containers (sonarr, radarr, ...) running which I can access via the C Name like-https://example.com/nginx which are all working.

I only have problems with guacamole and portainer (and now with photoprism as well) at the moment.

I also had problems with Heimdall, but I could figure out that it needs some special settings in nginx. --> Added to Custom Nginx Configuration:

location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass $forward_scheme://$server:$port$request_uri;
}

https://g.example.com and https://portainer.example.com is not reachable. But all my other apps (eg. https://nginx.example.com) are working.

I have tried eg.: https://www.reddit.com/r/selfhosted/comments/tvml0j/guacamole_behind_cloudflared_public_hostname/

So I am quite sure I am missing some custom nginx configs. I have already tried a lot but could not figure it out.

Any help would be appreciated...

thx

---

no success yet. Now I put everything into one docker-compose.yml Everything works, except gucamole. It is reachable locally under http://192.168.1.210:32768/guacamole but not via nginx :-(

here the docker file:

##############NETWORKS##############
networks:
  default:
    name: media
    external: true
##############NETWORKS##############

services:
     
  readarr:
    image: lscr.io/linuxserver/readarr:develop
    container_name: readarr
    environment:
      - PUID=$PUID
      - PGID=$PGID      
      - TZ=$TZ
    volumes:
      - ./readarr:/config
      - $MEDIADIR/books:/books #optional
      - $MEDIADIR/usenet/completed:/usenet/completed
    ports:
      - 8787:8787
    restart: unless-stopped
      
  nzbget: #usenet download agent
    image: ghcr.io/linuxserver/nzbget
    container_name: nzbget
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./nzbget:/config
      - $MEDIADIR/usenet/nzb:/usenet/nzb
      - $MEDIADIR/usenet/queue:/usenet/queue
      - $MEDIADIR/usenet/tmp:/usenet/tmp
      - $MEDIADIR/usenet/intermediate:/usenet/intermediate
      - $MEDIADIR/usenet/completed:/usenet/completed
    ports:
      - 6789:6789
    restart: unless-stopped

  radarr: #movie search agent
    image: ghcr.io/linuxserver/radarr
    container_name: radarr
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ
      - UMASK=022
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./radarr:/config
      - /share/2watch/movies:/movies
      - $MEDIADIR/usenet/completed:/usenet/completed
    ports:
      - 7878:7878
    restart: unless-stopped

  sonarr: #TV show search agent
    image: ghcr.io/linuxserver/sonarr:latest
    container_name: sonarr
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ
      - UMASK=022
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./sonarr:/config
      - /share/2watch/tv:/tv
      - $MEDIADIR/usenet/completed:/usenet/completed
    ports:
      - 8989:8989
    restart: unless-stopped

  tautulli: #plex monitoring
    image: ghcr.io/linuxserver/tautulli:latest
    container_name: tautulli
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ
      - UMASK=002
      - DEBUG=no
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./tautulli:/config
    ports:
      - 8181:8181
    restart: unless-stopped

  heimdall:
    image: lscr.io/linuxserver/heimdall:latest
    container_name: heimdall
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ
    volumes:
      - ./heimdall:/config
    ports:
      - 32771:80
      - 32772:443
    restart: unless-stopped

# Nginx Proxy Manager DB
  mariadb:
    image: jc21/mariadb-aria:latest
    container_name: npm_db
    environment:
      TZ: $TZ
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'insecure'
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./npm_db:/var/lib/mysql
    restart: unless-stopped
    ports:
     - 3306:3306
    expose:
     - 3306
  
  # Nginx Proxy Manager
  nginx-proxy-manager:
    image: jc21/nginx-proxy-manager:latest
    container_name: npm
    depends_on:
      - mariadb
    ports:
      - '9080:80'
      - '9081:81'
      - '9443:443'
    environment:
      TZ: $TZ
      DB_MYSQL_HOST: 'mariadb'
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: 'npm'
      DB_MYSQL_PASSWORD: 'insecure'
      DB_MYSQL_NAME: 'npm'
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./npm_data:/data
      - ./npm_letsencrypt:/etc/letsencrypt
    restart: unless-stopped
    
# Guacamole
  guacd:
    container_name: guacd_compose
    image: guacamole/guacd
    restart: always
    volumes:
      - ./guacamole/drive:/drive:rw
      - ./guacamole/record:/record:rw

  postgres:
    container_name: postgres_guacamole_compose
    environment:
      PGDATA: /var/lib/postgresql/data/guacamole
      POSTGRES_DB: guacamole_db
      POSTGRES_PASSWORD: insecure
      POSTGRES_USER: guacamole_user
    image: postgres:15.2-alpine
    restart: always
    volumes:
      - ./guacamole/init:/docker-entrypoint-initdb.d:z
      - ./guacamole/data:/var/lib/postgresql/data:Z

  guacamole:
    container_name: guacamole_compose
    depends_on:
      - guacd
      - postgres
    environment:
      GUACD_HOSTNAME: guacd
      POSTGRESQL_DATABASE: guacamole_db
      POSTGRESQL_HOSTNAME: postgres
      POSTGRESQL_PASSWORD: insecure
      POSTGRESQL_USER: guacamole_user
    image: guacamole/guacamole
    links:
      - guacd
    ports:
      - "32768:8080/tcp"
    restart: always

Answer 1

Your docker-compose for the nginx proxy manager could look like this

services:
mariadb:
image: jc21/mariadb-aria:latest
container_name: npm_db
environment:
MYSQL_ROOT_PASSWORD: 'npm'
MYSQL_DATABASE: 'npm'
MYSQL_USER: 'npm'
MYSQL_PASSWORD: 'insecure'
volumes:
- /etc/localtime:/etc/localtime:ro
- ./npm_db:/var/lib/mysql
restart: unless-stopped
ports:
- 3306:3306
expose:
- 3306 

nginx-proxy-manager:
image: jc21/nginx-poxy-manager:latest
container_name: npm
depends_on:
- mariadb
ports:
- '9080:80'
- '9081:81'
- '9443:443'
environment:
DB_MYSQL_HOST: 'mariadb'
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: 'npm'
DB_MYSQL_PASSWORD: 'insecure'
DB_MYSQL_NAME: 'npm'
volumes:
- /etc/localtime:/etc/localtime:ro
- ./npm_data:/data
- ./npm_letsencrypt:/etc/letsencrypt
restart: unless-stopped