Basically I’m trying to get my [non-container] traefik reverse proxy wired up to an uptime-kuma containerized service… I can get it to work when uptime-kuma is not in a container by pointing it towards localhost, but am really struggling with the limited guidance I can find on the wiki, googling etc to connect to it when its in a [nixos systemd-nspawn] container.
Here is my current config for the service:
{
config,
configVars,
pkgs,
lib,
...
}:
let
app = "uptime-kuma";
appContainerIp = "172.21.1.3";
in
{
containers.${app} = {
autoStart = true;
ephemeral = true;
privateNetwork = true;
hostAddress = "${configVars.aspenIp}";
localAddress = "${appContainerIp}";
#forwardPorts = [ # I don't think port forwarding should be necessary but doesn't work regardless.
#{
# containerPort = 3001;
# hostPort = 3001;
# protocol = "tcp";
#}
#];
config = {config, pkgs, lib, ...}: {
services = {
${app}.enable = true;
resolved = {
enable = true; # use systemd-resolved for DNS functionality inside container
llmnr = "false"; # disable link-local multicast name resolution inside container
};
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 3001 ];
};
useHostResolvConf = lib.mkForce false; # use systemd-resolved inside the container
};
system.stateVersion = "23.11";
};
};
services.traefik.dynamicConfigOptions.http = {
routers.${app} = {
entrypoints = ["websecure"];
rule = "Host(`${app}.${configVars.domain3}`)";
service = "${app}";
middlewares = [
#"authelia"
"secure-headers"
];
tls = {
certResolver = "cloudflareDns";
options = "tls-13@file";
};
};
services.${app} = {
loadBalancer = {
passHostHeader = true;
servers = [
{
#url = "http://localhost:3001"; # only works when uptime-kuma is not running in a container
#url = "${appContainerIp}:3001"; # 404 not found error in the traefik access log
url = "http://${appContainerIp}:3001"; # what I think should work from reading the wiki page but 502 bad gateway error in the traefik access log
#url = "http://${appContainerIp}:3001"; # something chatGPT reccomended but 502 bad gateway error in the traefik access log
}
];
};
};
};
}
Here is my networking config for the host:
{
lib,
config,
pkgs,
...
}:
{
services.resolved = {
enable = true; # use systemd-resolved for DNS functionality
llmnr = "false"; # disable link-local multicast name resolution
};
networking = {
useDHCP = false; # disable defaut dhcpcd networking backend in favor of systemd-networkd enabled below
hostName = "aspen";
firewall = {
enable = false;
};
nat = { # allow specific nixos-containers to reach outside network
enable = true;
internalInterfaces = ["ve-uptime-kuma"];
externalInterface = "enp0s3";
enableIPv6 = false;
};
};
systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false; # for wait-online error - need to find proper solution
systemd.network = {
enable = true;
#wait-online.anyInterface = true; # systemd's wait-online target only requires that at least one managed interface be up instead of all managed interfaces
networks = {
"05-loopback" = {
matchConfig.Name = "lo";
linkConfig.RequiredForOnline = "no";
};
"10-ethernet" = {
matchConfig.Name = "enp0s3";
networkConfig.DHCP = "ipv4";
dhcpV4Config.RouteMetric = 300;
dhcpV6Config.RouteMetric = 300;
linkConfig.RequiredForOnline = "no";
};
};
};
}