❓ How to setup with HTTPS?

[snapshotleisure]

⚠️ Please verify that this bug has NOT been raised before.

• I checked and didn't find similar issue

🛡️ Security Policy

• I agree to have read this project Security Policy

📝 Describe your problem

Hi, I was wondering how to do I setup Dockge to have HTTPS? is there any instructions on it? I haven't been able to find any

📝 Error Message(s) or Log

No response

🐻 Dockge Version

1.2

💻 Operating System and Arch

PhotonOS

🌐 Browser

Google Chrom

🐋 Docker Version

24.0.5

🟩 NodeJS Version

No response

[Jayllyz]

The wiki is currently in WIP, so if you need infos, you can use uptime-kuma's wiki.
https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy

[hermannx5]

I also have problem with HTTPS. I am using nginx rproxy manager and activated the "Websockets Support" option as is described in the kuma wiki. Unfortunately it just does not work. Using the exact same setup with Kuma, it works..
Does anybody have some additional tips ?
Other than that, btw.: really great, great work - just like Kuma !

[Jayllyz]

I also use nginx proxy manager for Dockge, I don't have any problems.
Could you share your configuration and what exactly is your problem?

[hermannx5]

I am actually doing nothing special. I use duckdns for dyndns and a letsencrypt wildcard certificate. When setting up the proxy host in nginx I do just the standard stuff and activate the option "Websockets Support". When I try to reach dockge via the reverse proxy I see shortly a black page with the dockge logo up top which is then overlayed by a big red banner telling me that the socket server cannot be reached and how to potentially fix this ("Keine Verbindung zum Socket Server. [Error: websocket error] Erneuter Verbindungsaufbau…
Wird ein Reverse Proxy genutzt? Lerne wie dieser für WebSockets zu konfigurieren ist.").
The only unusual (?) thing in my setup is that actually in my router I opened not the standard https port but some other port which then routes internally to port 443. For uptime kuma, I used the exact same setup and interestingly it worked for kuma but not dockge....

[hermannx5]

Update: I have now updated to 1.4.1 and without any changes in NGinx Proxy Manager everything seems to work fine now...

[snapshotleisure]

I would still like to see if there is HTTPS Support for Dockge as if I put a proxy in front of it, it generates a lot of logs and noise in the proxy logs due to the websocket connection, which makes it hard for trouble shooting.

Example, I have a machine with Docker on it, I run the proxy as a docker container and also dockge on it. I am setting up a new service in the proxy to route and there are issues. I try to look at the proxy logs by logging into dockge to view the docker logs of the proxy. By doing this I am now seeing all the websocket messages in the proxy logs and I can't easily see the request that is causing the issue of the new service.

It also makes securing a dockge instance a bit cumbersome, If I want to a secure Dockge environment, I need to first fire up dockge, then setup the reverse proxy, then modify the compose file to no longer expose the 5001 port.

As a central tool for managing core infrastructure like docker, I would expect security to be first priority as someone can easily sniff your password via plain text http. I think dockge should be secure from the very first moment you create your admin user with password.

[jgardner-qha]

I use Traefik, which makes this incredibly simple. With a Traefik docker container handling SSL and the Dockge environment behind it, it took only a minute to add the Dockge stack behind my existing proxy without ever exposing any public ports. You can also easily use forward-auth with Traefik to add a layer of security in front of Dockge from the start without much effort.

[samerfarida]

I tried doing the same but no luck! Could you please share the labels used or the entire docker compose example? I have Traefik and works perfectly with others with no issues.

[jgardner-qha]

Sorry for the delay, @samerfarida. Here's an example of how I use docker, traefik, and dockge together to easily handle SSL reverse proxy.
dockge traefik examples.txt

[coreyaboy]

@snapshotleisure @samerfarida I ran into this problem, described exactly as both of you have. Just a few minutes ago I lucked out with a random desperation-edit and got it working, thought I would circle back around here and give an update in case it turns out to be the fix you need.

Long story short, dockge will not respond to a reverse proxy via hostname. Your reverse proxy must connect to dockge by IP address. The docker hosts external IP address, not the container's internal address.

I tried three different reverse proxy platforms. NPM. Caddy. Traefik. With each, I could get Uptime-Kuma working just fine but no luck with dockge. Each time, everything was a fresh install, compose files lifted straight from developer pages, reverse proxy to dockge always results in a bad gateway while uptime-kuma just works. In each case, once I switched from hostname to the docker host's external IP address, it just magically started working.

Don't know if I am overlooking something here. I'd prefer to use hostname. Best practices and such. But I'm fatigued with fiddling with this irrational issue, so I'm just going to leave it as is and grab a beer.

I'm attaching my docker compose yml files and screen shots of the NPM proxy host setup that worked for me.

For the security minded, yes, I later later enabled all the SSL features on the SSL tab and setup a local-access-only rule in NPM to keep dockge access restricted to the local network. Didn't break anything.

dockge_compose_yml.txt
npm_compose_yml.txt

[jgardner-qha]

I'm surprised this is proving difficult, as I haven't had any problems. I've used both NGINX and Traefik reverse proxies. Here's my dockge compose, traefik compose, and traefik.yml files. Some details have been removed, so these may not work directly - you'll need to modify/add to them as appropriate for your environment.

This is the basic configuration I use for all of my services, and I've got dockge running behind an SSL reverse proxy on a dozen or so servers and several dozens of websites and web applications using this method.
 
dockge traefik examples.txt

[coreyaboy]

Hey! Thanks for the reply. I tagged you above thinking you were one of the folk struggling with this. Sorry for that.

Google brought me to a handful of technical forums where I saw several other people struggling with similar, so I know there's gotta be something to it. After stumbling into the solution that worked for me, I'm convinced that the common thread is something to do with the docker network environment or local DNS or something along those lines, but I haven't the foggiest idea what to look into next.

Being honest, whatever it is, it's beyond the intersection of my patience and skill level. I'm taking my sub-optimal IP address solution and calling it good enough.

Cheers!