[FR&EN] Yunohost & Nginx Reverse Proxy

:uk:Hi everyone,
I’d like to host Yunohost in my homelab which is already hosting some sites and services behind a Nginx Reverse Proxy.
What I’ve done so far:

  • Setup Yunohost
  • Configure my NGinx Reverse proxy to permit HTTPS access and manage certificate.

It’s working buy I have 2 issues:

  • If I setup an app the admin interface say 504 Gateway Time out even though the app is correctly setup.
    –The diagnostic interface says that my server is not reachable through Http which I thought was normal since I force HTTPS connections

Can someone who tried that give me advice or tips regarding my issues or this topic in general ?

Thanks !

:fr:Bonjour tout le monde,
J’aimerais héberger Yunohost sur mon homelab qui héberge déjà des sites derrière un reverse proxy Nginx.
Ce qui a déjà été fait pour l’instant:

  • Installer Yunohost
  • Configurer mon reverse proxy Nginx pour permettre l’accès HTTPS et la gestion des certificats.

Cela fonctionne mais j’ai deux problèmes

  • Quand j’install une app j’ai le message 504 Gateway Time out bien que l’app soit correctement installée.
  • L’interface de diagnostic me dit que mon serveur n’est pas accessible en HTTP de l’extérieur, ce qui est normal je force le HTTPS

Est ce que quelqu’un qui est dans cette configuration aurait des conseils ou des astuces sur ces problèmes ou autres ?

Merci !

Nginx proxy configuration:

server{
    listen 80;
    server_name  mondomaine.tld;
    return       301 mondomaine.tld$request_uri;
    access_log /var/log/nginx/yunohost_access.log combined;
    error_log /var/log/nginx/yunohost_error.log error;
    location /.well-known {
        include proxy_params;
        proxy_pass http://192.168.X.Y/.well-known;
	}
 } 

server {
    listen       443 ssl http2;
    server_name mondomaine.tld;
    access_log /var/log/nginx/yunohost_ssl_access.log combined;
    error_log /var/log/nginx/yunohost_ssl_error.log error;
 
    location /.well-known {
	include proxy_params;
        proxy_pass https://192.168.X.Y/.well-known;
	}
    
        ssl_certificate /etc/letsencrypt/live/mondomaine.tld/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mondomaine.tld/privkey.pem;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ecdh_curve secp384r1;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;

        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; ";    
	
    location / {
                include proxy_params;
		proxy_pass https://192.168.X.Y;                
		access_log /var/log/nginx/yunohost_ssl_access.log combined;
                error_log /var/log/nginx/yunohost_ssl_error.log error;
		 }
}

Look at this


and this

1 Like