I'm unable to connect to Sonnar/Radarr using the App. Well, actually I can, but selectively.
For Sonarr - the "All" tab is not working - "Could not connect to Sonarr",
For Radarr - the "All" tab is not working - "Could not connect to Radarr"; "Missing" and "Cinemas" are loading infinitely;
Adding new titles works, connection test in settings is passed. Services are accesible with browser. It does not matter, whether I'm connecting from within or outside of my NAT.
This has something to do with nginx reverse proxy.
My setup: sonarr in a docker container (linuxserver/sonarr) running in a docker swarm (but only a single instance), behind nginx reverse proxy.
When it works: sonarr accesed directly via port mapped to its container (eg. http://192.168.111.2:8989)
When does not work:
- In config such as below (https://user:pass@sonarr.domain.com:443 -> http://sonarr:8989)
- or when reverse-proxying nginx to address and port mapped directly to the sonarr's container (eg. https://user:pass@192.168.111.2:5000 -> http://192.168.111.2:8989)
nginx server config:
Code: Select all
upstream sonarr {
server sonarr:8989;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sonarr.domain.com www.sonarr.domain.com;
include /config/nginx/snippets/secure-ssl.conf;
include /config/nginx/snippets/auth.conf;
location / {
proxy_pass http://sonarr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}
nginx ssl snippet:
Code: Select all
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1;
resolver 8.8.8.8 8.8.4.4;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
docker-compose.yaml
Code: Select all
services:
swag:
image: ghcr.io/linuxserver/swag
container_name: swag
cap_add:
- NET_ADMIN
environment:
PUID: 1000
PGID: 122
TZ: Europe/Warsaw
URL: domain.com
SUBDOMAINS: wildcard
VALIDATION: dns
DNSPLUGIN: provider #optional
# PROPAGATION: #optional
# DUCKDNSTOKEN: #optional
EMAIL: me@email.com #optional
ONLY_SUBDOMAINS: "false" #optional
# EXTRA_DOMAINS: #optional
STAGING: "false" #optional
# MAXMINDDB_LICENSE_KEY: #optional
restart: unless-stopped
volumes:
- ./swag/config:/config
networks:
- sab_proxy
ports:
- mode: host
protocol: tcp
published: 443
target: 443
deploy:
placement:
constraints:
- node.hostname == myhost
sonarr:
image: ghcr.io/linuxserver/sonarr
container_name: sonarr
environment:
TZ: Europe/Warsaw
PUID: 1000 # set this to the UID of your user
PGID: 122 # set this to the GID of your user
UMASK: "002" #optional
restart: unless-stopped
networks:
- sab
- sab_proxy
ports:
- 8989:8989 # port mapping
volumes:
- "./sonarr/config:/config"
deploy:
# replicas: 2
placement:
constraints:
- node.hostname == myhost
networks:
sab:
driver: overlay
sab_proxy:
driver: overlay
