Redirect 302 redirect from GET @messages_create (14f8c7)

GET https://kbin.spritesserver.nl/index.php/m/selfhosted@lemmy.world/t/25290/Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using/newest

Response
200 OK
IP
216.73.216.97
Profiled on
Token
ada770

Security

Token

There is no security token.

Firewall

main Name
Security enabled
Stateless

Configuration

Key Value
provider security.user.provider.concrete.app_user_provider
context main
entry_point App\Security\KbinAuthenticator
user_checker App\Security\UserChecker
access_denied_handler (none)
access_denied_url (none)
authenticators 
[
  "two_factor"
  "remember_me"
  "App\Security\KbinAuthenticator"
  "App\Security\FacebookAuthenticator"
  "App\Security\GoogleAuthenticator"
  "App\Security\GithubAuthenticator"
  "App\Security\KeycloakAuthenticator"
]

Listeners

Listener Duration Response 
Symfony\Component\Security\Http\Firewall\ChannelListener {#723
  -map: Symfony\Component\Security\Http\AccessMap {#722 …}
  -logger: Monolog\Logger {#783 …}
  -httpPort: 80
  -httpsPort: 443
}
 0.00 ms (none) 
Symfony\Component\Security\Http\Firewall\ContextListener {#706
  -tokenStorage: Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage {#1017 …}
  -sessionKey: "_security_main"
  -logger: Monolog\Logger {#783 …}
  -userProviders: Symfony\Component\DependencyInjection\Argument\RewindableGenerator {#705 …}
  -dispatcher: Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher {#747 …}
  -registered: false
  -trustResolver: Scheb\TwoFactorBundle\Security\Authentication\AuthenticationTrustResolver {#780 …}
  -sessionTrackerEnabler: Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage::enableUsageTracking(): void {#703 …}
}
 22.96 ms (none) 
Symfony\Component\Security\Http\Firewall\AuthenticatorManagerListener {#584
  -authenticatorManager: Symfony\Component\Security\Http\Authentication\AuthenticatorManager {#595 …}
}
 0.00 ms (none) 
Scheb\TwoFactorBundle\Security\Http\Firewall\TwoFactorAccessListener {#582
  -twoFactorFirewallConfig: Scheb\TwoFactorBundle\Security\TwoFactor\TwoFactorFirewallConfig {#842 …}
  -tokenStorage: Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage {#1018 …}
  -twoFactorAccessDecider: Scheb\TwoFactorBundle\Security\Authorization\TwoFactorAccessDecider {#581 …}
}
 0.06 ms (none) 
Symfony\Component\Security\Http\Firewall\AccessListener {#579
  -tokenStorage: Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage {#1018 …}
  -accessDecisionManager: Symfony\Component\Security\Core\Authorization\TraceableAccessDecisionManager {#937 …}
  -map: Symfony\Component\Security\Http\AccessMap {#722 …}
}
 0.00 ms (none) 
Symfony\Component\Security\Http\Firewall\LogoutListener {#786
  -tokenStorage: Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage {#1018 …}
  -options: [
    "csrf_parameter" => "_csrf_token"
    "csrf_token_id" => "logout"
    "logout_path" => "app_logout"
  ]
  -httpUtils: Symfony\Component\Security\Http\HttpUtils {#841 …}
  -csrfTokenManager: Symfony\Component\Security\Csrf\CsrfTokenManager {#1015 …}
  -eventDispatcher: Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher {#747 …}
}
 0.00 ms (none)

Authenticators

No authenticators have been recorded. Check previous profiles on your authentication endpoint.

Access Decision

affirmative Strategy
# Voter class
1 
"Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter"
2 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
3 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
4 
"Symfony\Component\Security\Core\Authorization\Voter\ExpressionVoter"
5 
"App\Security\Voter\EntryCommentVoter"
6 
"App\Security\Voter\EntryVoter"
7 
"App\Security\Voter\MagazineVoter"
8 
"App\Security\Voter\MessageThreadVoter"
9 
"App\Security\Voter\MessageVoter"
10 
"App\Security\Voter\NotificationVoter"
11 
"App\Security\Voter\OAuth2UserConsentVoter"
12 
"App\Security\Voter\PostCommentVoter"
13 
"App\Security\Voter\PostVoter"
14 
"App\Security\Voter\UserVoter"

Access decision log

# Result Attributes Object
1 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
2 DENIED moderate 
App\Entity\Entry {#2419
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +magazine: App\Entity\Magazine {#265
    +icon: Proxies\__CG__\App\Entity\Image {#246 …}
    +name: "selfhosted@lemmy.world"
    +title: "selfhosted"
    +description: """
      A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
      \n
      Rules:\n
      \n
      - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
      - No spam posting.\n
      - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
      - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
      - No trolling.\n
      \n
      Resources:\n
      \n
      - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
      - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
      - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
      \n
      > Any issues on the community? Report it using the report flag.\n
      \n
      > Questions? DM the mods!
      """
    +rules: null
    +subscriptionsCount: 1
    +entryCount: 222
    +entryCommentCount: 3916
    +postCount: 0
    +postCommentCount: 0
    +isAdult: false
    +customCss: null
    +lastActive: DateTime @1729582735 {#275
      date: 2024-10-22 09:38:55.0 +02:00
    }
    +markedForDeletionAt: null
    +tags: null
    +moderators: Doctrine\ORM\PersistentCollection {#237 …}
    +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
    +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
    +entries: Doctrine\ORM\PersistentCollection {#180 …}
    +posts: Doctrine\ORM\PersistentCollection {#138 …}
    +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
    +bans: Doctrine\ORM\PersistentCollection {#117 …}
    +reports: Doctrine\ORM\PersistentCollection {#103 …}
    +badges: Doctrine\ORM\PersistentCollection {#81 …}
    +logs: Doctrine\ORM\PersistentCollection {#71 …}
    +awards: Doctrine\ORM\PersistentCollection {#1346 …}
    +categories: Doctrine\ORM\PersistentCollection {#1823 …}
    -id: 120
    +apId: "selfhosted@lemmy.world"
    +apProfileId: "https://lemmy.world/c/selfhosted"
    +apPublicUrl: "https://lemmy.world/c/selfhosted"
    +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
    +apInboxUrl: "https://lemmy.world/inbox"
    +apDomain: "lemmy.world"
    +apPreferredUsername: "selfhosted"
    +apDiscoverable: true
    +apManuallyApprovesFollowers: null
    +privateKey: null
    +publicKey: null
    +apFetchedAt: DateTime @1703473826 {#269
      date: 2023-12-25 04:10:26.0 +01:00
    }
    +apDeletedAt: null
    +apTimeoutAt: null
    +visibility: "visible             "
    +createdAt: DateTimeImmutable @1703473826 {#271
      date: 2023-12-25 04:10:26.0 +01:00
    }
  }
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
  +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
  +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
  +url: null
  +body: """
    Hey Guys,\n
    \n
    so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
    \n
    I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
    \n
    Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
    \n
    ```\n
    \n
    <span style="color:#323232;">homeassistant:\n
    </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
    </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;">http:\n
    </span><span style="color:#323232;">  use_x_forwarded_for: true\n
    </span><span style="color:#323232;">  trusted_proxies:\n
    </span><span style="color:#323232;">    - 172.22.0.0/24\n
    </span>\n
    ```\n
    \n
    Following is my Homeassistant Configuration:\n
    \n
    ```\n
    \n
    <span style="color:#323232;">  homeassistant:\n
    </span><span style="color:#323232;">    container_name: homeassistant\n
    </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
    </span><span style="color:#323232;">    volumes:\n
    </span><span style="color:#323232;">      - /homeassistant/:/config\n
    </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
    </span><span style="color:#323232;">    restart: unless-stopped\n
    </span><span style="color:#323232;">    network_mode: host\n
    </span><span style="color:#323232;">    privileged: true\n
    </span><span style="color:#323232;">    ports:\n
    </span><span style="color:#323232;">      - 8123:8123\n
    </span><span style="color:#323232;">      - 5683:5683\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;">  nginx-proxy-manager:\n
    </span><span style="color:#323232;">    container_name: nginx\n
    </span><span style="color:#323232;">    privileged: true\n
    </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
    </span><span style="color:#323232;">    ports:\n
    </span><span style="color:#323232;">      - '80:80'\n
    </span><span style="color:#323232;">      - '81:81'\n
    </span><span style="color:#323232;">      - '443:443'\n
    </span><span style="color:#323232;">    environment:\n
    </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
    </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
    </span><span style="color:#323232;">    volumes:\n
    </span><span style="color:#323232;">      - /nginx/data:/data\n
    </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;">  nginx-db:\n
    </span><span style="color:#323232;">    container_name: nginx-db\n
    </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
    </span><span style="color:#323232;">    environment:\n
    </span><span style="color:#323232;">    volumes:\n
    </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;">  vaultwarden:\n
    </span><span style="color:#323232;">    container_name: vaultwarden\n
    </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
    </span><span style="color:#323232;">    restart: unless-stopped\n
    </span><span style="color:#323232;">    volumes:\n
    </span><span style="color:#323232;">      - /vaultwarden:/data/\n
    </span><span style="color:#323232;">    ports:\n
    </span><span style="color:#323232;">      - 8125:3012\n
    </span><span style="color:#323232;">      - 8124:80\n
    </span><span style="color:#323232;">    environment:\n
    </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
    </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
    </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
    </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
    </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
    </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
    </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
    </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
    </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
    </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
    </span>\n
    ```\n
    \n
    I have forwarded the ports in the router.\n
    \n
    I have set up nginx the following:\n
    \n
    ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
    \n
    Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
    \n
    What is the reason for this?\n
    \n
    Do I have to set some sort of header?\n
    \n
    Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 15
  +favouriteCount: 30
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1709146727 {#2414
    date: 2024-02-28 19:58:47.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#1884 …}
  +votes: Doctrine\ORM\PersistentCollection {#1973 …}
  +reports: Doctrine\ORM\PersistentCollection {#1959 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
  +badges: Doctrine\ORM\PersistentCollection {#2440 …}
  +children: []
  -id: 25290
  -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
  -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1703803540
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/10039683"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703717140 {#1793
    date: 2023-12-27 23:45:40.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS DENIED 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
3 DENIED edit 
App\Entity\Entry {#2419
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +magazine: App\Entity\Magazine {#265
    +icon: Proxies\__CG__\App\Entity\Image {#246 …}
    +name: "selfhosted@lemmy.world"
    +title: "selfhosted"
    +description: """
      A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
      \n
      Rules:\n
      \n
      - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
      - No spam posting.\n
      - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
      - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
      - No trolling.\n
      \n
      Resources:\n
      \n
      - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
      - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
      - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
      \n
      &gt; Any issues on the community? Report it using the report flag.\n
      \n
      &gt; Questions? DM the mods!
      """
    +rules: null
    +subscriptionsCount: 1
    +entryCount: 222
    +entryCommentCount: 3916
    +postCount: 0
    +postCommentCount: 0
    +isAdult: false
    +customCss: null
    +lastActive: DateTime @1729582735 {#275
      date: 2024-10-22 09:38:55.0 +02:00
    }
    +markedForDeletionAt: null
    +tags: null
    +moderators: Doctrine\ORM\PersistentCollection {#237 …}
    +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
    +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
    +entries: Doctrine\ORM\PersistentCollection {#180 …}
    +posts: Doctrine\ORM\PersistentCollection {#138 …}
    +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
    +bans: Doctrine\ORM\PersistentCollection {#117 …}
    +reports: Doctrine\ORM\PersistentCollection {#103 …}
    +badges: Doctrine\ORM\PersistentCollection {#81 …}
    +logs: Doctrine\ORM\PersistentCollection {#71 …}
    +awards: Doctrine\ORM\PersistentCollection {#1346 …}
    +categories: Doctrine\ORM\PersistentCollection {#1823 …}
    -id: 120
    +apId: "selfhosted@lemmy.world"
    +apProfileId: "https://lemmy.world/c/selfhosted"
    +apPublicUrl: "https://lemmy.world/c/selfhosted"
    +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
    +apInboxUrl: "https://lemmy.world/inbox"
    +apDomain: "lemmy.world"
    +apPreferredUsername: "selfhosted"
    +apDiscoverable: true
    +apManuallyApprovesFollowers: null
    +privateKey: null
    +publicKey: null
    +apFetchedAt: DateTime @1703473826 {#269
      date: 2023-12-25 04:10:26.0 +01:00
    }
    +apDeletedAt: null
    +apTimeoutAt: null
    +visibility: "visible             "
    +createdAt: DateTimeImmutable @1703473826 {#271
      date: 2023-12-25 04:10:26.0 +01:00
    }
  }
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
  +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
  +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
  +url: null
  +body: """
    Hey Guys,\n
    \n
    so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
    \n
    I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
    \n
    Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
    \n
    ```\n
    \n
    <span style="color:#323232;">homeassistant:\n
    </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
    </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;">http:\n
    </span><span style="color:#323232;">  use_x_forwarded_for: true\n
    </span><span style="color:#323232;">  trusted_proxies:\n
    </span><span style="color:#323232;">    - 172.22.0.0/24\n
    </span>\n
    ```\n
    \n
    Following is my Homeassistant Configuration:\n
    \n
    ```\n
    \n
    <span style="color:#323232;">  homeassistant:\n
    </span><span style="color:#323232;">    container_name: homeassistant\n
    </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
    </span><span style="color:#323232;">    volumes:\n
    </span><span style="color:#323232;">      - /homeassistant/:/config\n
    </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
    </span><span style="color:#323232;">    restart: unless-stopped\n
    </span><span style="color:#323232;">    network_mode: host\n
    </span><span style="color:#323232;">    privileged: true\n
    </span><span style="color:#323232;">    ports:\n
    </span><span style="color:#323232;">      - 8123:8123\n
    </span><span style="color:#323232;">      - 5683:5683\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;">  nginx-proxy-manager:\n
    </span><span style="color:#323232;">    container_name: nginx\n
    </span><span style="color:#323232;">    privileged: true\n
    </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
    </span><span style="color:#323232;">    ports:\n
    </span><span style="color:#323232;">      - '80:80'\n
    </span><span style="color:#323232;">      - '81:81'\n
    </span><span style="color:#323232;">      - '443:443'\n
    </span><span style="color:#323232;">    environment:\n
    </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
    </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
    </span><span style="color:#323232;">    volumes:\n
    </span><span style="color:#323232;">      - /nginx/data:/data\n
    </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;">  nginx-db:\n
    </span><span style="color:#323232;">    container_name: nginx-db\n
    </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
    </span><span style="color:#323232;">    environment:\n
    </span><span style="color:#323232;">    volumes:\n
    </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;">  vaultwarden:\n
    </span><span style="color:#323232;">    container_name: vaultwarden\n
    </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
    </span><span style="color:#323232;">    restart: unless-stopped\n
    </span><span style="color:#323232;">    volumes:\n
    </span><span style="color:#323232;">      - /vaultwarden:/data/\n
    </span><span style="color:#323232;">    ports:\n
    </span><span style="color:#323232;">      - 8125:3012\n
    </span><span style="color:#323232;">      - 8124:80\n
    </span><span style="color:#323232;">    environment:\n
    </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
    </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
    </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
    </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
    </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
    </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
    </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
    </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
    </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
    </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
    </span>\n
    ```\n
    \n
    I have forwarded the ports in the router.\n
    \n
    I have set up nginx the following:\n
    \n
    ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
    \n
    Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
    \n
    What is the reason for this?\n
    \n
    Do I have to set some sort of header?\n
    \n
    Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 15
  +favouriteCount: 30
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1709146727 {#2414
    date: 2024-02-28 19:58:47.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#1884 …}
  +votes: Doctrine\ORM\PersistentCollection {#1973 …}
  +reports: Doctrine\ORM\PersistentCollection {#1959 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
  +badges: Doctrine\ORM\PersistentCollection {#2440 …}
  +children: []
  -id: 25290
  -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
  -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1703803540
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/10039683"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703717140 {#1793
    date: 2023-12-27 23:45:40.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS DENIED 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
4 DENIED moderate 
App\Entity\Entry {#2419
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +magazine: App\Entity\Magazine {#265
    +icon: Proxies\__CG__\App\Entity\Image {#246 …}
    +name: "selfhosted@lemmy.world"
    +title: "selfhosted"
    +description: """
      A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
      \n
      Rules:\n
      \n
      - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
      - No spam posting.\n
      - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
      - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
      - No trolling.\n
      \n
      Resources:\n
      \n
      - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
      - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
      - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
      \n
      &gt; Any issues on the community? Report it using the report flag.\n
      \n
      &gt; Questions? DM the mods!
      """
    +rules: null
    +subscriptionsCount: 1
    +entryCount: 222
    +entryCommentCount: 3916
    +postCount: 0
    +postCommentCount: 0
    +isAdult: false
    +customCss: null
    +lastActive: DateTime @1729582735 {#275
      date: 2024-10-22 09:38:55.0 +02:00
    }
    +markedForDeletionAt: null
    +tags: null
    +moderators: Doctrine\ORM\PersistentCollection {#237 …}
    +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
    +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
    +entries: Doctrine\ORM\PersistentCollection {#180 …}
    +posts: Doctrine\ORM\PersistentCollection {#138 …}
    +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
    +bans: Doctrine\ORM\PersistentCollection {#117 …}
    +reports: Doctrine\ORM\PersistentCollection {#103 …}
    +badges: Doctrine\ORM\PersistentCollection {#81 …}
    +logs: Doctrine\ORM\PersistentCollection {#71 …}
    +awards: Doctrine\ORM\PersistentCollection {#1346 …}
    +categories: Doctrine\ORM\PersistentCollection {#1823 …}
    -id: 120
    +apId: "selfhosted@lemmy.world"
    +apProfileId: "https://lemmy.world/c/selfhosted"
    +apPublicUrl: "https://lemmy.world/c/selfhosted"
    +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
    +apInboxUrl: "https://lemmy.world/inbox"
    +apDomain: "lemmy.world"
    +apPreferredUsername: "selfhosted"
    +apDiscoverable: true
    +apManuallyApprovesFollowers: null
    +privateKey: null
    +publicKey: null
    +apFetchedAt: DateTime @1703473826 {#269
      date: 2023-12-25 04:10:26.0 +01:00
    }
    +apDeletedAt: null
    +apTimeoutAt: null
    +visibility: "visible             "
    +createdAt: DateTimeImmutable @1703473826 {#271
      date: 2023-12-25 04:10:26.0 +01:00
    }
  }
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
  +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
  +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
  +url: null
  +body: """
    Hey Guys,\n
    \n
    so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
    \n
    I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
    \n
    Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
    \n
    ```\n
    \n
    <span style="color:#323232;">homeassistant:\n
    </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
    </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;">http:\n
    </span><span style="color:#323232;">  use_x_forwarded_for: true\n
    </span><span style="color:#323232;">  trusted_proxies:\n
    </span><span style="color:#323232;">    - 172.22.0.0/24\n
    </span>\n
    ```\n
    \n
    Following is my Homeassistant Configuration:\n
    \n
    ```\n
    \n
    <span style="color:#323232;">  homeassistant:\n
    </span><span style="color:#323232;">    container_name: homeassistant\n
    </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
    </span><span style="color:#323232;">    volumes:\n
    </span><span style="color:#323232;">      - /homeassistant/:/config\n
    </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
    </span><span style="color:#323232;">    restart: unless-stopped\n
    </span><span style="color:#323232;">    network_mode: host\n
    </span><span style="color:#323232;">    privileged: true\n
    </span><span style="color:#323232;">    ports:\n
    </span><span style="color:#323232;">      - 8123:8123\n
    </span><span style="color:#323232;">      - 5683:5683\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;">  nginx-proxy-manager:\n
    </span><span style="color:#323232;">    container_name: nginx\n
    </span><span style="color:#323232;">    privileged: true\n
    </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
    </span><span style="color:#323232;">    ports:\n
    </span><span style="color:#323232;">      - '80:80'\n
    </span><span style="color:#323232;">      - '81:81'\n
    </span><span style="color:#323232;">      - '443:443'\n
    </span><span style="color:#323232;">    environment:\n
    </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
    </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
    </span><span style="color:#323232;">    volumes:\n
    </span><span style="color:#323232;">      - /nginx/data:/data\n
    </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;">  nginx-db:\n
    </span><span style="color:#323232;">    container_name: nginx-db\n
    </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
    </span><span style="color:#323232;">    environment:\n
    </span><span style="color:#323232;">    volumes:\n
    </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
    </span><span style="color:#323232;">\n
    </span><span style="color:#323232;">  vaultwarden:\n
    </span><span style="color:#323232;">    container_name: vaultwarden\n
    </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
    </span><span style="color:#323232;">    restart: unless-stopped\n
    </span><span style="color:#323232;">    volumes:\n
    </span><span style="color:#323232;">      - /vaultwarden:/data/\n
    </span><span style="color:#323232;">    ports:\n
    </span><span style="color:#323232;">      - 8125:3012\n
    </span><span style="color:#323232;">      - 8124:80\n
    </span><span style="color:#323232;">    environment:\n
    </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
    </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
    </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
    </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
    </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
    </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
    </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
    </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
    </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
    </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
    </span>\n
    ```\n
    \n
    I have forwarded the ports in the router.\n
    \n
    I have set up nginx the following:\n
    \n
    ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
    \n
    Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
    \n
    What is the reason for this?\n
    \n
    Do I have to set some sort of header?\n
    \n
    Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 15
  +favouriteCount: 30
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1709146727 {#2414
    date: 2024-02-28 19:58:47.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#1884 …}
  +votes: Doctrine\ORM\PersistentCollection {#1973 …}
  +reports: Doctrine\ORM\PersistentCollection {#1959 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
  +badges: Doctrine\ORM\PersistentCollection {#2440 …}
  +children: []
  -id: 25290
  -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
  -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1703803540
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/10039683"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703717140 {#1793
    date: 2023-12-27 23:45:40.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS DENIED 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
5 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
6 DENIED moderate 
App\Entity\EntryComment {#4062
  +user: App\Entity\User {#4010 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: "Are you absolutely sure that NPM has an IP from the subnet 172.22.0.0/24? Is there any way you can remove the `trusted_proxies` setting from homeassistant and then check if it will accept the connection from NPM?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1709146727 {#4073
    date: 2024-02-28 19:58:47.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@Lobotomie@lemmy.world"
    "@Lobotomie@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4060 …}
  +nested: Doctrine\ORM\PersistentCollection {#4058 …}
  +votes: Doctrine\ORM\PersistentCollection {#4056 …}
  +reports: Doctrine\ORM\PersistentCollection {#4054 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4022 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4026 …}
  -id: 262493
  -bodyTs: "'/24':14 '172.22.0.0':13 'absolut':3 'accept':34 'check':30 'connect':36 'homeassist':27 'ip':9 'npm':6,38 'proxi':24 'remov':21 'set':25 'subnet':12 'sure':4 'trust':23 'way':18"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sedd.it/comment/29728"
  +editedAt: DateTimeImmutable @1709092521 {#4009
    date: 2024-02-28 04:55:21.0 +01:00
  }
  +createdAt: DateTimeImmutable @1703869310 {#4072
    date: 2023-12-29 18:01:50.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
7 DENIED edit 
App\Entity\EntryComment {#4062
  +user: App\Entity\User {#4010 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: "Are you absolutely sure that NPM has an IP from the subnet 172.22.0.0/24? Is there any way you can remove the `trusted_proxies` setting from homeassistant and then check if it will accept the connection from NPM?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1709146727 {#4073
    date: 2024-02-28 19:58:47.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@Lobotomie@lemmy.world"
    "@Lobotomie@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4060 …}
  +nested: Doctrine\ORM\PersistentCollection {#4058 …}
  +votes: Doctrine\ORM\PersistentCollection {#4056 …}
  +reports: Doctrine\ORM\PersistentCollection {#4054 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4022 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4026 …}
  -id: 262493
  -bodyTs: "'/24':14 '172.22.0.0':13 'absolut':3 'accept':34 'check':30 'connect':36 'homeassist':27 'ip':9 'npm':6,38 'proxi':24 'remov':21 'set':25 'subnet':12 'sure':4 'trust':23 'way':18"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sedd.it/comment/29728"
  +editedAt: DateTimeImmutable @1709092521 {#4009
    date: 2024-02-28 04:55:21.0 +01:00
  }
  +createdAt: DateTimeImmutable @1703869310 {#4072
    date: 2023-12-29 18:01:50.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
8 DENIED moderate 
App\Entity\EntryComment {#4062
  +user: App\Entity\User {#4010 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: "Are you absolutely sure that NPM has an IP from the subnet 172.22.0.0/24? Is there any way you can remove the `trusted_proxies` setting from homeassistant and then check if it will accept the connection from NPM?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1709146727 {#4073
    date: 2024-02-28 19:58:47.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@Lobotomie@lemmy.world"
    "@Lobotomie@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4060 …}
  +nested: Doctrine\ORM\PersistentCollection {#4058 …}
  +votes: Doctrine\ORM\PersistentCollection {#4056 …}
  +reports: Doctrine\ORM\PersistentCollection {#4054 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4022 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4026 …}
  -id: 262493
  -bodyTs: "'/24':14 '172.22.0.0':13 'absolut':3 'accept':34 'check':30 'connect':36 'homeassist':27 'ip':9 'npm':6,38 'proxi':24 'remov':21 'set':25 'subnet':12 'sure':4 'trust':23 'way':18"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sedd.it/comment/29728"
  +editedAt: DateTimeImmutable @1709092521 {#4009
    date: 2024-02-28 04:55:21.0 +01:00
  }
  +createdAt: DateTimeImmutable @1703869310 {#4072
    date: 2023-12-29 18:01:50.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
9 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
10 DENIED moderate 
App\Entity\EntryComment {#4387
  +user: App\Entity\User {#4010 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4062
    +user: App\Entity\User {#4010 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: "Are you absolutely sure that NPM has an IP from the subnet 172.22.0.0/24? Is there any way you can remove the `trusted_proxies` setting from homeassistant and then check if it will accept the connection from NPM?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1709146727 {#4073
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@Lobotomie@lemmy.world"
      "@Lobotomie@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4060 …}
    +nested: Doctrine\ORM\PersistentCollection {#4058 …}
    +votes: Doctrine\ORM\PersistentCollection {#4056 …}
    +reports: Doctrine\ORM\PersistentCollection {#4054 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4022 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4026 …}
    -id: 262493
    -bodyTs: "'/24':14 '172.22.0.0':13 'absolut':3 'accept':34 'check':30 'connect':36 'homeassist':27 'ip':9 'npm':6,38 'proxi':24 'remov':21 'set':25 'subnet':12 'sure':4 'trust':23 'way':18"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sedd.it/comment/29728"
    +editedAt: DateTimeImmutable @1709092521 {#4009
      date: 2024-02-28 04:55:21.0 +01:00
    }
    +createdAt: DateTimeImmutable @1703869310 {#4072
      date: 2023-12-29 18:01:50.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4062}
  +body: "I did some reading and found that the `trusted_proxies` setting is required. Can you try setting it to `0.0.0.0/0`?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1703870180 {#4385
    date: 2023-12-29 18:16:20.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4388 …}
  +nested: Doctrine\ORM\PersistentCollection {#4390 …}
  +votes: Doctrine\ORM\PersistentCollection {#4392 …}
  +reports: Doctrine\ORM\PersistentCollection {#4394 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4396 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4398 …}
  -id: 262509
  -bodyTs: "'/0':21 '0.0.0.0':20 'found':6 'proxi':10 'read':4 'requir':13 'set':11,17 'tri':16 'trust':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sedd.it/comment/29807"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703870180 {#4386
    date: 2023-12-29 18:16:20.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
11 DENIED edit 
App\Entity\EntryComment {#4387
  +user: App\Entity\User {#4010 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4062
    +user: App\Entity\User {#4010 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: "Are you absolutely sure that NPM has an IP from the subnet 172.22.0.0/24? Is there any way you can remove the `trusted_proxies` setting from homeassistant and then check if it will accept the connection from NPM?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1709146727 {#4073
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@Lobotomie@lemmy.world"
      "@Lobotomie@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4060 …}
    +nested: Doctrine\ORM\PersistentCollection {#4058 …}
    +votes: Doctrine\ORM\PersistentCollection {#4056 …}
    +reports: Doctrine\ORM\PersistentCollection {#4054 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4022 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4026 …}
    -id: 262493
    -bodyTs: "'/24':14 '172.22.0.0':13 'absolut':3 'accept':34 'check':30 'connect':36 'homeassist':27 'ip':9 'npm':6,38 'proxi':24 'remov':21 'set':25 'subnet':12 'sure':4 'trust':23 'way':18"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sedd.it/comment/29728"
    +editedAt: DateTimeImmutable @1709092521 {#4009
      date: 2024-02-28 04:55:21.0 +01:00
    }
    +createdAt: DateTimeImmutable @1703869310 {#4072
      date: 2023-12-29 18:01:50.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4062}
  +body: "I did some reading and found that the `trusted_proxies` setting is required. Can you try setting it to `0.0.0.0/0`?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1703870180 {#4385
    date: 2023-12-29 18:16:20.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4388 …}
  +nested: Doctrine\ORM\PersistentCollection {#4390 …}
  +votes: Doctrine\ORM\PersistentCollection {#4392 …}
  +reports: Doctrine\ORM\PersistentCollection {#4394 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4396 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4398 …}
  -id: 262509
  -bodyTs: "'/0':21 '0.0.0.0':20 'found':6 'proxi':10 'read':4 'requir':13 'set':11,17 'tri':16 'trust':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sedd.it/comment/29807"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703870180 {#4386
    date: 2023-12-29 18:16:20.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
12 DENIED moderate 
App\Entity\EntryComment {#4387
  +user: App\Entity\User {#4010 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4062
    +user: App\Entity\User {#4010 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: "Are you absolutely sure that NPM has an IP from the subnet 172.22.0.0/24? Is there any way you can remove the `trusted_proxies` setting from homeassistant and then check if it will accept the connection from NPM?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1709146727 {#4073
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@Lobotomie@lemmy.world"
      "@Lobotomie@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4060 …}
    +nested: Doctrine\ORM\PersistentCollection {#4058 …}
    +votes: Doctrine\ORM\PersistentCollection {#4056 …}
    +reports: Doctrine\ORM\PersistentCollection {#4054 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4022 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4026 …}
    -id: 262493
    -bodyTs: "'/24':14 '172.22.0.0':13 'absolut':3 'accept':34 'check':30 'connect':36 'homeassist':27 'ip':9 'npm':6,38 'proxi':24 'remov':21 'set':25 'subnet':12 'sure':4 'trust':23 'way':18"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sedd.it/comment/29728"
    +editedAt: DateTimeImmutable @1709092521 {#4009
      date: 2024-02-28 04:55:21.0 +01:00
    }
    +createdAt: DateTimeImmutable @1703869310 {#4072
      date: 2023-12-29 18:01:50.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4062}
  +body: "I did some reading and found that the `trusted_proxies` setting is required. Can you try setting it to `0.0.0.0/0`?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1703870180 {#4385
    date: 2023-12-29 18:16:20.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4388 …}
  +nested: Doctrine\ORM\PersistentCollection {#4390 …}
  +votes: Doctrine\ORM\PersistentCollection {#4392 …}
  +reports: Doctrine\ORM\PersistentCollection {#4394 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4396 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4398 …}
  -id: 262509
  -bodyTs: "'/0':21 '0.0.0.0':20 'found':6 'proxi':10 'read':4 'requir':13 'set':11,17 'tri':16 'trust':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sedd.it/comment/29807"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703870180 {#4386
    date: 2023-12-29 18:16:20.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
13 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
14 DENIED moderate 
App\Entity\EntryComment {#4455
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4387
    +user: App\Entity\User {#4010 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4062
      +user: App\Entity\User {#4010 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Are you absolutely sure that NPM has an IP from the subnet 172.22.0.0/24? Is there any way you can remove the `trusted_proxies` setting from homeassistant and then check if it will accept the connection from NPM?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1709146727 {#4073
        date: 2024-02-28 19:58:47.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
        "@Lobotomie@lemmy.world"
        "@Lobotomie@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4060 …}
      +nested: Doctrine\ORM\PersistentCollection {#4058 …}
      +votes: Doctrine\ORM\PersistentCollection {#4056 …}
      +reports: Doctrine\ORM\PersistentCollection {#4054 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4022 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4026 …}
      -id: 262493
      -bodyTs: "'/24':14 '172.22.0.0':13 'absolut':3 'accept':34 'check':30 'connect':36 'homeassist':27 'ip':9 'npm':6,38 'proxi':24 'remov':21 'set':25 'subnet':12 'sure':4 'trust':23 'way':18"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sedd.it/comment/29728"
      +editedAt: DateTimeImmutable @1709092521 {#4009
        date: 2024-02-28 04:55:21.0 +01:00
      }
      +createdAt: DateTimeImmutable @1703869310 {#4072
        date: 2023-12-29 18:01:50.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4062}
    +body: "I did some reading and found that the `trusted_proxies` setting is required. Can you try setting it to `0.0.0.0/0`?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1703870180 {#4385
      date: 2023-12-29 18:16:20.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@stown@sedd.it"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4388 …}
    +nested: Doctrine\ORM\PersistentCollection {#4390 …}
    +votes: Doctrine\ORM\PersistentCollection {#4392 …}
    +reports: Doctrine\ORM\PersistentCollection {#4394 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4396 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4398 …}
    -id: 262509
    -bodyTs: "'/0':21 '0.0.0.0':20 'found':6 'proxi':10 'read':4 'requir':13 'set':11,17 'tri':16 'trust':9"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sedd.it/comment/29807"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703870180 {#4386
      date: 2023-12-29 18:16:20.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4062}
  +body: """
    I have set it but it wont change anything. You can access the docker inspect here [pastebin.com/t1T98RCw](https://pastebin.com/t1T98RCw)I can imagine that this problem is before homeassistant as even if I ignore the certificate error , it will not forward me to homeassistant but to my router / a warning page from my router saying it has blocked me.\n
    \n
    If I test the server reachability inside nginx manager it will ask me if npm is configured correctly, so you might be onto something with NPM configuration …\n
    \n
    I have now set up duckdns over docker instead of over my router, but it hasnt helped anything. My Duckdns IP is the same (and its correct, if I just open this IPV4 Address it will redirect to my nginx landing page).\n
    \n
    Okay I think here is the error. AFter doing the Test Server Reachability the following will come up in the nginx-db logs: 2023-12-29 21:06:25 3 [Warning] Aborted connection 3 to db: ‘npm’ user: ‘npm’ host: ‘172.22.0.8’ (Got an error reading communication packets)\n
    \n
    Now I have no clue why this is ( I think this is the end for today as my head is about to explode). Docker inspect nginx reveals that this request for sure came from nginx (as it has the .0.8 ip).
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703881936 {#4452
    date: 2023-12-29 21:32:16.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4456 …}
  +nested: Doctrine\ORM\PersistentCollection {#4458 …}
  +votes: Doctrine\ORM\PersistentCollection {#4460 …}
  +reports: Doctrine\ORM\PersistentCollection {#4462 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4464 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4466 …}
  -id: 262991
  -bodyTs: "'-12':152 '-29':153 '/t1t98rcw](https://pastebin.com/t1t98rcw)i':19 '0.8':214 '06':155 '172.22.0.8':168 '2023':151 '21':154 '25':156 '3':157,161 'abort':159 'access':12 'address':118 'anyth':9,102 'ask':69 'block':56 'came':207 'certif':34 'chang':8 'clue':179 'come':143 'communic':173 'configur':74,84 'connect':160 'correct':75,111 'db':149,163 'docker':14,92,198 'duckdn':90,104 'end':188 'error':35,133,171 'even':29 'explod':197 'follow':141 'forward':39 'got':169 'hasnt':100 'head':193 'help':101 'homeassist':27,42 'host':167 'ignor':32 'imagin':21 'insid':64 'inspect':15,199 'instead':93 'ip':105,215 'ipv4':117 'land':125 'log':150 'manag':66 'might':78 'nginx':65,124,148,200,209 'nginx-db':147 'npm':72,83,164,166 'okay':127 'onto':80 'open':115 'packet':174 'page':49,126 'pastebin.com':18 'pastebin.com/t1t98rcw](https://pastebin.com/t1t98rcw)i':17 'problem':24 'reachabl':63,139 'read':172 'redirect':121 'request':204 'reveal':201 'router':46,52,97 'say':53 'server':62,138 'set':3,88 'someth':81 'sure':206 'test':60,137 'think':129,184 'today':190 'user':165 'warn':48,158 'wont':7"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6295832"
  +editedAt: DateTimeImmutable @1709158734 {#4453
    date: 2024-02-28 23:18:54.0 +01:00
  }
  +createdAt: DateTimeImmutable @1703881936 {#4454
    date: 2023-12-29 21:32:16.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
15 DENIED edit 
App\Entity\EntryComment {#4455
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4387
    +user: App\Entity\User {#4010 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4062
      +user: App\Entity\User {#4010 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Are you absolutely sure that NPM has an IP from the subnet 172.22.0.0/24? Is there any way you can remove the `trusted_proxies` setting from homeassistant and then check if it will accept the connection from NPM?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1709146727 {#4073
        date: 2024-02-28 19:58:47.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
        "@Lobotomie@lemmy.world"
        "@Lobotomie@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4060 …}
      +nested: Doctrine\ORM\PersistentCollection {#4058 …}
      +votes: Doctrine\ORM\PersistentCollection {#4056 …}
      +reports: Doctrine\ORM\PersistentCollection {#4054 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4022 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4026 …}
      -id: 262493
      -bodyTs: "'/24':14 '172.22.0.0':13 'absolut':3 'accept':34 'check':30 'connect':36 'homeassist':27 'ip':9 'npm':6,38 'proxi':24 'remov':21 'set':25 'subnet':12 'sure':4 'trust':23 'way':18"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sedd.it/comment/29728"
      +editedAt: DateTimeImmutable @1709092521 {#4009
        date: 2024-02-28 04:55:21.0 +01:00
      }
      +createdAt: DateTimeImmutable @1703869310 {#4072
        date: 2023-12-29 18:01:50.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4062}
    +body: "I did some reading and found that the `trusted_proxies` setting is required. Can you try setting it to `0.0.0.0/0`?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1703870180 {#4385
      date: 2023-12-29 18:16:20.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@stown@sedd.it"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4388 …}
    +nested: Doctrine\ORM\PersistentCollection {#4390 …}
    +votes: Doctrine\ORM\PersistentCollection {#4392 …}
    +reports: Doctrine\ORM\PersistentCollection {#4394 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4396 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4398 …}
    -id: 262509
    -bodyTs: "'/0':21 '0.0.0.0':20 'found':6 'proxi':10 'read':4 'requir':13 'set':11,17 'tri':16 'trust':9"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sedd.it/comment/29807"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703870180 {#4386
      date: 2023-12-29 18:16:20.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4062}
  +body: """
    I have set it but it wont change anything. You can access the docker inspect here [pastebin.com/t1T98RCw](https://pastebin.com/t1T98RCw)I can imagine that this problem is before homeassistant as even if I ignore the certificate error , it will not forward me to homeassistant but to my router / a warning page from my router saying it has blocked me.\n
    \n
    If I test the server reachability inside nginx manager it will ask me if npm is configured correctly, so you might be onto something with NPM configuration …\n
    \n
    I have now set up duckdns over docker instead of over my router, but it hasnt helped anything. My Duckdns IP is the same (and its correct, if I just open this IPV4 Address it will redirect to my nginx landing page).\n
    \n
    Okay I think here is the error. AFter doing the Test Server Reachability the following will come up in the nginx-db logs: 2023-12-29 21:06:25 3 [Warning] Aborted connection 3 to db: ‘npm’ user: ‘npm’ host: ‘172.22.0.8’ (Got an error reading communication packets)\n
    \n
    Now I have no clue why this is ( I think this is the end for today as my head is about to explode). Docker inspect nginx reveals that this request for sure came from nginx (as it has the .0.8 ip).
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703881936 {#4452
    date: 2023-12-29 21:32:16.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4456 …}
  +nested: Doctrine\ORM\PersistentCollection {#4458 …}
  +votes: Doctrine\ORM\PersistentCollection {#4460 …}
  +reports: Doctrine\ORM\PersistentCollection {#4462 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4464 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4466 …}
  -id: 262991
  -bodyTs: "'-12':152 '-29':153 '/t1t98rcw](https://pastebin.com/t1t98rcw)i':19 '0.8':214 '06':155 '172.22.0.8':168 '2023':151 '21':154 '25':156 '3':157,161 'abort':159 'access':12 'address':118 'anyth':9,102 'ask':69 'block':56 'came':207 'certif':34 'chang':8 'clue':179 'come':143 'communic':173 'configur':74,84 'connect':160 'correct':75,111 'db':149,163 'docker':14,92,198 'duckdn':90,104 'end':188 'error':35,133,171 'even':29 'explod':197 'follow':141 'forward':39 'got':169 'hasnt':100 'head':193 'help':101 'homeassist':27,42 'host':167 'ignor':32 'imagin':21 'insid':64 'inspect':15,199 'instead':93 'ip':105,215 'ipv4':117 'land':125 'log':150 'manag':66 'might':78 'nginx':65,124,148,200,209 'nginx-db':147 'npm':72,83,164,166 'okay':127 'onto':80 'open':115 'packet':174 'page':49,126 'pastebin.com':18 'pastebin.com/t1t98rcw](https://pastebin.com/t1t98rcw)i':17 'problem':24 'reachabl':63,139 'read':172 'redirect':121 'request':204 'reveal':201 'router':46,52,97 'say':53 'server':62,138 'set':3,88 'someth':81 'sure':206 'test':60,137 'think':129,184 'today':190 'user':165 'warn':48,158 'wont':7"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6295832"
  +editedAt: DateTimeImmutable @1709158734 {#4453
    date: 2024-02-28 23:18:54.0 +01:00
  }
  +createdAt: DateTimeImmutable @1703881936 {#4454
    date: 2023-12-29 21:32:16.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
16 DENIED moderate 
App\Entity\EntryComment {#4455
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4387
    +user: App\Entity\User {#4010 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4062
      +user: App\Entity\User {#4010 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Are you absolutely sure that NPM has an IP from the subnet 172.22.0.0/24? Is there any way you can remove the `trusted_proxies` setting from homeassistant and then check if it will accept the connection from NPM?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1709146727 {#4073
        date: 2024-02-28 19:58:47.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
        "@Lobotomie@lemmy.world"
        "@Lobotomie@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4060 …}
      +nested: Doctrine\ORM\PersistentCollection {#4058 …}
      +votes: Doctrine\ORM\PersistentCollection {#4056 …}
      +reports: Doctrine\ORM\PersistentCollection {#4054 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4022 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4026 …}
      -id: 262493
      -bodyTs: "'/24':14 '172.22.0.0':13 'absolut':3 'accept':34 'check':30 'connect':36 'homeassist':27 'ip':9 'npm':6,38 'proxi':24 'remov':21 'set':25 'subnet':12 'sure':4 'trust':23 'way':18"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sedd.it/comment/29728"
      +editedAt: DateTimeImmutable @1709092521 {#4009
        date: 2024-02-28 04:55:21.0 +01:00
      }
      +createdAt: DateTimeImmutable @1703869310 {#4072
        date: 2023-12-29 18:01:50.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4062}
    +body: "I did some reading and found that the `trusted_proxies` setting is required. Can you try setting it to `0.0.0.0/0`?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1703870180 {#4385
      date: 2023-12-29 18:16:20.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@stown@sedd.it"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4388 …}
    +nested: Doctrine\ORM\PersistentCollection {#4390 …}
    +votes: Doctrine\ORM\PersistentCollection {#4392 …}
    +reports: Doctrine\ORM\PersistentCollection {#4394 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4396 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4398 …}
    -id: 262509
    -bodyTs: "'/0':21 '0.0.0.0':20 'found':6 'proxi':10 'read':4 'requir':13 'set':11,17 'tri':16 'trust':9"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sedd.it/comment/29807"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703870180 {#4386
      date: 2023-12-29 18:16:20.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4062}
  +body: """
    I have set it but it wont change anything. You can access the docker inspect here [pastebin.com/t1T98RCw](https://pastebin.com/t1T98RCw)I can imagine that this problem is before homeassistant as even if I ignore the certificate error , it will not forward me to homeassistant but to my router / a warning page from my router saying it has blocked me.\n
    \n
    If I test the server reachability inside nginx manager it will ask me if npm is configured correctly, so you might be onto something with NPM configuration …\n
    \n
    I have now set up duckdns over docker instead of over my router, but it hasnt helped anything. My Duckdns IP is the same (and its correct, if I just open this IPV4 Address it will redirect to my nginx landing page).\n
    \n
    Okay I think here is the error. AFter doing the Test Server Reachability the following will come up in the nginx-db logs: 2023-12-29 21:06:25 3 [Warning] Aborted connection 3 to db: ‘npm’ user: ‘npm’ host: ‘172.22.0.8’ (Got an error reading communication packets)\n
    \n
    Now I have no clue why this is ( I think this is the end for today as my head is about to explode). Docker inspect nginx reveals that this request for sure came from nginx (as it has the .0.8 ip).
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703881936 {#4452
    date: 2023-12-29 21:32:16.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
    "@Lobotomie@lemmy.world"
    "@stown@sedd.it"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4456 …}
  +nested: Doctrine\ORM\PersistentCollection {#4458 …}
  +votes: Doctrine\ORM\PersistentCollection {#4460 …}
  +reports: Doctrine\ORM\PersistentCollection {#4462 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4464 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4466 …}
  -id: 262991
  -bodyTs: "'-12':152 '-29':153 '/t1t98rcw](https://pastebin.com/t1t98rcw)i':19 '0.8':214 '06':155 '172.22.0.8':168 '2023':151 '21':154 '25':156 '3':157,161 'abort':159 'access':12 'address':118 'anyth':9,102 'ask':69 'block':56 'came':207 'certif':34 'chang':8 'clue':179 'come':143 'communic':173 'configur':74,84 'connect':160 'correct':75,111 'db':149,163 'docker':14,92,198 'duckdn':90,104 'end':188 'error':35,133,171 'even':29 'explod':197 'follow':141 'forward':39 'got':169 'hasnt':100 'head':193 'help':101 'homeassist':27,42 'host':167 'ignor':32 'imagin':21 'insid':64 'inspect':15,199 'instead':93 'ip':105,215 'ipv4':117 'land':125 'log':150 'manag':66 'might':78 'nginx':65,124,148,200,209 'nginx-db':147 'npm':72,83,164,166 'okay':127 'onto':80 'open':115 'packet':174 'page':49,126 'pastebin.com':18 'pastebin.com/t1t98rcw](https://pastebin.com/t1t98rcw)i':17 'problem':24 'reachabl':63,139 'read':172 'redirect':121 'request':204 'reveal':201 'router':46,52,97 'say':53 'server':62,138 'set':3,88 'someth':81 'sure':206 'test':60,137 'think':129,184 'today':190 'user':165 'warn':48,158 'wont':7"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6295832"
  +editedAt: DateTimeImmutable @1709158734 {#4453
    date: 2024-02-28 23:18:54.0 +01:00
  }
  +createdAt: DateTimeImmutable @1703881936 {#4454
    date: 2023-12-29 21:32:16.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
17 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
18 DENIED moderate 
App\Entity\EntryComment {#4100
  +user: App\Entity\User {#4082 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    What happened when you tried to open it on incognito mode / private browsing mode?\n
    \n
    Btw, if you’re using Chrome, you can type `thisisunsafe` to bypass hsts warning if nothing else work.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1708784944 {#4106
    date: 2024-02-24 15:29:04.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4097 …}
  +nested: Doctrine\ORM\PersistentCollection {#4095 …}
  +votes: Doctrine\ORM\PersistentCollection {#4092 …}
  +reports: Doctrine\ORM\PersistentCollection {#4088 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4086 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4084 …}
  -id: 259356
  -bodyTs: "'brows':13 'btw':15 'bypass':26 'chrome':20 'els':31 'happen':2 'hsts':27 'incognito':10 'mode':11,14 'noth':30 'open':7 'privat':12 're':18 'thisisunsaf':24 'tri':5 'type':23 'use':19 'warn':28 'work':32"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.institute/comment/1871198"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703772758 {#4103
    date: 2023-12-28 15:12:38.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
19 DENIED edit 
App\Entity\EntryComment {#4100
  +user: App\Entity\User {#4082 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    What happened when you tried to open it on incognito mode / private browsing mode?\n
    \n
    Btw, if you’re using Chrome, you can type `thisisunsafe` to bypass hsts warning if nothing else work.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1708784944 {#4106
    date: 2024-02-24 15:29:04.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4097 …}
  +nested: Doctrine\ORM\PersistentCollection {#4095 …}
  +votes: Doctrine\ORM\PersistentCollection {#4092 …}
  +reports: Doctrine\ORM\PersistentCollection {#4088 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4086 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4084 …}
  -id: 259356
  -bodyTs: "'brows':13 'btw':15 'bypass':26 'chrome':20 'els':31 'happen':2 'hsts':27 'incognito':10 'mode':11,14 'noth':30 'open':7 'privat':12 're':18 'thisisunsaf':24 'tri':5 'type':23 'use':19 'warn':28 'work':32"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.institute/comment/1871198"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703772758 {#4103
    date: 2023-12-28 15:12:38.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
20 DENIED moderate 
App\Entity\EntryComment {#4100
  +user: App\Entity\User {#4082 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    What happened when you tried to open it on incognito mode / private browsing mode?\n
    \n
    Btw, if you’re using Chrome, you can type `thisisunsafe` to bypass hsts warning if nothing else work.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1708784944 {#4106
    date: 2024-02-24 15:29:04.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4097 …}
  +nested: Doctrine\ORM\PersistentCollection {#4095 …}
  +votes: Doctrine\ORM\PersistentCollection {#4092 …}
  +reports: Doctrine\ORM\PersistentCollection {#4088 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4086 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4084 …}
  -id: 259356
  -bodyTs: "'brows':13 'btw':15 'bypass':26 'chrome':20 'els':31 'happen':2 'hsts':27 'incognito':10 'mode':11,14 'noth':30 'open':7 'privat':12 're':18 'thisisunsaf':24 'tri':5 'type':23 'use':19 'warn':28 'work':32"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.institute/comment/1871198"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703772758 {#4103
    date: 2023-12-28 15:12:38.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
21 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
22 DENIED moderate 
App\Entity\EntryComment {#4372
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4100
    +user: App\Entity\User {#4082 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      What happened when you tried to open it on incognito mode / private browsing mode?\n
      \n
      Btw, if you’re using Chrome, you can type `thisisunsafe` to bypass hsts warning if nothing else work.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1708784944 {#4106
      date: 2024-02-24 15:29:04.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4097 …}
    +nested: Doctrine\ORM\PersistentCollection {#4095 …}
    +votes: Doctrine\ORM\PersistentCollection {#4092 …}
    +reports: Doctrine\ORM\PersistentCollection {#4088 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4086 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4084 …}
    -id: 259356
    -bodyTs: "'brows':13 'btw':15 'bypass':26 'chrome':20 'els':31 'happen':2 'hsts':27 'incognito':10 'mode':11,14 'noth':30 'open':7 'privat':12 're':18 'thisisunsaf':24 'tri':5 'type':23 'use':19 'warn':28 'work':32"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.institute/comment/1871198"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703772758 {#4103
      date: 2023-12-28 15:12:38.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4100}
  +body: "if I close the 8123 port and remove my cache, firefox will warn me, if I click on forward anyways it will forward to a website from my router for some reason saying that the DNS-Rebind-Protection has blocked my attempt and that there is some issue with the host-header."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703785672 {#4370
    date: 2023-12-28 18:47:52.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@redcalcium@lemmy.institute"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4373 …}
  +nested: Doctrine\ORM\PersistentCollection {#4375 …}
  +votes: Doctrine\ORM\PersistentCollection {#4377 …}
  +reports: Doctrine\ORM\PersistentCollection {#4379 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4381 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4383 …}
  -id: 259899
  -bodyTs: "'8123':5 'anyway':20 'attempt':43 'block':41 'cach':10 'click':17 'close':3 'dns':37 'dns-rebind-protect':36 'firefox':11 'forward':19,23 'header':54 'host':53 'host-head':52 'issu':49 'port':6 'protect':39 'reason':32 'rebind':38 'remov':8 'router':29 'say':33 'warn':13 'websit':26"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6279721"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703785672 {#4371
    date: 2023-12-28 18:47:52.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
23 DENIED edit 
App\Entity\EntryComment {#4372
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4100
    +user: App\Entity\User {#4082 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      What happened when you tried to open it on incognito mode / private browsing mode?\n
      \n
      Btw, if you’re using Chrome, you can type `thisisunsafe` to bypass hsts warning if nothing else work.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1708784944 {#4106
      date: 2024-02-24 15:29:04.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4097 …}
    +nested: Doctrine\ORM\PersistentCollection {#4095 …}
    +votes: Doctrine\ORM\PersistentCollection {#4092 …}
    +reports: Doctrine\ORM\PersistentCollection {#4088 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4086 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4084 …}
    -id: 259356
    -bodyTs: "'brows':13 'btw':15 'bypass':26 'chrome':20 'els':31 'happen':2 'hsts':27 'incognito':10 'mode':11,14 'noth':30 'open':7 'privat':12 're':18 'thisisunsaf':24 'tri':5 'type':23 'use':19 'warn':28 'work':32"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.institute/comment/1871198"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703772758 {#4103
      date: 2023-12-28 15:12:38.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4100}
  +body: "if I close the 8123 port and remove my cache, firefox will warn me, if I click on forward anyways it will forward to a website from my router for some reason saying that the DNS-Rebind-Protection has blocked my attempt and that there is some issue with the host-header."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703785672 {#4370
    date: 2023-12-28 18:47:52.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@redcalcium@lemmy.institute"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4373 …}
  +nested: Doctrine\ORM\PersistentCollection {#4375 …}
  +votes: Doctrine\ORM\PersistentCollection {#4377 …}
  +reports: Doctrine\ORM\PersistentCollection {#4379 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4381 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4383 …}
  -id: 259899
  -bodyTs: "'8123':5 'anyway':20 'attempt':43 'block':41 'cach':10 'click':17 'close':3 'dns':37 'dns-rebind-protect':36 'firefox':11 'forward':19,23 'header':54 'host':53 'host-head':52 'issu':49 'port':6 'protect':39 'reason':32 'rebind':38 'remov':8 'router':29 'say':33 'warn':13 'websit':26"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6279721"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703785672 {#4371
    date: 2023-12-28 18:47:52.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
24 DENIED moderate 
App\Entity\EntryComment {#4372
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4100
    +user: App\Entity\User {#4082 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      What happened when you tried to open it on incognito mode / private browsing mode?\n
      \n
      Btw, if you’re using Chrome, you can type `thisisunsafe` to bypass hsts warning if nothing else work.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1708784944 {#4106
      date: 2024-02-24 15:29:04.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4097 …}
    +nested: Doctrine\ORM\PersistentCollection {#4095 …}
    +votes: Doctrine\ORM\PersistentCollection {#4092 …}
    +reports: Doctrine\ORM\PersistentCollection {#4088 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4086 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4084 …}
    -id: 259356
    -bodyTs: "'brows':13 'btw':15 'bypass':26 'chrome':20 'els':31 'happen':2 'hsts':27 'incognito':10 'mode':11,14 'noth':30 'open':7 'privat':12 're':18 'thisisunsaf':24 'tri':5 'type':23 'use':19 'warn':28 'work':32"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.institute/comment/1871198"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703772758 {#4103
      date: 2023-12-28 15:12:38.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4100}
  +body: "if I close the 8123 port and remove my cache, firefox will warn me, if I click on forward anyways it will forward to a website from my router for some reason saying that the DNS-Rebind-Protection has blocked my attempt and that there is some issue with the host-header."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703785672 {#4370
    date: 2023-12-28 18:47:52.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@redcalcium@lemmy.institute"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4373 …}
  +nested: Doctrine\ORM\PersistentCollection {#4375 …}
  +votes: Doctrine\ORM\PersistentCollection {#4377 …}
  +reports: Doctrine\ORM\PersistentCollection {#4379 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4381 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4383 …}
  -id: 259899
  -bodyTs: "'8123':5 'anyway':20 'attempt':43 'block':41 'cach':10 'click':17 'close':3 'dns':37 'dns-rebind-protect':36 'firefox':11 'forward':19,23 'header':54 'host':53 'host-head':52 'issu':49 'port':6 'protect':39 'reason':32 'rebind':38 'remov':8 'router':29 'say':33 'warn':13 'websit':26"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6279721"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703785672 {#4371
    date: 2023-12-28 18:47:52.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
25 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
26 DENIED moderate 
App\Entity\EntryComment {#4439
  +user: App\Entity\User {#4082 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4372
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4100
      +user: App\Entity\User {#4082 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        What happened when you tried to open it on incognito mode / private browsing mode?\n
        \n
        Btw, if you’re using Chrome, you can type `thisisunsafe` to bypass hsts warning if nothing else work.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1708784944 {#4106
        date: 2024-02-24 15:29:04.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4097 …}
      +nested: Doctrine\ORM\PersistentCollection {#4095 …}
      +votes: Doctrine\ORM\PersistentCollection {#4092 …}
      +reports: Doctrine\ORM\PersistentCollection {#4088 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4086 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4084 …}
      -id: 259356
      -bodyTs: "'brows':13 'btw':15 'bypass':26 'chrome':20 'els':31 'happen':2 'hsts':27 'incognito':10 'mode':11,14 'noth':30 'open':7 'privat':12 're':18 'thisisunsaf':24 'tri':5 'type':23 'use':19 'warn':28 'work':32"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.institute/comment/1871198"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703772758 {#4103
        date: 2023-12-28 15:12:38.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4100}
    +body: "if I close the 8123 port and remove my cache, firefox will warn me, if I click on forward anyways it will forward to a website from my router for some reason saying that the DNS-Rebind-Protection has blocked my attempt and that there is some issue with the host-header."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1703785672 {#4370
      date: 2023-12-28 18:47:52.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@redcalcium@lemmy.institute"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4373 …}
    +nested: Doctrine\ORM\PersistentCollection {#4375 …}
    +votes: Doctrine\ORM\PersistentCollection {#4377 …}
    +reports: Doctrine\ORM\PersistentCollection {#4379 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4381 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4383 …}
    -id: 259899
    -bodyTs: "'8123':5 'anyway':20 'attempt':43 'block':41 'cach':10 'click':17 'close':3 'dns':37 'dns-rebind-protect':36 'firefox':11 'forward':19,23 'header':54 'host':53 'host-head':52 'issu':49 'port':6 'protect':39 'reason':32 'rebind':38 'remov':8 'router':29 'say':33 'warn':13 'websit':26"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6279721"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703785672 {#4371
      date: 2023-12-28 18:47:52.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4100}
  +body: "Instead of forwarding `ha.yourdomain.com` to `192.168.178.214` (which I assume is the lan ip address for your machine), you should forward it to a hostname called `homeassistant` (which is the hostname for the home assistant instance inside your docker compose network)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1703786488 {#4437
    date: 2023-12-28 19:01:28.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@redcalcium@lemmy.institute"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4440 …}
  +nested: Doctrine\ORM\PersistentCollection {#4442 …}
  +votes: Doctrine\ORM\PersistentCollection {#4444 …}
  +reports: Doctrine\ORM\PersistentCollection {#4446 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4448 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4450 …}
  -id: 259951
  -bodyTs: "'192.168.178.214':6 'address':14 'assist':34 'assum':9 'call':25 'compos':39 'docker':38 'forward':3,20 'ha.yourdomain.com':4 'home':33 'homeassist':26 'hostnam':24,30 'insid':36 'instanc':35 'instead':1 'ip':13 'lan':12 'machin':17 'network':40"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.institute/comment/1872375"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703786488 {#4438
    date: 2023-12-28 19:01:28.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
27 DENIED edit 
App\Entity\EntryComment {#4439
  +user: App\Entity\User {#4082 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4372
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4100
      +user: App\Entity\User {#4082 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        What happened when you tried to open it on incognito mode / private browsing mode?\n
        \n
        Btw, if you’re using Chrome, you can type `thisisunsafe` to bypass hsts warning if nothing else work.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1708784944 {#4106
        date: 2024-02-24 15:29:04.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4097 …}
      +nested: Doctrine\ORM\PersistentCollection {#4095 …}
      +votes: Doctrine\ORM\PersistentCollection {#4092 …}
      +reports: Doctrine\ORM\PersistentCollection {#4088 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4086 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4084 …}
      -id: 259356
      -bodyTs: "'brows':13 'btw':15 'bypass':26 'chrome':20 'els':31 'happen':2 'hsts':27 'incognito':10 'mode':11,14 'noth':30 'open':7 'privat':12 're':18 'thisisunsaf':24 'tri':5 'type':23 'use':19 'warn':28 'work':32"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.institute/comment/1871198"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703772758 {#4103
        date: 2023-12-28 15:12:38.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4100}
    +body: "if I close the 8123 port and remove my cache, firefox will warn me, if I click on forward anyways it will forward to a website from my router for some reason saying that the DNS-Rebind-Protection has blocked my attempt and that there is some issue with the host-header."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1703785672 {#4370
      date: 2023-12-28 18:47:52.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@redcalcium@lemmy.institute"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4373 …}
    +nested: Doctrine\ORM\PersistentCollection {#4375 …}
    +votes: Doctrine\ORM\PersistentCollection {#4377 …}
    +reports: Doctrine\ORM\PersistentCollection {#4379 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4381 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4383 …}
    -id: 259899
    -bodyTs: "'8123':5 'anyway':20 'attempt':43 'block':41 'cach':10 'click':17 'close':3 'dns':37 'dns-rebind-protect':36 'firefox':11 'forward':19,23 'header':54 'host':53 'host-head':52 'issu':49 'port':6 'protect':39 'reason':32 'rebind':38 'remov':8 'router':29 'say':33 'warn':13 'websit':26"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6279721"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703785672 {#4371
      date: 2023-12-28 18:47:52.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4100}
  +body: "Instead of forwarding `ha.yourdomain.com` to `192.168.178.214` (which I assume is the lan ip address for your machine), you should forward it to a hostname called `homeassistant` (which is the hostname for the home assistant instance inside your docker compose network)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1703786488 {#4437
    date: 2023-12-28 19:01:28.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@redcalcium@lemmy.institute"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4440 …}
  +nested: Doctrine\ORM\PersistentCollection {#4442 …}
  +votes: Doctrine\ORM\PersistentCollection {#4444 …}
  +reports: Doctrine\ORM\PersistentCollection {#4446 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4448 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4450 …}
  -id: 259951
  -bodyTs: "'192.168.178.214':6 'address':14 'assist':34 'assum':9 'call':25 'compos':39 'docker':38 'forward':3,20 'ha.yourdomain.com':4 'home':33 'homeassist':26 'hostnam':24,30 'insid':36 'instanc':35 'instead':1 'ip':13 'lan':12 'machin':17 'network':40"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.institute/comment/1872375"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703786488 {#4438
    date: 2023-12-28 19:01:28.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
28 DENIED moderate 
App\Entity\EntryComment {#4439
  +user: App\Entity\User {#4082 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4372
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4100
      +user: App\Entity\User {#4082 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        What happened when you tried to open it on incognito mode / private browsing mode?\n
        \n
        Btw, if you’re using Chrome, you can type `thisisunsafe` to bypass hsts warning if nothing else work.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1708784944 {#4106
        date: 2024-02-24 15:29:04.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4097 …}
      +nested: Doctrine\ORM\PersistentCollection {#4095 …}
      +votes: Doctrine\ORM\PersistentCollection {#4092 …}
      +reports: Doctrine\ORM\PersistentCollection {#4088 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4086 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4084 …}
      -id: 259356
      -bodyTs: "'brows':13 'btw':15 'bypass':26 'chrome':20 'els':31 'happen':2 'hsts':27 'incognito':10 'mode':11,14 'noth':30 'open':7 'privat':12 're':18 'thisisunsaf':24 'tri':5 'type':23 'use':19 'warn':28 'work':32"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.institute/comment/1871198"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703772758 {#4103
        date: 2023-12-28 15:12:38.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4100}
    +body: "if I close the 8123 port and remove my cache, firefox will warn me, if I click on forward anyways it will forward to a website from my router for some reason saying that the DNS-Rebind-Protection has blocked my attempt and that there is some issue with the host-header."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1703785672 {#4370
      date: 2023-12-28 18:47:52.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@redcalcium@lemmy.institute"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4373 …}
    +nested: Doctrine\ORM\PersistentCollection {#4375 …}
    +votes: Doctrine\ORM\PersistentCollection {#4377 …}
    +reports: Doctrine\ORM\PersistentCollection {#4379 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4381 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4383 …}
    -id: 259899
    -bodyTs: "'8123':5 'anyway':20 'attempt':43 'block':41 'cach':10 'click':17 'close':3 'dns':37 'dns-rebind-protect':36 'firefox':11 'forward':19,23 'header':54 'host':53 'host-head':52 'issu':49 'port':6 'protect':39 'reason':32 'rebind':38 'remov':8 'router':29 'say':33 'warn':13 'websit':26"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6279721"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703785672 {#4371
      date: 2023-12-28 18:47:52.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4100}
  +body: "Instead of forwarding `ha.yourdomain.com` to `192.168.178.214` (which I assume is the lan ip address for your machine), you should forward it to a hostname called `homeassistant` (which is the hostname for the home assistant instance inside your docker compose network)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1703786488 {#4437
    date: 2023-12-28 19:01:28.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@redcalcium@lemmy.institute"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4440 …}
  +nested: Doctrine\ORM\PersistentCollection {#4442 …}
  +votes: Doctrine\ORM\PersistentCollection {#4444 …}
  +reports: Doctrine\ORM\PersistentCollection {#4446 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4448 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4450 …}
  -id: 259951
  -bodyTs: "'192.168.178.214':6 'address':14 'assist':34 'assum':9 'call':25 'compos':39 'docker':38 'forward':3,20 'ha.yourdomain.com':4 'home':33 'homeassist':26 'hostnam':24,30 'insid':36 'instanc':35 'instead':1 'ip':13 'lan':12 'machin':17 'network':40"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.institute/comment/1872375"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703786488 {#4438
    date: 2023-12-28 19:01:28.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
29 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
30 DENIED moderate 
App\Entity\EntryComment {#4508
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4439
    +user: App\Entity\User {#4082 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4372
      +user: Proxies\__CG__\App\Entity\User {#1970 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4100
        +user: App\Entity\User {#4082 …}
        +entry: App\Entity\Entry {#2419}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          What happened when you tried to open it on incognito mode / private browsing mode?\n
          \n
          Btw, if you’re using Chrome, you can type `thisisunsafe` to bypass hsts warning if nothing else work.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1708784944 {#4106
          date: 2024-02-24 15:29:04.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Lobotomie@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4097 …}
        +nested: Doctrine\ORM\PersistentCollection {#4095 …}
        +votes: Doctrine\ORM\PersistentCollection {#4092 …}
        +reports: Doctrine\ORM\PersistentCollection {#4088 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4086 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4084 …}
        -id: 259356
        -bodyTs: "'brows':13 'btw':15 'bypass':26 'chrome':20 'els':31 'happen':2 'hsts':27 'incognito':10 'mode':11,14 'noth':30 'open':7 'privat':12 're':18 'thisisunsaf':24 'tri':5 'type':23 'use':19 'warn':28 'work':32"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.institute/comment/1871198"
        +editedAt: null
        +createdAt: DateTimeImmutable @1703772758 {#4103
          date: 2023-12-28 15:12:38.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4100}
      +body: "if I close the 8123 port and remove my cache, firefox will warn me, if I click on forward anyways it will forward to a website from my router for some reason saying that the DNS-Rebind-Protection has blocked my attempt and that there is some issue with the host-header."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1703785672 {#4370
        date: 2023-12-28 18:47:52.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
        "@redcalcium@lemmy.institute"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4373 …}
      +nested: Doctrine\ORM\PersistentCollection {#4375 …}
      +votes: Doctrine\ORM\PersistentCollection {#4377 …}
      +reports: Doctrine\ORM\PersistentCollection {#4379 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4381 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4383 …}
      -id: 259899
      -bodyTs: "'8123':5 'anyway':20 'attempt':43 'block':41 'cach':10 'click':17 'close':3 'dns':37 'dns-rebind-protect':36 'firefox':11 'forward':19,23 'header':54 'host':53 'host-head':52 'issu':49 'port':6 'protect':39 'reason':32 'rebind':38 'remov':8 'router':29 'say':33 'warn':13 'websit':26"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6279721"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703785672 {#4371
        date: 2023-12-28 18:47:52.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4100}
    +body: "Instead of forwarding `ha.yourdomain.com` to `192.168.178.214` (which I assume is the lan ip address for your machine), you should forward it to a hostname called `homeassistant` (which is the hostname for the home assistant instance inside your docker compose network)."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1703786488 {#4437
      date: 2023-12-28 19:01:28.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@redcalcium@lemmy.institute"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4440 …}
    +nested: Doctrine\ORM\PersistentCollection {#4442 …}
    +votes: Doctrine\ORM\PersistentCollection {#4444 …}
    +reports: Doctrine\ORM\PersistentCollection {#4446 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4448 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4450 …}
    -id: 259951
    -bodyTs: "'192.168.178.214':6 'address':14 'assist':34 'assum':9 'call':25 'compos':39 'docker':38 'forward':3,20 'ha.yourdomain.com':4 'home':33 'homeassist':26 'hostnam':24,30 'insid':36 'instanc':35 'instead':1 'ip':13 'lan':12 'machin':17 'network':40"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.institute/comment/1872375"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703786488 {#4438
      date: 2023-12-28 19:01:28.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4100}
  +body: "Now I get a error Fehlercode: SEC_ERROR_UNKNOWN_ISSUER, and if I continue it will again go to my router with the DNS-REbind / Host-Header Issue"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703791066 {#4505
    date: 2023-12-28 20:17:46.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@redcalcium@lemmy.institute"
    "@Lobotomie@lemmy.world"
    "@redcalcium@lemmy.institute"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4509 …}
  +nested: Doctrine\ORM\PersistentCollection {#4511 …}
  +votes: Doctrine\ORM\PersistentCollection {#4513 …}
  +reports: Doctrine\ORM\PersistentCollection {#4515 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4517 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4519 …}
  -id: 260141
  -bodyTs: "'continu':14 'dns':25 'dns-rebind':24 'error':5,8 'fehlercod':6 'get':3 'go':18 'header':29 'host':28 'host-head':27 'issu':30 'issuer':10 'rebind':26 'router':21 'sec':7 'unknown':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6280909"
  +editedAt: DateTimeImmutable @1708788797 {#4506
    date: 2024-02-24 16:33:17.0 +01:00
  }
  +createdAt: DateTimeImmutable @1703791066 {#4507
    date: 2023-12-28 20:17:46.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
31 DENIED edit 
App\Entity\EntryComment {#4508
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4439
    +user: App\Entity\User {#4082 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4372
      +user: Proxies\__CG__\App\Entity\User {#1970 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4100
        +user: App\Entity\User {#4082 …}
        +entry: App\Entity\Entry {#2419}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          What happened when you tried to open it on incognito mode / private browsing mode?\n
          \n
          Btw, if you’re using Chrome, you can type `thisisunsafe` to bypass hsts warning if nothing else work.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1708784944 {#4106
          date: 2024-02-24 15:29:04.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Lobotomie@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4097 …}
        +nested: Doctrine\ORM\PersistentCollection {#4095 …}
        +votes: Doctrine\ORM\PersistentCollection {#4092 …}
        +reports: Doctrine\ORM\PersistentCollection {#4088 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4086 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4084 …}
        -id: 259356
        -bodyTs: "'brows':13 'btw':15 'bypass':26 'chrome':20 'els':31 'happen':2 'hsts':27 'incognito':10 'mode':11,14 'noth':30 'open':7 'privat':12 're':18 'thisisunsaf':24 'tri':5 'type':23 'use':19 'warn':28 'work':32"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.institute/comment/1871198"
        +editedAt: null
        +createdAt: DateTimeImmutable @1703772758 {#4103
          date: 2023-12-28 15:12:38.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4100}
      +body: "if I close the 8123 port and remove my cache, firefox will warn me, if I click on forward anyways it will forward to a website from my router for some reason saying that the DNS-Rebind-Protection has blocked my attempt and that there is some issue with the host-header."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1703785672 {#4370
        date: 2023-12-28 18:47:52.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
        "@redcalcium@lemmy.institute"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4373 …}
      +nested: Doctrine\ORM\PersistentCollection {#4375 …}
      +votes: Doctrine\ORM\PersistentCollection {#4377 …}
      +reports: Doctrine\ORM\PersistentCollection {#4379 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4381 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4383 …}
      -id: 259899
      -bodyTs: "'8123':5 'anyway':20 'attempt':43 'block':41 'cach':10 'click':17 'close':3 'dns':37 'dns-rebind-protect':36 'firefox':11 'forward':19,23 'header':54 'host':53 'host-head':52 'issu':49 'port':6 'protect':39 'reason':32 'rebind':38 'remov':8 'router':29 'say':33 'warn':13 'websit':26"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6279721"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703785672 {#4371
        date: 2023-12-28 18:47:52.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4100}
    +body: "Instead of forwarding `ha.yourdomain.com` to `192.168.178.214` (which I assume is the lan ip address for your machine), you should forward it to a hostname called `homeassistant` (which is the hostname for the home assistant instance inside your docker compose network)."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1703786488 {#4437
      date: 2023-12-28 19:01:28.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@redcalcium@lemmy.institute"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4440 …}
    +nested: Doctrine\ORM\PersistentCollection {#4442 …}
    +votes: Doctrine\ORM\PersistentCollection {#4444 …}
    +reports: Doctrine\ORM\PersistentCollection {#4446 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4448 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4450 …}
    -id: 259951
    -bodyTs: "'192.168.178.214':6 'address':14 'assist':34 'assum':9 'call':25 'compos':39 'docker':38 'forward':3,20 'ha.yourdomain.com':4 'home':33 'homeassist':26 'hostnam':24,30 'insid':36 'instanc':35 'instead':1 'ip':13 'lan':12 'machin':17 'network':40"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.institute/comment/1872375"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703786488 {#4438
      date: 2023-12-28 19:01:28.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4100}
  +body: "Now I get a error Fehlercode: SEC_ERROR_UNKNOWN_ISSUER, and if I continue it will again go to my router with the DNS-REbind / Host-Header Issue"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703791066 {#4505
    date: 2023-12-28 20:17:46.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@redcalcium@lemmy.institute"
    "@Lobotomie@lemmy.world"
    "@redcalcium@lemmy.institute"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4509 …}
  +nested: Doctrine\ORM\PersistentCollection {#4511 …}
  +votes: Doctrine\ORM\PersistentCollection {#4513 …}
  +reports: Doctrine\ORM\PersistentCollection {#4515 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4517 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4519 …}
  -id: 260141
  -bodyTs: "'continu':14 'dns':25 'dns-rebind':24 'error':5,8 'fehlercod':6 'get':3 'go':18 'header':29 'host':28 'host-head':27 'issu':30 'issuer':10 'rebind':26 'router':21 'sec':7 'unknown':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6280909"
  +editedAt: DateTimeImmutable @1708788797 {#4506
    date: 2024-02-24 16:33:17.0 +01:00
  }
  +createdAt: DateTimeImmutable @1703791066 {#4507
    date: 2023-12-28 20:17:46.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
32 DENIED moderate 
App\Entity\EntryComment {#4508
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4439
    +user: App\Entity\User {#4082 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4372
      +user: Proxies\__CG__\App\Entity\User {#1970 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4100
        +user: App\Entity\User {#4082 …}
        +entry: App\Entity\Entry {#2419}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          What happened when you tried to open it on incognito mode / private browsing mode?\n
          \n
          Btw, if you’re using Chrome, you can type `thisisunsafe` to bypass hsts warning if nothing else work.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1708784944 {#4106
          date: 2024-02-24 15:29:04.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Lobotomie@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4097 …}
        +nested: Doctrine\ORM\PersistentCollection {#4095 …}
        +votes: Doctrine\ORM\PersistentCollection {#4092 …}
        +reports: Doctrine\ORM\PersistentCollection {#4088 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4086 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4084 …}
        -id: 259356
        -bodyTs: "'brows':13 'btw':15 'bypass':26 'chrome':20 'els':31 'happen':2 'hsts':27 'incognito':10 'mode':11,14 'noth':30 'open':7 'privat':12 're':18 'thisisunsaf':24 'tri':5 'type':23 'use':19 'warn':28 'work':32"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.institute/comment/1871198"
        +editedAt: null
        +createdAt: DateTimeImmutable @1703772758 {#4103
          date: 2023-12-28 15:12:38.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4100}
      +body: "if I close the 8123 port and remove my cache, firefox will warn me, if I click on forward anyways it will forward to a website from my router for some reason saying that the DNS-Rebind-Protection has blocked my attempt and that there is some issue with the host-header."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1703785672 {#4370
        date: 2023-12-28 18:47:52.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
        "@redcalcium@lemmy.institute"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4373 …}
      +nested: Doctrine\ORM\PersistentCollection {#4375 …}
      +votes: Doctrine\ORM\PersistentCollection {#4377 …}
      +reports: Doctrine\ORM\PersistentCollection {#4379 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4381 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4383 …}
      -id: 259899
      -bodyTs: "'8123':5 'anyway':20 'attempt':43 'block':41 'cach':10 'click':17 'close':3 'dns':37 'dns-rebind-protect':36 'firefox':11 'forward':19,23 'header':54 'host':53 'host-head':52 'issu':49 'port':6 'protect':39 'reason':32 'rebind':38 'remov':8 'router':29 'say':33 'warn':13 'websit':26"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6279721"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703785672 {#4371
        date: 2023-12-28 18:47:52.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4100}
    +body: "Instead of forwarding `ha.yourdomain.com` to `192.168.178.214` (which I assume is the lan ip address for your machine), you should forward it to a hostname called `homeassistant` (which is the hostname for the home assistant instance inside your docker compose network)."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 1
    +score: 0
    +lastActive: DateTime @1703786488 {#4437
      date: 2023-12-28 19:01:28.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@redcalcium@lemmy.institute"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4440 …}
    +nested: Doctrine\ORM\PersistentCollection {#4442 …}
    +votes: Doctrine\ORM\PersistentCollection {#4444 …}
    +reports: Doctrine\ORM\PersistentCollection {#4446 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4448 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4450 …}
    -id: 259951
    -bodyTs: "'192.168.178.214':6 'address':14 'assist':34 'assum':9 'call':25 'compos':39 'docker':38 'forward':3,20 'ha.yourdomain.com':4 'home':33 'homeassist':26 'hostnam':24,30 'insid':36 'instanc':35 'instead':1 'ip':13 'lan':12 'machin':17 'network':40"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.institute/comment/1872375"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703786488 {#4438
      date: 2023-12-28 19:01:28.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4100}
  +body: "Now I get a error Fehlercode: SEC_ERROR_UNKNOWN_ISSUER, and if I continue it will again go to my router with the DNS-REbind / Host-Header Issue"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703791066 {#4505
    date: 2023-12-28 20:17:46.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@redcalcium@lemmy.institute"
    "@Lobotomie@lemmy.world"
    "@redcalcium@lemmy.institute"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4509 …}
  +nested: Doctrine\ORM\PersistentCollection {#4511 …}
  +votes: Doctrine\ORM\PersistentCollection {#4513 …}
  +reports: Doctrine\ORM\PersistentCollection {#4515 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4517 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4519 …}
  -id: 260141
  -bodyTs: "'continu':14 'dns':25 'dns-rebind':24 'error':5,8 'fehlercod':6 'get':3 'go':18 'header':29 'host':28 'host-head':27 'issu':30 'issuer':10 'rebind':26 'router':21 'sec':7 'unknown':9"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6280909"
  +editedAt: DateTimeImmutable @1708788797 {#4506
    date: 2024-02-24 16:33:17.0 +01:00
  }
  +createdAt: DateTimeImmutable @1703791066 {#4507
    date: 2023-12-28 20:17:46.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
33 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
34 DENIED moderate 
App\Entity\EntryComment {#4184
  +user: App\Entity\User {#4197 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: "Which ports did you forward?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1708747242 {#4179
    date: 2024-02-24 05:00:42.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4185 …}
  +nested: Doctrine\ORM\PersistentCollection {#4187 …}
  +votes: Doctrine\ORM\PersistentCollection {#4189 …}
  +reports: Doctrine\ORM\PersistentCollection {#4191 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4193 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4195 …}
  -id: 258336
  -bodyTs: "'forward':5 'port':2"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sub.wetshaving.social/comment/988529"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703734081 {#4180
    date: 2023-12-28 04:28:01.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
35 DENIED edit 
App\Entity\EntryComment {#4184
  +user: App\Entity\User {#4197 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: "Which ports did you forward?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1708747242 {#4179
    date: 2024-02-24 05:00:42.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4185 …}
  +nested: Doctrine\ORM\PersistentCollection {#4187 …}
  +votes: Doctrine\ORM\PersistentCollection {#4189 …}
  +reports: Doctrine\ORM\PersistentCollection {#4191 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4193 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4195 …}
  -id: 258336
  -bodyTs: "'forward':5 'port':2"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sub.wetshaving.social/comment/988529"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703734081 {#4180
    date: 2023-12-28 04:28:01.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
36 DENIED moderate 
App\Entity\EntryComment {#4184
  +user: App\Entity\User {#4197 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: "Which ports did you forward?"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1708747242 {#4179
    date: 2024-02-24 05:00:42.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4185 …}
  +nested: Doctrine\ORM\PersistentCollection {#4187 …}
  +votes: Doctrine\ORM\PersistentCollection {#4189 …}
  +reports: Doctrine\ORM\PersistentCollection {#4191 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4193 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4195 …}
  -id: 258336
  -bodyTs: "'forward':5 'port':2"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sub.wetshaving.social/comment/988529"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703734081 {#4180
    date: 2023-12-28 04:28:01.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
37 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
38 DENIED moderate 
App\Entity\EntryComment {#4357
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4184
    +user: App\Entity\User {#4197 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: "Which ports did you forward?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1708747242 {#4179
      date: 2024-02-24 05:00:42.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4185 …}
    +nested: Doctrine\ORM\PersistentCollection {#4187 …}
    +votes: Doctrine\ORM\PersistentCollection {#4189 …}
    +reports: Doctrine\ORM\PersistentCollection {#4191 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4193 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4195 …}
    -id: 258336
    -bodyTs: "'forward':5 'port':2"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sub.wetshaving.social/comment/988529"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703734081 {#4180
      date: 2023-12-28 04:28:01.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4184}
  +body: "80,443,8123 and 8124"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703764619 {#4355
    date: 2023-12-28 12:56:59.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@walden@sub.wetshaving.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4358 …}
  +nested: Doctrine\ORM\PersistentCollection {#4360 …}
  +votes: Doctrine\ORM\PersistentCollection {#4362 …}
  +reports: Doctrine\ORM\PersistentCollection {#4364 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4366 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4368 …}
  -id: 259048
  -bodyTs: "'443':2 '80':1 '8123':3 '8124':5"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6275438"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703764619 {#4356
    date: 2023-12-28 12:56:59.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
39 DENIED edit 
App\Entity\EntryComment {#4357
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4184
    +user: App\Entity\User {#4197 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: "Which ports did you forward?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1708747242 {#4179
      date: 2024-02-24 05:00:42.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4185 …}
    +nested: Doctrine\ORM\PersistentCollection {#4187 …}
    +votes: Doctrine\ORM\PersistentCollection {#4189 …}
    +reports: Doctrine\ORM\PersistentCollection {#4191 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4193 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4195 …}
    -id: 258336
    -bodyTs: "'forward':5 'port':2"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sub.wetshaving.social/comment/988529"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703734081 {#4180
      date: 2023-12-28 04:28:01.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4184}
  +body: "80,443,8123 and 8124"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703764619 {#4355
    date: 2023-12-28 12:56:59.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@walden@sub.wetshaving.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4358 …}
  +nested: Doctrine\ORM\PersistentCollection {#4360 …}
  +votes: Doctrine\ORM\PersistentCollection {#4362 …}
  +reports: Doctrine\ORM\PersistentCollection {#4364 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4366 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4368 …}
  -id: 259048
  -bodyTs: "'443':2 '80':1 '8123':3 '8124':5"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6275438"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703764619 {#4356
    date: 2023-12-28 12:56:59.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
40 DENIED moderate 
App\Entity\EntryComment {#4357
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4184
    +user: App\Entity\User {#4197 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: "Which ports did you forward?"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1708747242 {#4179
      date: 2024-02-24 05:00:42.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4185 …}
    +nested: Doctrine\ORM\PersistentCollection {#4187 …}
    +votes: Doctrine\ORM\PersistentCollection {#4189 …}
    +reports: Doctrine\ORM\PersistentCollection {#4191 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4193 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4195 …}
    -id: 258336
    -bodyTs: "'forward':5 'port':2"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sub.wetshaving.social/comment/988529"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703734081 {#4180
      date: 2023-12-28 04:28:01.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4184}
  +body: "80,443,8123 and 8124"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703764619 {#4355
    date: 2023-12-28 12:56:59.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@walden@sub.wetshaving.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4358 …}
  +nested: Doctrine\ORM\PersistentCollection {#4360 …}
  +votes: Doctrine\ORM\PersistentCollection {#4362 …}
  +reports: Doctrine\ORM\PersistentCollection {#4364 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4366 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4368 …}
  -id: 259048
  -bodyTs: "'443':2 '80':1 '8123':3 '8124':5"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6275438"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703764619 {#4356
    date: 2023-12-28 12:56:59.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
41 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
42 DENIED moderate 
App\Entity\EntryComment {#4406
  +user: App\Entity\User {#4197 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4357
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4184
      +user: App\Entity\User {#4197 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Which ports did you forward?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 2
      +score: 0
      +lastActive: DateTime @1708747242 {#4179
        date: 2024-02-24 05:00:42.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4185 …}
      +nested: Doctrine\ORM\PersistentCollection {#4187 …}
      +votes: Doctrine\ORM\PersistentCollection {#4189 …}
      +reports: Doctrine\ORM\PersistentCollection {#4191 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4193 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4195 …}
      -id: 258336
      -bodyTs: "'forward':5 'port':2"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sub.wetshaving.social/comment/988529"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703734081 {#4180
        date: 2023-12-28 04:28:01.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4184}
    +body: "80,443,8123 and 8124"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1703764619 {#4355
      date: 2023-12-28 12:56:59.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@walden@sub.wetshaving.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4358 …}
    +nested: Doctrine\ORM\PersistentCollection {#4360 …}
    +votes: Doctrine\ORM\PersistentCollection {#4362 …}
    +reports: Doctrine\ORM\PersistentCollection {#4364 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4366 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4368 …}
    -id: 259048
    -bodyTs: "'443':2 '80':1 '8123':3 '8124':5"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6275438"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703764619 {#4356
      date: 2023-12-28 12:56:59.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4184}
  +body: "Only 80 and 443 get forwarded to nginx. nginx handles everything from there. Close the other ports."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1703771656 {#4405
    date: 2023-12-28 14:54:16.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@walden@sub.wetshaving.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4409 …}
  +nested: Doctrine\ORM\PersistentCollection {#4414 …}
  +votes: Doctrine\ORM\PersistentCollection {#4410 …}
  +reports: Doctrine\ORM\PersistentCollection {#4416 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4418 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4420 …}
  -id: 259301
  -bodyTs: "'443':4 '80':2 'close':14 'everyth':11 'forward':6 'get':5 'handl':10 'nginx':8,9 'port':17"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sub.wetshaving.social/comment/989653"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703771656 {#4402
    date: 2023-12-28 14:54:16.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
43 DENIED edit 
App\Entity\EntryComment {#4406
  +user: App\Entity\User {#4197 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4357
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4184
      +user: App\Entity\User {#4197 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Which ports did you forward?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 2
      +score: 0
      +lastActive: DateTime @1708747242 {#4179
        date: 2024-02-24 05:00:42.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4185 …}
      +nested: Doctrine\ORM\PersistentCollection {#4187 …}
      +votes: Doctrine\ORM\PersistentCollection {#4189 …}
      +reports: Doctrine\ORM\PersistentCollection {#4191 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4193 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4195 …}
      -id: 258336
      -bodyTs: "'forward':5 'port':2"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sub.wetshaving.social/comment/988529"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703734081 {#4180
        date: 2023-12-28 04:28:01.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4184}
    +body: "80,443,8123 and 8124"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1703764619 {#4355
      date: 2023-12-28 12:56:59.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@walden@sub.wetshaving.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4358 …}
    +nested: Doctrine\ORM\PersistentCollection {#4360 …}
    +votes: Doctrine\ORM\PersistentCollection {#4362 …}
    +reports: Doctrine\ORM\PersistentCollection {#4364 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4366 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4368 …}
    -id: 259048
    -bodyTs: "'443':2 '80':1 '8123':3 '8124':5"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6275438"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703764619 {#4356
      date: 2023-12-28 12:56:59.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4184}
  +body: "Only 80 and 443 get forwarded to nginx. nginx handles everything from there. Close the other ports."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1703771656 {#4405
    date: 2023-12-28 14:54:16.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@walden@sub.wetshaving.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4409 …}
  +nested: Doctrine\ORM\PersistentCollection {#4414 …}
  +votes: Doctrine\ORM\PersistentCollection {#4410 …}
  +reports: Doctrine\ORM\PersistentCollection {#4416 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4418 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4420 …}
  -id: 259301
  -bodyTs: "'443':4 '80':2 'close':14 'everyth':11 'forward':6 'get':5 'handl':10 'nginx':8,9 'port':17"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sub.wetshaving.social/comment/989653"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703771656 {#4402
    date: 2023-12-28 14:54:16.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
44 DENIED moderate 
App\Entity\EntryComment {#4406
  +user: App\Entity\User {#4197 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4357
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4184
      +user: App\Entity\User {#4197 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: "Which ports did you forward?"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 2
      +score: 0
      +lastActive: DateTime @1708747242 {#4179
        date: 2024-02-24 05:00:42.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4185 …}
      +nested: Doctrine\ORM\PersistentCollection {#4187 …}
      +votes: Doctrine\ORM\PersistentCollection {#4189 …}
      +reports: Doctrine\ORM\PersistentCollection {#4191 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4193 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4195 …}
      -id: 258336
      -bodyTs: "'forward':5 'port':2"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://sub.wetshaving.social/comment/988529"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703734081 {#4180
        date: 2023-12-28 04:28:01.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4184}
    +body: "80,443,8123 and 8124"
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1703764619 {#4355
      date: 2023-12-28 12:56:59.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@walden@sub.wetshaving.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4358 …}
    +nested: Doctrine\ORM\PersistentCollection {#4360 …}
    +votes: Doctrine\ORM\PersistentCollection {#4362 …}
    +reports: Doctrine\ORM\PersistentCollection {#4364 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4366 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4368 …}
    -id: 259048
    -bodyTs: "'443':2 '80':1 '8123':3 '8124':5"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6275438"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703764619 {#4356
      date: 2023-12-28 12:56:59.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4184}
  +body: "Only 80 and 443 get forwarded to nginx. nginx handles everything from there. Close the other ports."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1703771656 {#4405
    date: 2023-12-28 14:54:16.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@walden@sub.wetshaving.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4409 …}
  +nested: Doctrine\ORM\PersistentCollection {#4414 …}
  +votes: Doctrine\ORM\PersistentCollection {#4410 …}
  +reports: Doctrine\ORM\PersistentCollection {#4416 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4418 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4420 …}
  -id: 259301
  -bodyTs: "'443':4 '80':2 'close':14 'everyth':11 'forward':6 'get':5 'handl':10 'nginx':8,9 'port':17"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://sub.wetshaving.social/comment/989653"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703771656 {#4402
    date: 2023-12-28 14:54:16.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
45 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
46 DENIED moderate 
App\Entity\EntryComment {#4492
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4406
    +user: App\Entity\User {#4197 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4357
      +user: Proxies\__CG__\App\Entity\User {#1970 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4184
        +user: App\Entity\User {#4197 …}
        +entry: App\Entity\Entry {#2419}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: "Which ports did you forward?"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 2
        +score: 0
        +lastActive: DateTime @1708747242 {#4179
          date: 2024-02-24 05:00:42.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Lobotomie@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4185 …}
        +nested: Doctrine\ORM\PersistentCollection {#4187 …}
        +votes: Doctrine\ORM\PersistentCollection {#4189 …}
        +reports: Doctrine\ORM\PersistentCollection {#4191 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4193 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4195 …}
        -id: 258336
        -bodyTs: "'forward':5 'port':2"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sub.wetshaving.social/comment/988529"
        +editedAt: null
        +createdAt: DateTimeImmutable @1703734081 {#4180
          date: 2023-12-28 04:28:01.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4184}
      +body: "80,443,8123 and 8124"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1703764619 {#4355
        date: 2023-12-28 12:56:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
        "@walden@sub.wetshaving.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4358 …}
      +nested: Doctrine\ORM\PersistentCollection {#4360 …}
      +votes: Doctrine\ORM\PersistentCollection {#4362 …}
      +reports: Doctrine\ORM\PersistentCollection {#4364 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4366 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4368 …}
      -id: 259048
      -bodyTs: "'443':2 '80':1 '8123':3 '8124':5"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6275438"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703764619 {#4356
        date: 2023-12-28 12:56:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4184}
    +body: "Only 80 and 443 get forwarded to nginx. nginx handles everything from there. Close the other ports."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1703771656 {#4405
      date: 2023-12-28 14:54:16.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@walden@sub.wetshaving.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4409 …}
    +nested: Doctrine\ORM\PersistentCollection {#4414 …}
    +votes: Doctrine\ORM\PersistentCollection {#4410 …}
    +reports: Doctrine\ORM\PersistentCollection {#4416 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4418 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4420 …}
    -id: 259301
    -bodyTs: "'443':4 '80':2 'close':14 'everyth':11 'forward':6 'get':5 'handl':10 'nginx':8,9 'port':17"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sub.wetshaving.social/comment/989653"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703771656 {#4402
      date: 2023-12-28 14:54:16.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4184}
  +body: "cheers!"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1703785564 {#4490
    date: 2023-12-28 18:46:04.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@walden@sub.wetshaving.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4493 …}
  +nested: Doctrine\ORM\PersistentCollection {#4495 …}
  +votes: Doctrine\ORM\PersistentCollection {#4497 …}
  +reports: Doctrine\ORM\PersistentCollection {#4499 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4501 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4503 …}
  -id: 259887
  -bodyTs: "'cheer':1"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6279688"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703785564 {#4491
    date: 2023-12-28 18:46:04.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
47 DENIED edit 
App\Entity\EntryComment {#4492
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4406
    +user: App\Entity\User {#4197 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4357
      +user: Proxies\__CG__\App\Entity\User {#1970 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4184
        +user: App\Entity\User {#4197 …}
        +entry: App\Entity\Entry {#2419}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: "Which ports did you forward?"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 2
        +score: 0
        +lastActive: DateTime @1708747242 {#4179
          date: 2024-02-24 05:00:42.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Lobotomie@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4185 …}
        +nested: Doctrine\ORM\PersistentCollection {#4187 …}
        +votes: Doctrine\ORM\PersistentCollection {#4189 …}
        +reports: Doctrine\ORM\PersistentCollection {#4191 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4193 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4195 …}
        -id: 258336
        -bodyTs: "'forward':5 'port':2"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sub.wetshaving.social/comment/988529"
        +editedAt: null
        +createdAt: DateTimeImmutable @1703734081 {#4180
          date: 2023-12-28 04:28:01.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4184}
      +body: "80,443,8123 and 8124"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1703764619 {#4355
        date: 2023-12-28 12:56:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
        "@walden@sub.wetshaving.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4358 …}
      +nested: Doctrine\ORM\PersistentCollection {#4360 …}
      +votes: Doctrine\ORM\PersistentCollection {#4362 …}
      +reports: Doctrine\ORM\PersistentCollection {#4364 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4366 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4368 …}
      -id: 259048
      -bodyTs: "'443':2 '80':1 '8123':3 '8124':5"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6275438"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703764619 {#4356
        date: 2023-12-28 12:56:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4184}
    +body: "Only 80 and 443 get forwarded to nginx. nginx handles everything from there. Close the other ports."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1703771656 {#4405
      date: 2023-12-28 14:54:16.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@walden@sub.wetshaving.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4409 …}
    +nested: Doctrine\ORM\PersistentCollection {#4414 …}
    +votes: Doctrine\ORM\PersistentCollection {#4410 …}
    +reports: Doctrine\ORM\PersistentCollection {#4416 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4418 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4420 …}
    -id: 259301
    -bodyTs: "'443':4 '80':2 'close':14 'everyth':11 'forward':6 'get':5 'handl':10 'nginx':8,9 'port':17"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sub.wetshaving.social/comment/989653"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703771656 {#4402
      date: 2023-12-28 14:54:16.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4184}
  +body: "cheers!"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1703785564 {#4490
    date: 2023-12-28 18:46:04.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@walden@sub.wetshaving.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4493 …}
  +nested: Doctrine\ORM\PersistentCollection {#4495 …}
  +votes: Doctrine\ORM\PersistentCollection {#4497 …}
  +reports: Doctrine\ORM\PersistentCollection {#4499 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4501 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4503 …}
  -id: 259887
  -bodyTs: "'cheer':1"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6279688"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703785564 {#4491
    date: 2023-12-28 18:46:04.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
48 DENIED moderate 
App\Entity\EntryComment {#4492
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4406
    +user: App\Entity\User {#4197 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4357
      +user: Proxies\__CG__\App\Entity\User {#1970 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4184
        +user: App\Entity\User {#4197 …}
        +entry: App\Entity\Entry {#2419}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: "Which ports did you forward?"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 2
        +score: 0
        +lastActive: DateTime @1708747242 {#4179
          date: 2024-02-24 05:00:42.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Lobotomie@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4185 …}
        +nested: Doctrine\ORM\PersistentCollection {#4187 …}
        +votes: Doctrine\ORM\PersistentCollection {#4189 …}
        +reports: Doctrine\ORM\PersistentCollection {#4191 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4193 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4195 …}
        -id: 258336
        -bodyTs: "'forward':5 'port':2"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://sub.wetshaving.social/comment/988529"
        +editedAt: null
        +createdAt: DateTimeImmutable @1703734081 {#4180
          date: 2023-12-28 04:28:01.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4184}
      +body: "80,443,8123 and 8124"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1703764619 {#4355
        date: 2023-12-28 12:56:59.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
        "@walden@sub.wetshaving.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4358 …}
      +nested: Doctrine\ORM\PersistentCollection {#4360 …}
      +votes: Doctrine\ORM\PersistentCollection {#4362 …}
      +reports: Doctrine\ORM\PersistentCollection {#4364 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4366 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4368 …}
      -id: 259048
      -bodyTs: "'443':2 '80':1 '8123':3 '8124':5"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6275438"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703764619 {#4356
        date: 2023-12-28 12:56:59.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4184}
    +body: "Only 80 and 443 get forwarded to nginx. nginx handles everything from there. Close the other ports."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1703771656 {#4405
      date: 2023-12-28 14:54:16.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@walden@sub.wetshaving.social"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4409 …}
    +nested: Doctrine\ORM\PersistentCollection {#4414 …}
    +votes: Doctrine\ORM\PersistentCollection {#4410 …}
    +reports: Doctrine\ORM\PersistentCollection {#4416 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4418 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4420 …}
    -id: 259301
    -bodyTs: "'443':4 '80':2 'close':14 'everyth':11 'forward':6 'get':5 'handl':10 'nginx':8,9 'port':17"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://sub.wetshaving.social/comment/989653"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703771656 {#4402
      date: 2023-12-28 14:54:16.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4184}
  +body: "cheers!"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1703785564 {#4490
    date: 2023-12-28 18:46:04.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@walden@sub.wetshaving.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4493 …}
  +nested: Doctrine\ORM\PersistentCollection {#4495 …}
  +votes: Doctrine\ORM\PersistentCollection {#4497 …}
  +reports: Doctrine\ORM\PersistentCollection {#4499 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4501 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4503 …}
  -id: 259887
  -bodyTs: "'cheer':1"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6279688"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703785564 {#4491
    date: 2023-12-28 18:46:04.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
49 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
50 DENIED moderate 
App\Entity\EntryComment {#4257
  +user: App\Entity\User {#4270 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.\n
    \n
    I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1708785732 {#4252
    date: 2024-02-24 15:42:12.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4258 …}
  +nested: Doctrine\ORM\PersistentCollection {#4260 …}
  +votes: Doctrine\ORM\PersistentCollection {#4262 …}
  +reports: Doctrine\ORM\PersistentCollection {#4264 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4266 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4268 …}
  -id: 258005
  -bodyTs: "'80':29 'also':39 'answer':9 'art':65 'assum':55 'better':71 'bounc':47 'browser':18,32 'cach':40,43 'cert':2,23 'clear':41 'connect':27 'doesn':19 'either':16 'error':14 'expos':60 'fight':34 'inbound':11 'intern':49 'internet':62 'learn':64 'like':21 'mean':15 'modern':31 'otherwis':68 'proxi':8 'public':53 'put':5 're':46 'realli':33 'revers':67 'sometim':38 'url/ip':50 'usual':12 'want':58 'way':72"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://infosec.pub/comment/5279971"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703722390 {#4253
    date: 2023-12-28 01:13:10.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
51 DENIED edit 
App\Entity\EntryComment {#4257
  +user: App\Entity\User {#4270 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.\n
    \n
    I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1708785732 {#4252
    date: 2024-02-24 15:42:12.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4258 …}
  +nested: Doctrine\ORM\PersistentCollection {#4260 …}
  +votes: Doctrine\ORM\PersistentCollection {#4262 …}
  +reports: Doctrine\ORM\PersistentCollection {#4264 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4266 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4268 …}
  -id: 258005
  -bodyTs: "'80':29 'also':39 'answer':9 'art':65 'assum':55 'better':71 'bounc':47 'browser':18,32 'cach':40,43 'cert':2,23 'clear':41 'connect':27 'doesn':19 'either':16 'error':14 'expos':60 'fight':34 'inbound':11 'intern':49 'internet':62 'learn':64 'like':21 'mean':15 'modern':31 'otherwis':68 'proxi':8 'public':53 'put':5 're':46 'realli':33 'revers':67 'sometim':38 'url/ip':50 'usual':12 'want':58 'way':72"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://infosec.pub/comment/5279971"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703722390 {#4253
    date: 2023-12-28 01:13:10.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
52 DENIED moderate 
App\Entity\EntryComment {#4257
  +user: App\Entity\User {#4270 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: null
  +root: null
  +body: """
    What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.\n
    \n
    I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1708785732 {#4252
    date: 2024-02-24 15:42:12.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4258 …}
  +nested: Doctrine\ORM\PersistentCollection {#4260 …}
  +votes: Doctrine\ORM\PersistentCollection {#4262 …}
  +reports: Doctrine\ORM\PersistentCollection {#4264 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4266 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4268 …}
  -id: 258005
  -bodyTs: "'80':29 'also':39 'answer':9 'art':65 'assum':55 'better':71 'bounc':47 'browser':18,32 'cach':40,43 'cert':2,23 'clear':41 'connect':27 'doesn':19 'either':16 'error':14 'expos':60 'fight':34 'inbound':11 'intern':49 'internet':62 'learn':64 'like':21 'mean':15 'modern':31 'otherwis':68 'proxi':8 'public':53 'put':5 're':46 'realli':33 'revers':67 'sometim':38 'url/ip':50 'usual':12 'want':58 'way':72"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://infosec.pub/comment/5279971"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703722390 {#4253
    date: 2023-12-28 01:13:10.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
53 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
54 DENIED moderate 
App\Entity\EntryComment {#4339
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4257
    +user: App\Entity\User {#4270 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.\n
      \n
      I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1708785732 {#4252
      date: 2024-02-24 15:42:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4258 …}
    +nested: Doctrine\ORM\PersistentCollection {#4260 …}
    +votes: Doctrine\ORM\PersistentCollection {#4262 …}
    +reports: Doctrine\ORM\PersistentCollection {#4264 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4266 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4268 …}
    -id: 258005
    -bodyTs: "'80':29 'also':39 'answer':9 'art':65 'assum':55 'better':71 'bounc':47 'browser':18,32 'cach':40,43 'cert':2,23 'clear':41 'connect':27 'doesn':19 'either':16 'error':14 'expos':60 'fight':34 'inbound':11 'intern':49 'internet':62 'learn':64 'like':21 'mean':15 'modern':31 'otherwis':68 'proxi':8 'public':53 'put':5 're':46 'realli':33 'revers':67 'sometim':38 'url/ip':50 'usual':12 'want':58 'way':72"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://infosec.pub/comment/5279971"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703722390 {#4253
      date: 2023-12-28 01:13:10.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4257}
  +body: "Mainly I want to expose it so I can access my stuff remotely. What would you recommend otherwise? Traefik looks alot more difficult to me from the get go but I haven’t tried it out yet (because I dont know where to start) Issue is just that I have a basic understanding about docker/ubuntu stuff now (or I know how to manipulate stuff like I want) but basically everything with Web and https is a big black hole for me which I can’t seem to grasp yet."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703764823 {#4338
    date: 2023-12-28 13:00:23.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@MSgtRedFox@infosec.pub"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4342 …}
  +nested: Doctrine\ORM\PersistentCollection {#4347 …}
  +votes: Doctrine\ORM\PersistentCollection {#4343 …}
  +reports: Doctrine\ORM\PersistentCollection {#4349 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4351 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4353 …}
  -id: 259054
  -bodyTs: "'access':10 'alot':21 'basic':52,69 'big':77 'black':78 'difficult':23 'docker/ubuntu':55 'dont':40 'everyth':70 'expos':5 'get':28 'go':29 'grasp':88 'haven':32 'hole':79 'https':74 'issu':45 'know':41,60 'like':65 'look':20 'main':1 'manipul':63 'otherwis':18 'recommend':17 'remot':13 'seem':86 'start':44 'stuff':12,56,64 'traefik':19 'tri':34 'understand':53 'want':3,67 'web':72 'would':15 'yet':37,89"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6275470"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703764823 {#4335
    date: 2023-12-28 13:00:23.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
55 DENIED edit 
App\Entity\EntryComment {#4339
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4257
    +user: App\Entity\User {#4270 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.\n
      \n
      I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1708785732 {#4252
      date: 2024-02-24 15:42:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4258 …}
    +nested: Doctrine\ORM\PersistentCollection {#4260 …}
    +votes: Doctrine\ORM\PersistentCollection {#4262 …}
    +reports: Doctrine\ORM\PersistentCollection {#4264 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4266 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4268 …}
    -id: 258005
    -bodyTs: "'80':29 'also':39 'answer':9 'art':65 'assum':55 'better':71 'bounc':47 'browser':18,32 'cach':40,43 'cert':2,23 'clear':41 'connect':27 'doesn':19 'either':16 'error':14 'expos':60 'fight':34 'inbound':11 'intern':49 'internet':62 'learn':64 'like':21 'mean':15 'modern':31 'otherwis':68 'proxi':8 'public':53 'put':5 're':46 'realli':33 'revers':67 'sometim':38 'url/ip':50 'usual':12 'want':58 'way':72"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://infosec.pub/comment/5279971"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703722390 {#4253
      date: 2023-12-28 01:13:10.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4257}
  +body: "Mainly I want to expose it so I can access my stuff remotely. What would you recommend otherwise? Traefik looks alot more difficult to me from the get go but I haven’t tried it out yet (because I dont know where to start) Issue is just that I have a basic understanding about docker/ubuntu stuff now (or I know how to manipulate stuff like I want) but basically everything with Web and https is a big black hole for me which I can’t seem to grasp yet."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703764823 {#4338
    date: 2023-12-28 13:00:23.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@MSgtRedFox@infosec.pub"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4342 …}
  +nested: Doctrine\ORM\PersistentCollection {#4347 …}
  +votes: Doctrine\ORM\PersistentCollection {#4343 …}
  +reports: Doctrine\ORM\PersistentCollection {#4349 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4351 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4353 …}
  -id: 259054
  -bodyTs: "'access':10 'alot':21 'basic':52,69 'big':77 'black':78 'difficult':23 'docker/ubuntu':55 'dont':40 'everyth':70 'expos':5 'get':28 'go':29 'grasp':88 'haven':32 'hole':79 'https':74 'issu':45 'know':41,60 'like':65 'look':20 'main':1 'manipul':63 'otherwis':18 'recommend':17 'remot':13 'seem':86 'start':44 'stuff':12,56,64 'traefik':19 'tri':34 'understand':53 'want':3,67 'web':72 'would':15 'yet':37,89"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6275470"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703764823 {#4335
    date: 2023-12-28 13:00:23.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
56 DENIED moderate 
App\Entity\EntryComment {#4339
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4257
    +user: App\Entity\User {#4270 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: null
    +root: null
    +body: """
      What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.\n
      \n
      I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 3
    +score: 0
    +lastActive: DateTime @1708785732 {#4252
      date: 2024-02-24 15:42:12.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4258 …}
    +nested: Doctrine\ORM\PersistentCollection {#4260 …}
    +votes: Doctrine\ORM\PersistentCollection {#4262 …}
    +reports: Doctrine\ORM\PersistentCollection {#4264 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4266 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4268 …}
    -id: 258005
    -bodyTs: "'80':29 'also':39 'answer':9 'art':65 'assum':55 'better':71 'bounc':47 'browser':18,32 'cach':40,43 'cert':2,23 'clear':41 'connect':27 'doesn':19 'either':16 'error':14 'expos':60 'fight':34 'inbound':11 'intern':49 'internet':62 'learn':64 'like':21 'mean':15 'modern':31 'otherwis':68 'proxi':8 'public':53 'put':5 're':46 'realli':33 'revers':67 'sometim':38 'url/ip':50 'usual':12 'want':58 'way':72"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://infosec.pub/comment/5279971"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703722390 {#4253
      date: 2023-12-28 01:13:10.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4257}
  +body: "Mainly I want to expose it so I can access my stuff remotely. What would you recommend otherwise? Traefik looks alot more difficult to me from the get go but I haven’t tried it out yet (because I dont know where to start) Issue is just that I have a basic understanding about docker/ubuntu stuff now (or I know how to manipulate stuff like I want) but basically everything with Web and https is a big black hole for me which I can’t seem to grasp yet."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703764823 {#4338
    date: 2023-12-28 13:00:23.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@MSgtRedFox@infosec.pub"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4342 …}
  +nested: Doctrine\ORM\PersistentCollection {#4347 …}
  +votes: Doctrine\ORM\PersistentCollection {#4343 …}
  +reports: Doctrine\ORM\PersistentCollection {#4349 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4351 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4353 …}
  -id: 259054
  -bodyTs: "'access':10 'alot':21 'basic':52,69 'big':77 'black':78 'difficult':23 'docker/ubuntu':55 'dont':40 'everyth':70 'expos':5 'get':28 'go':29 'grasp':88 'haven':32 'hole':79 'https':74 'issu':45 'know':41,60 'like':65 'look':20 'main':1 'manipul':63 'otherwis':18 'recommend':17 'remot':13 'seem':86 'start':44 'stuff':12,56,64 'traefik':19 'tri':34 'understand':53 'want':3,67 'web':72 'would':15 'yet':37,89"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6275470"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703764823 {#4335
    date: 2023-12-28 13:00:23.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
57 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
58 DENIED moderate 
App\Entity\EntryComment {#4424
  +user: App\Entity\User {#4270 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4339
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4257
      +user: App\Entity\User {#4270 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.\n
        \n
        I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1708785732 {#4252
        date: 2024-02-24 15:42:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4258 …}
      +nested: Doctrine\ORM\PersistentCollection {#4260 …}
      +votes: Doctrine\ORM\PersistentCollection {#4262 …}
      +reports: Doctrine\ORM\PersistentCollection {#4264 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4266 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4268 …}
      -id: 258005
      -bodyTs: "'80':29 'also':39 'answer':9 'art':65 'assum':55 'better':71 'bounc':47 'browser':18,32 'cach':40,43 'cert':2,23 'clear':41 'connect':27 'doesn':19 'either':16 'error':14 'expos':60 'fight':34 'inbound':11 'intern':49 'internet':62 'learn':64 'like':21 'mean':15 'modern':31 'otherwis':68 'proxi':8 'public':53 'put':5 're':46 'realli':33 'revers':67 'sometim':38 'url/ip':50 'usual':12 'want':58 'way':72"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://infosec.pub/comment/5279971"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703722390 {#4253
        date: 2023-12-28 01:13:10.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4257}
    +body: "Mainly I want to expose it so I can access my stuff remotely. What would you recommend otherwise? Traefik looks alot more difficult to me from the get go but I haven’t tried it out yet (because I dont know where to start) Issue is just that I have a basic understanding about docker/ubuntu stuff now (or I know how to manipulate stuff like I want) but basically everything with Web and https is a big black hole for me which I can’t seem to grasp yet."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1703764823 {#4338
      date: 2023-12-28 13:00:23.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@MSgtRedFox@infosec.pub"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4342 …}
    +nested: Doctrine\ORM\PersistentCollection {#4347 …}
    +votes: Doctrine\ORM\PersistentCollection {#4343 …}
    +reports: Doctrine\ORM\PersistentCollection {#4349 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4351 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4353 …}
    -id: 259054
    -bodyTs: "'access':10 'alot':21 'basic':52,69 'big':77 'black':78 'difficult':23 'docker/ubuntu':55 'dont':40 'everyth':70 'expos':5 'get':28 'go':29 'grasp':88 'haven':32 'hole':79 'https':74 'issu':45 'know':41,60 'like':65 'look':20 'main':1 'manipul':63 'otherwis':18 'recommend':17 'remot':13 'seem':86 'start':44 'stuff':12,56,64 'traefik':19 'tri':34 'understand':53 'want':3,67 'web':72 'would':15 'yet':37,89"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6275470"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703764823 {#4335
      date: 2023-12-28 13:00:23.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4257}
  +body: """
    Yeah, it’s a lot. It’s a very large field, and you’re playing in two or three areas here.\n
    \n
    Look at a couple of overlay options. ZeroTier is the one I remember off top of my head. There are others, Google alternatives. These use a coordination server. Some are a hosted service, but there’s some that you host yourself. These are supposed to be pretty easy. You watch a couple of videos on these, I bet you’re be fine.\n
    \n
    Wire guard offers more traditional VPN. You can tunnel your device back to your network. Some routers offer a VPN option. There’s open sense, ddwrt, etc. Again, lots of videos.\n
    \n
    Since you said you mostly wanted remote access, I strongly suggest not opening services to public and use VPN.\n
    \n
    You can still learn reverse proxy too, but just do it internally, even though it wouldn’t technically be needed. This will be much safer and learner friendly.\n
    \n
    I have ridiculous amounts of services running, but I use gateway router VPN to access most of them.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1703767493 {#4422
    date: 2023-12-28 13:44:53.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@MSgtRedFox@infosec.pub"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4425 …}
  +nested: Doctrine\ORM\PersistentCollection {#4427 …}
  +votes: Doctrine\ORM\PersistentCollection {#4429 …}
  +reports: Doctrine\ORM\PersistentCollection {#4431 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4433 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4435 …}
  -id: 259152
  -bodyTs: "'access':122,176 'altern':44 'amount':165 'area':20 'back':95 'bet':79 'coordin':48 'coupl':25,73 'ddwrt':109 'devic':94 'easi':69 'etc':110 'even':146 'field':11 'fine':83 'friend':161 'gateway':172 'googl':43 'guard':85 'head':39 'host':53,61 'intern':145 'larg':10 'learn':137 'learner':160 'look':22 'lot':5,112 'most':119 'much':157 'need':153 'network':98 'offer':86,101 'one':32 'open':107,127 'option':28,104 'other':42 'overlay':27 'play':15 'pretti':68 'proxi':139 'public':130 're':14,81 'rememb':34 'remot':121 'revers':138 'ridicul':164 'router':100,173 'run':168 'safer':158 'said':117 'sens':108 'server':49 'servic':54,128,167 'sinc':115 'still':136 'strong':124 'suggest':125 'suppos':65 'technic':151 'though':147 'three':19 'top':36 'tradit':88 'tunnel':92 'two':17 'use':46,132,171 'video':75,114 'vpn':89,103,133,174 'want':120 'watch':71 'wire':84 'wouldn':149 'yeah':1 'zeroti':29"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://infosec.pub/comment/5285763"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703767493 {#4423
    date: 2023-12-28 13:44:53.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
59 DENIED edit 
App\Entity\EntryComment {#4424
  +user: App\Entity\User {#4270 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4339
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4257
      +user: App\Entity\User {#4270 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.\n
        \n
        I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1708785732 {#4252
        date: 2024-02-24 15:42:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4258 …}
      +nested: Doctrine\ORM\PersistentCollection {#4260 …}
      +votes: Doctrine\ORM\PersistentCollection {#4262 …}
      +reports: Doctrine\ORM\PersistentCollection {#4264 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4266 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4268 …}
      -id: 258005
      -bodyTs: "'80':29 'also':39 'answer':9 'art':65 'assum':55 'better':71 'bounc':47 'browser':18,32 'cach':40,43 'cert':2,23 'clear':41 'connect':27 'doesn':19 'either':16 'error':14 'expos':60 'fight':34 'inbound':11 'intern':49 'internet':62 'learn':64 'like':21 'mean':15 'modern':31 'otherwis':68 'proxi':8 'public':53 'put':5 're':46 'realli':33 'revers':67 'sometim':38 'url/ip':50 'usual':12 'want':58 'way':72"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://infosec.pub/comment/5279971"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703722390 {#4253
        date: 2023-12-28 01:13:10.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4257}
    +body: "Mainly I want to expose it so I can access my stuff remotely. What would you recommend otherwise? Traefik looks alot more difficult to me from the get go but I haven’t tried it out yet (because I dont know where to start) Issue is just that I have a basic understanding about docker/ubuntu stuff now (or I know how to manipulate stuff like I want) but basically everything with Web and https is a big black hole for me which I can’t seem to grasp yet."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1703764823 {#4338
      date: 2023-12-28 13:00:23.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@MSgtRedFox@infosec.pub"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4342 …}
    +nested: Doctrine\ORM\PersistentCollection {#4347 …}
    +votes: Doctrine\ORM\PersistentCollection {#4343 …}
    +reports: Doctrine\ORM\PersistentCollection {#4349 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4351 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4353 …}
    -id: 259054
    -bodyTs: "'access':10 'alot':21 'basic':52,69 'big':77 'black':78 'difficult':23 'docker/ubuntu':55 'dont':40 'everyth':70 'expos':5 'get':28 'go':29 'grasp':88 'haven':32 'hole':79 'https':74 'issu':45 'know':41,60 'like':65 'look':20 'main':1 'manipul':63 'otherwis':18 'recommend':17 'remot':13 'seem':86 'start':44 'stuff':12,56,64 'traefik':19 'tri':34 'understand':53 'want':3,67 'web':72 'would':15 'yet':37,89"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6275470"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703764823 {#4335
      date: 2023-12-28 13:00:23.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4257}
  +body: """
    Yeah, it’s a lot. It’s a very large field, and you’re playing in two or three areas here.\n
    \n
    Look at a couple of overlay options. ZeroTier is the one I remember off top of my head. There are others, Google alternatives. These use a coordination server. Some are a hosted service, but there’s some that you host yourself. These are supposed to be pretty easy. You watch a couple of videos on these, I bet you’re be fine.\n
    \n
    Wire guard offers more traditional VPN. You can tunnel your device back to your network. Some routers offer a VPN option. There’s open sense, ddwrt, etc. Again, lots of videos.\n
    \n
    Since you said you mostly wanted remote access, I strongly suggest not opening services to public and use VPN.\n
    \n
    You can still learn reverse proxy too, but just do it internally, even though it wouldn’t technically be needed. This will be much safer and learner friendly.\n
    \n
    I have ridiculous amounts of services running, but I use gateway router VPN to access most of them.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1703767493 {#4422
    date: 2023-12-28 13:44:53.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@MSgtRedFox@infosec.pub"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4425 …}
  +nested: Doctrine\ORM\PersistentCollection {#4427 …}
  +votes: Doctrine\ORM\PersistentCollection {#4429 …}
  +reports: Doctrine\ORM\PersistentCollection {#4431 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4433 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4435 …}
  -id: 259152
  -bodyTs: "'access':122,176 'altern':44 'amount':165 'area':20 'back':95 'bet':79 'coordin':48 'coupl':25,73 'ddwrt':109 'devic':94 'easi':69 'etc':110 'even':146 'field':11 'fine':83 'friend':161 'gateway':172 'googl':43 'guard':85 'head':39 'host':53,61 'intern':145 'larg':10 'learn':137 'learner':160 'look':22 'lot':5,112 'most':119 'much':157 'need':153 'network':98 'offer':86,101 'one':32 'open':107,127 'option':28,104 'other':42 'overlay':27 'play':15 'pretti':68 'proxi':139 'public':130 're':14,81 'rememb':34 'remot':121 'revers':138 'ridicul':164 'router':100,173 'run':168 'safer':158 'said':117 'sens':108 'server':49 'servic':54,128,167 'sinc':115 'still':136 'strong':124 'suggest':125 'suppos':65 'technic':151 'though':147 'three':19 'top':36 'tradit':88 'tunnel':92 'two':17 'use':46,132,171 'video':75,114 'vpn':89,103,133,174 'want':120 'watch':71 'wire':84 'wouldn':149 'yeah':1 'zeroti':29"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://infosec.pub/comment/5285763"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703767493 {#4423
    date: 2023-12-28 13:44:53.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
60 DENIED moderate 
App\Entity\EntryComment {#4424
  +user: App\Entity\User {#4270 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4339
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4257
      +user: App\Entity\User {#4270 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: null
      +root: null
      +body: """
        What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.\n
        \n
        I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1708785732 {#4252
        date: 2024-02-24 15:42:12.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4258 …}
      +nested: Doctrine\ORM\PersistentCollection {#4260 …}
      +votes: Doctrine\ORM\PersistentCollection {#4262 …}
      +reports: Doctrine\ORM\PersistentCollection {#4264 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4266 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4268 …}
      -id: 258005
      -bodyTs: "'80':29 'also':39 'answer':9 'art':65 'assum':55 'better':71 'bounc':47 'browser':18,32 'cach':40,43 'cert':2,23 'clear':41 'connect':27 'doesn':19 'either':16 'error':14 'expos':60 'fight':34 'inbound':11 'intern':49 'internet':62 'learn':64 'like':21 'mean':15 'modern':31 'otherwis':68 'proxi':8 'public':53 'put':5 're':46 'realli':33 'revers':67 'sometim':38 'url/ip':50 'usual':12 'want':58 'way':72"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://infosec.pub/comment/5279971"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703722390 {#4253
        date: 2023-12-28 01:13:10.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4257}
    +body: "Mainly I want to expose it so I can access my stuff remotely. What would you recommend otherwise? Traefik looks alot more difficult to me from the get go but I haven’t tried it out yet (because I dont know where to start) Issue is just that I have a basic understanding about docker/ubuntu stuff now (or I know how to manipulate stuff like I want) but basically everything with Web and https is a big black hole for me which I can’t seem to grasp yet."
    +lang: "en"
    +isAdult: false
    +favouriteCount: 0
    +score: 0
    +lastActive: DateTime @1703764823 {#4338
      date: 2023-12-28 13:00:23.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@MSgtRedFox@infosec.pub"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4342 …}
    +nested: Doctrine\ORM\PersistentCollection {#4347 …}
    +votes: Doctrine\ORM\PersistentCollection {#4343 …}
    +reports: Doctrine\ORM\PersistentCollection {#4349 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4351 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4353 …}
    -id: 259054
    -bodyTs: "'access':10 'alot':21 'basic':52,69 'big':77 'black':78 'difficult':23 'docker/ubuntu':55 'dont':40 'everyth':70 'expos':5 'get':28 'go':29 'grasp':88 'haven':32 'hole':79 'https':74 'issu':45 'know':41,60 'like':65 'look':20 'main':1 'manipul':63 'otherwis':18 'recommend':17 'remot':13 'seem':86 'start':44 'stuff':12,56,64 'traefik':19 'tri':34 'understand':53 'want':3,67 'web':72 'would':15 'yet':37,89"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://lemmy.world/comment/6275470"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703764823 {#4335
      date: 2023-12-28 13:00:23.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4257}
  +body: """
    Yeah, it’s a lot. It’s a very large field, and you’re playing in two or three areas here.\n
    \n
    Look at a couple of overlay options. ZeroTier is the one I remember off top of my head. There are others, Google alternatives. These use a coordination server. Some are a hosted service, but there’s some that you host yourself. These are supposed to be pretty easy. You watch a couple of videos on these, I bet you’re be fine.\n
    \n
    Wire guard offers more traditional VPN. You can tunnel your device back to your network. Some routers offer a VPN option. There’s open sense, ddwrt, etc. Again, lots of videos.\n
    \n
    Since you said you mostly wanted remote access, I strongly suggest not opening services to public and use VPN.\n
    \n
    You can still learn reverse proxy too, but just do it internally, even though it wouldn’t technically be needed. This will be much safer and learner friendly.\n
    \n
    I have ridiculous amounts of services running, but I use gateway router VPN to access most of them.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 2
  +score: 0
  +lastActive: DateTime @1703767493 {#4422
    date: 2023-12-28 13:44:53.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@MSgtRedFox@infosec.pub"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4425 …}
  +nested: Doctrine\ORM\PersistentCollection {#4427 …}
  +votes: Doctrine\ORM\PersistentCollection {#4429 …}
  +reports: Doctrine\ORM\PersistentCollection {#4431 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4433 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4435 …}
  -id: 259152
  -bodyTs: "'access':122,176 'altern':44 'amount':165 'area':20 'back':95 'bet':79 'coordin':48 'coupl':25,73 'ddwrt':109 'devic':94 'easi':69 'etc':110 'even':146 'field':11 'fine':83 'friend':161 'gateway':172 'googl':43 'guard':85 'head':39 'host':53,61 'intern':145 'larg':10 'learn':137 'learner':160 'look':22 'lot':5,112 'most':119 'much':157 'need':153 'network':98 'offer':86,101 'one':32 'open':107,127 'option':28,104 'other':42 'overlay':27 'play':15 'pretti':68 'proxi':139 'public':130 're':14,81 'rememb':34 'remot':121 'revers':138 'ridicul':164 'router':100,173 'run':168 'safer':158 'said':117 'sens':108 'server':49 'servic':54,128,167 'sinc':115 'still':136 'strong':124 'suggest':125 'suppos':65 'technic':151 'though':147 'three':19 'top':36 'tradit':88 'tunnel':92 'two':17 'use':46,132,171 'video':75,114 'vpn':89,103,133,174 'want':120 'watch':71 'wire':84 'wouldn':149 'yeah':1 'zeroti':29"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://infosec.pub/comment/5285763"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703767493 {#4423
    date: 2023-12-28 13:44:53.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
61 DENIED ROLE_USER 
null
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
62 DENIED moderate 
App\Entity\EntryComment {#4474
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4424
    +user: App\Entity\User {#4270 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4339
      +user: Proxies\__CG__\App\Entity\User {#1970 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4257
        +user: App\Entity\User {#4270 …}
        +entry: App\Entity\Entry {#2419}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.\n
          \n
          I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1708785732 {#4252
          date: 2024-02-24 15:42:12.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Lobotomie@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4258 …}
        +nested: Doctrine\ORM\PersistentCollection {#4260 …}
        +votes: Doctrine\ORM\PersistentCollection {#4262 …}
        +reports: Doctrine\ORM\PersistentCollection {#4264 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4266 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4268 …}
        -id: 258005
        -bodyTs: "'80':29 'also':39 'answer':9 'art':65 'assum':55 'better':71 'bounc':47 'browser':18,32 'cach':40,43 'cert':2,23 'clear':41 'connect':27 'doesn':19 'either':16 'error':14 'expos':60 'fight':34 'inbound':11 'intern':49 'internet':62 'learn':64 'like':21 'mean':15 'modern':31 'otherwis':68 'proxi':8 'public':53 'put':5 're':46 'realli':33 'revers':67 'sometim':38 'url/ip':50 'usual':12 'want':58 'way':72"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://infosec.pub/comment/5279971"
        +editedAt: null
        +createdAt: DateTimeImmutable @1703722390 {#4253
          date: 2023-12-28 01:13:10.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4257}
      +body: "Mainly I want to expose it so I can access my stuff remotely. What would you recommend otherwise? Traefik looks alot more difficult to me from the get go but I haven’t tried it out yet (because I dont know where to start) Issue is just that I have a basic understanding about docker/ubuntu stuff now (or I know how to manipulate stuff like I want) but basically everything with Web and https is a big black hole for me which I can’t seem to grasp yet."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1703764823 {#4338
        date: 2023-12-28 13:00:23.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
        "@MSgtRedFox@infosec.pub"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4342 …}
      +nested: Doctrine\ORM\PersistentCollection {#4347 …}
      +votes: Doctrine\ORM\PersistentCollection {#4343 …}
      +reports: Doctrine\ORM\PersistentCollection {#4349 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4351 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4353 …}
      -id: 259054
      -bodyTs: "'access':10 'alot':21 'basic':52,69 'big':77 'black':78 'difficult':23 'docker/ubuntu':55 'dont':40 'everyth':70 'expos':5 'get':28 'go':29 'grasp':88 'haven':32 'hole':79 'https':74 'issu':45 'know':41,60 'like':65 'look':20 'main':1 'manipul':63 'otherwis':18 'recommend':17 'remot':13 'seem':86 'start':44 'stuff':12,56,64 'traefik':19 'tri':34 'understand':53 'want':3,67 'web':72 'would':15 'yet':37,89"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6275470"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703764823 {#4335
        date: 2023-12-28 13:00:23.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4257}
    +body: """
      Yeah, it’s a lot. It’s a very large field, and you’re playing in two or three areas here.\n
      \n
      Look at a couple of overlay options. ZeroTier is the one I remember off top of my head. There are others, Google alternatives. These use a coordination server. Some are a hosted service, but there’s some that you host yourself. These are supposed to be pretty easy. You watch a couple of videos on these, I bet you’re be fine.\n
      \n
      Wire guard offers more traditional VPN. You can tunnel your device back to your network. Some routers offer a VPN option. There’s open sense, ddwrt, etc. Again, lots of videos.\n
      \n
      Since you said you mostly wanted remote access, I strongly suggest not opening services to public and use VPN.\n
      \n
      You can still learn reverse proxy too, but just do it internally, even though it wouldn’t technically be needed. This will be much safer and learner friendly.\n
      \n
      I have ridiculous amounts of services running, but I use gateway router VPN to access most of them.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1703767493 {#4422
      date: 2023-12-28 13:44:53.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@MSgtRedFox@infosec.pub"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4425 …}
    +nested: Doctrine\ORM\PersistentCollection {#4427 …}
    +votes: Doctrine\ORM\PersistentCollection {#4429 …}
    +reports: Doctrine\ORM\PersistentCollection {#4431 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4433 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4435 …}
    -id: 259152
    -bodyTs: "'access':122,176 'altern':44 'amount':165 'area':20 'back':95 'bet':79 'coordin':48 'coupl':25,73 'ddwrt':109 'devic':94 'easi':69 'etc':110 'even':146 'field':11 'fine':83 'friend':161 'gateway':172 'googl':43 'guard':85 'head':39 'host':53,61 'intern':145 'larg':10 'learn':137 'learner':160 'look':22 'lot':5,112 'most':119 'much':157 'need':153 'network':98 'offer':86,101 'one':32 'open':107,127 'option':28,104 'other':42 'overlay':27 'play':15 'pretti':68 'proxi':139 'public':130 're':14,81 'rememb':34 'remot':121 'revers':138 'ridicul':164 'router':100,173 'run':168 'safer':158 'said':117 'sens':108 'server':49 'servic':54,128,167 'sinc':115 'still':136 'strong':124 'suggest':125 'suppos':65 'technic':151 'though':147 'three':19 'top':36 'tradit':88 'tunnel':92 'two':17 'use':46,132,171 'video':75,114 'vpn':89,103,133,174 'want':120 'watch':71 'wire':84 'wouldn':149 'yeah':1 'zeroti':29"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://infosec.pub/comment/5285763"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703767493 {#4423
      date: 2023-12-28 13:44:53.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4257}
  +body: "using a vpn or similar is not really an option as I have famiy members accessing it and I dont want to always connect using a vpn just for example to open my garage or accessing my shopping list. Security wise I just use 2FA so I dont think thats the issue."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703791148 {#4473
    date: 2023-12-28 20:19:08.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@MSgtRedFox@infosec.pub"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4477 …}
  +nested: Doctrine\ORM\PersistentCollection {#4482 …}
  +votes: Doctrine\ORM\PersistentCollection {#4478 …}
  +reports: Doctrine\ORM\PersistentCollection {#4484 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4486 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4488 …}
  -id: 260145
  -bodyTs: "'2fa':45 'access':16,36 'alway':23 'connect':24 'dont':20,48 'exampl':30 'famiy':14 'garag':34 'issu':52 'list':39 'member':15 'open':32 'option':10 'realli':8 'secur':40 'shop':38 'similar':5 'that':50 'think':49 'use':1,25,44 'vpn':3,27 'want':21 'wise':41"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6280927"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703791148 {#4470
    date: 2023-12-28 20:19:08.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
63 DENIED edit 
App\Entity\EntryComment {#4474
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4424
    +user: App\Entity\User {#4270 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4339
      +user: Proxies\__CG__\App\Entity\User {#1970 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4257
        +user: App\Entity\User {#4270 …}
        +entry: App\Entity\Entry {#2419}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.\n
          \n
          I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1708785732 {#4252
          date: 2024-02-24 15:42:12.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Lobotomie@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4258 …}
        +nested: Doctrine\ORM\PersistentCollection {#4260 …}
        +votes: Doctrine\ORM\PersistentCollection {#4262 …}
        +reports: Doctrine\ORM\PersistentCollection {#4264 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4266 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4268 …}
        -id: 258005
        -bodyTs: "'80':29 'also':39 'answer':9 'art':65 'assum':55 'better':71 'bounc':47 'browser':18,32 'cach':40,43 'cert':2,23 'clear':41 'connect':27 'doesn':19 'either':16 'error':14 'expos':60 'fight':34 'inbound':11 'intern':49 'internet':62 'learn':64 'like':21 'mean':15 'modern':31 'otherwis':68 'proxi':8 'public':53 'put':5 're':46 'realli':33 'revers':67 'sometim':38 'url/ip':50 'usual':12 'want':58 'way':72"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://infosec.pub/comment/5279971"
        +editedAt: null
        +createdAt: DateTimeImmutable @1703722390 {#4253
          date: 2023-12-28 01:13:10.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4257}
      +body: "Mainly I want to expose it so I can access my stuff remotely. What would you recommend otherwise? Traefik looks alot more difficult to me from the get go but I haven’t tried it out yet (because I dont know where to start) Issue is just that I have a basic understanding about docker/ubuntu stuff now (or I know how to manipulate stuff like I want) but basically everything with Web and https is a big black hole for me which I can’t seem to grasp yet."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1703764823 {#4338
        date: 2023-12-28 13:00:23.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
        "@MSgtRedFox@infosec.pub"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4342 …}
      +nested: Doctrine\ORM\PersistentCollection {#4347 …}
      +votes: Doctrine\ORM\PersistentCollection {#4343 …}
      +reports: Doctrine\ORM\PersistentCollection {#4349 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4351 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4353 …}
      -id: 259054
      -bodyTs: "'access':10 'alot':21 'basic':52,69 'big':77 'black':78 'difficult':23 'docker/ubuntu':55 'dont':40 'everyth':70 'expos':5 'get':28 'go':29 'grasp':88 'haven':32 'hole':79 'https':74 'issu':45 'know':41,60 'like':65 'look':20 'main':1 'manipul':63 'otherwis':18 'recommend':17 'remot':13 'seem':86 'start':44 'stuff':12,56,64 'traefik':19 'tri':34 'understand':53 'want':3,67 'web':72 'would':15 'yet':37,89"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6275470"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703764823 {#4335
        date: 2023-12-28 13:00:23.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4257}
    +body: """
      Yeah, it’s a lot. It’s a very large field, and you’re playing in two or three areas here.\n
      \n
      Look at a couple of overlay options. ZeroTier is the one I remember off top of my head. There are others, Google alternatives. These use a coordination server. Some are a hosted service, but there’s some that you host yourself. These are supposed to be pretty easy. You watch a couple of videos on these, I bet you’re be fine.\n
      \n
      Wire guard offers more traditional VPN. You can tunnel your device back to your network. Some routers offer a VPN option. There’s open sense, ddwrt, etc. Again, lots of videos.\n
      \n
      Since you said you mostly wanted remote access, I strongly suggest not opening services to public and use VPN.\n
      \n
      You can still learn reverse proxy too, but just do it internally, even though it wouldn’t technically be needed. This will be much safer and learner friendly.\n
      \n
      I have ridiculous amounts of services running, but I use gateway router VPN to access most of them.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1703767493 {#4422
      date: 2023-12-28 13:44:53.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@MSgtRedFox@infosec.pub"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4425 …}
    +nested: Doctrine\ORM\PersistentCollection {#4427 …}
    +votes: Doctrine\ORM\PersistentCollection {#4429 …}
    +reports: Doctrine\ORM\PersistentCollection {#4431 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4433 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4435 …}
    -id: 259152
    -bodyTs: "'access':122,176 'altern':44 'amount':165 'area':20 'back':95 'bet':79 'coordin':48 'coupl':25,73 'ddwrt':109 'devic':94 'easi':69 'etc':110 'even':146 'field':11 'fine':83 'friend':161 'gateway':172 'googl':43 'guard':85 'head':39 'host':53,61 'intern':145 'larg':10 'learn':137 'learner':160 'look':22 'lot':5,112 'most':119 'much':157 'need':153 'network':98 'offer':86,101 'one':32 'open':107,127 'option':28,104 'other':42 'overlay':27 'play':15 'pretti':68 'proxi':139 'public':130 're':14,81 'rememb':34 'remot':121 'revers':138 'ridicul':164 'router':100,173 'run':168 'safer':158 'said':117 'sens':108 'server':49 'servic':54,128,167 'sinc':115 'still':136 'strong':124 'suggest':125 'suppos':65 'technic':151 'though':147 'three':19 'top':36 'tradit':88 'tunnel':92 'two':17 'use':46,132,171 'video':75,114 'vpn':89,103,133,174 'want':120 'watch':71 'wire':84 'wouldn':149 'yeah':1 'zeroti':29"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://infosec.pub/comment/5285763"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703767493 {#4423
      date: 2023-12-28 13:44:53.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4257}
  +body: "using a vpn or similar is not really an option as I have famiy members accessing it and I dont want to always connect using a vpn just for example to open my garage or accessing my shopping list. Security wise I just use 2FA so I dont think thats the issue."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703791148 {#4473
    date: 2023-12-28 20:19:08.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@MSgtRedFox@infosec.pub"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4477 …}
  +nested: Doctrine\ORM\PersistentCollection {#4482 …}
  +votes: Doctrine\ORM\PersistentCollection {#4478 …}
  +reports: Doctrine\ORM\PersistentCollection {#4484 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4486 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4488 …}
  -id: 260145
  -bodyTs: "'2fa':45 'access':16,36 'alway':23 'connect':24 'dont':20,48 'exampl':30 'famiy':14 'garag':34 'issu':52 'list':39 'member':15 'open':32 'option':10 'realli':8 'secur':40 'shop':38 'similar':5 'that':50 'think':49 'use':1,25,44 'vpn':3,27 'want':21 'wise':41"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6280927"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703791148 {#4470
    date: 2023-12-28 20:19:08.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
64 DENIED moderate 
App\Entity\EntryComment {#4474
  +user: Proxies\__CG__\App\Entity\User {#1970 …}
  +entry: App\Entity\Entry {#2419
    +user: Proxies\__CG__\App\Entity\User {#1970 …}
    +magazine: App\Entity\Magazine {#265
      +icon: Proxies\__CG__\App\Entity\Image {#246 …}
      +name: "selfhosted@lemmy.world"
      +title: "selfhosted"
      +description: """
        A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
        \n
        Rules:\n
        \n
        - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
        - No spam posting.\n
        - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
        - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
        - No trolling.\n
        \n
        Resources:\n
        \n
        - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
        - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
        - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
        \n
        &gt; Any issues on the community? Report it using the report flag.\n
        \n
        &gt; Questions? DM the mods!
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 222
      +entryCommentCount: 3916
      +postCount: 0
      +postCommentCount: 0
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1729582735 {#275
        date: 2024-10-22 09:38:55.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#237 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
      +entries: Doctrine\ORM\PersistentCollection {#180 …}
      +posts: Doctrine\ORM\PersistentCollection {#138 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
      +bans: Doctrine\ORM\PersistentCollection {#117 …}
      +reports: Doctrine\ORM\PersistentCollection {#103 …}
      +badges: Doctrine\ORM\PersistentCollection {#81 …}
      +logs: Doctrine\ORM\PersistentCollection {#71 …}
      +awards: Doctrine\ORM\PersistentCollection {#1346 …}
      +categories: Doctrine\ORM\PersistentCollection {#1823 …}
      -id: 120
      +apId: "selfhosted@lemmy.world"
      +apProfileId: "https://lemmy.world/c/selfhosted"
      +apPublicUrl: "https://lemmy.world/c/selfhosted"
      +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
      +apInboxUrl: "https://lemmy.world/inbox"
      +apDomain: "lemmy.world"
      +apPreferredUsername: "selfhosted"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1703473826 {#269
        date: 2023-12-25 04:10:26.0 +01:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1703473826 {#271
        date: 2023-12-25 04:10:26.0 +01:00
      }
    }
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1915 …}
    +slug: "Help-needed-setting-up-NGINX-reverse-Proxy-HA-Vaultwarden-using"
    +title: "Help needed setting up NGINX reverse Proxy / HA / Vaultwarden using Duckdns"
    +url: null
    +body: """
      Hey Guys,\n
      \n
      so I still have no clue about most of the stuff im doing hence why I am doing it :)\n
      \n
      I have a ubuntu system running all kinds of docker containers and I want to expose homeassistant and vaultwarden to the internet.\n
      \n
      Now I have set up a Duckdns account, I have setup my Router (fritzbox) to update the dyndns settings, I have set up my homeassistant the following:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">homeassistant:\n
      </span><span style="color:#323232;">  internal_url: http://192.168.178.214:8123\n
      </span><span style="color:#323232;">  external_url: https://ha.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">http:\n
      </span><span style="color:#323232;">  use_x_forwarded_for: true\n
      </span><span style="color:#323232;">  trusted_proxies:\n
      </span><span style="color:#323232;">    - 172.22.0.0/24\n
      </span>\n
      ```\n
      \n
      Following is my Homeassistant Configuration:\n
      \n
      ```\n
      \n
      <span style="color:#323232;">  homeassistant:\n
      </span><span style="color:#323232;">    container_name: homeassistant\n
      </span><span style="color:#323232;">    image: "ghcr.io/home-assistant/home-assistant:stable"\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /homeassistant/:/config\n
      </span><span style="color:#323232;">      - /etc/localtime:/etc/localtime:ro\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    network_mode: host\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8123:8123\n
      </span><span style="color:#323232;">      - 5683:5683\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-proxy-manager:\n
      </span><span style="color:#323232;">    container_name: nginx\n
      </span><span style="color:#323232;">    privileged: true\n
      </span><span style="color:#323232;">    image: 'jc21/nginx-proxy-manager:latest'\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - '80:80'\n
      </span><span style="color:#323232;">      - '81:81'\n
      </span><span style="color:#323232;">      - '443:443'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      DB_MYSQL_HOST: "nginx-db"\n
      </span><span style="color:#323232;">      DB_MYSQL_PORT: 3306\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/data:/data\n
      </span><span style="color:#323232;">      - /nginx/letsencrypt:/etc/letsencrypt\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  nginx-db:\n
      </span><span style="color:#323232;">    container_name: nginx-db\n
      </span><span style="color:#323232;">    image: 'jc21/mariadb-aria:latest'\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /nginx/mysql:/var/lib/mysql\n
      </span><span style="color:#323232;">\n
      </span><span style="color:#323232;">  vaultwarden:\n
      </span><span style="color:#323232;">    container_name: vaultwarden\n
      </span><span style="color:#323232;">    image: vaultwarden/server:latest\n
      </span><span style="color:#323232;">    restart: unless-stopped\n
      </span><span style="color:#323232;">    volumes:\n
      </span><span style="color:#323232;">      - /vaultwarden:/data/\n
      </span><span style="color:#323232;">    ports:\n
      </span><span style="color:#323232;">      - 8125:3012\n
      </span><span style="color:#323232;">      - 8124:80\n
      </span><span style="color:#323232;">    environment:\n
      </span><span style="color:#323232;">      - DOMAIN=https://vw.xxxxx.duckdns.org\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - LOGIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_MAX_BURST=10\n
      </span><span style="color:#323232;">      - ADMIN_RATELIMIT_SECONDS=60\n
      </span><span style="color:#323232;">      - ADMIN_TOKEN=\n
      </span><span style="color:#323232;">      - SENDS_ALLOWED=true\n
      </span><span style="color:#323232;">      - EMERGENCY_ACCESS_ALLOWED=true\n
      </span><span style="color:#323232;">      - WEB_VAULT_ENABLED=true\n
      </span><span style="color:#323232;">      - SIGNUPS_ALLOWED=true\n
      </span>\n
      ```\n
      \n
      I have forwarded the ports in the router.\n
      \n
      I have set up nginx the following:\n
      \n
      ![](https://lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)\n
      \n
      Issue is when I open the website, it will give me the error that hsts is enabled, even though I definitely did not check this option ( and I never did (today!).\n
      \n
      What is the reason for this?\n
      \n
      Do I have to set some sort of header?\n
      \n
      Same thing with vaultwarden, basically I set this up 1:1 except for the url whichi is vw.xxxxx.duckdns .org.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 15
    +favouriteCount: 30
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1709146727 {#2414
      date: 2024-02-28 19:58:47.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1884 …}
    +votes: Doctrine\ORM\PersistentCollection {#1973 …}
    +reports: Doctrine\ORM\PersistentCollection {#1959 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1927 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2442 …}
    +badges: Doctrine\ORM\PersistentCollection {#2440 …}
    +children: []
    -id: 25290
    -titleTs: "'duckdn':11 'ha':8 'help':1 'need':2 'nginx':5 'proxi':7 'revers':6 'set':3 'use':10 'vaultwarden':9"
    -bodyTs: "'/24':88 '/config':104 '/data':154,185 '/etc/letsencrypt':156 '/etc/localtime':105,106 '/home-assistant/home-assistant:stable':101 '/homeassistant':103 '/nginx/data':153 '/nginx/letsencrypt':155 '/nginx/mysql':170 '/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':245 '/var/lib/mysql':171 '/vaultwarden':184 '1':301,302 '10':198,207 '172.22.0.0':87 '192.168.178.214':74 '3012':188 '3306':151 '443':139,140 '5683':120,121 '60':202,211 '80':135,136,190 '81':137,138 '8123':75,118,119 '8124':189 '8125':187 'access':218 'account':51 'admin':203,208,212 'allow':215,219,226 'basic':296 'burst':197,206 'check':269 'clue':8 'configur':93 'contain':32,95,126,160,173 'db':142,147,148,159,164 'definit':266 'docker':31 'domain':192 'duckdn':50 'dyndn':61 'emerg':217 'enabl':223,262 'environ':141,168,191 'error':258 'even':263 'except':303 'expos':37 'extern':76 'follow':70,89,242 'forward':82,230 'fritzbox':57 'ghcr.io':100 'ghcr.io/home-assistant/home-assistant:stable':99 'give':255 'guy':2 'ha.xxxxx.duckdns.org':78 'header':291 'henc':16 'hey':1 'homeassist':38,68,71,92,94,97 'host':114,144 'hsts':260 'http':79 'im':14 'imag':98,131,165,176 'intern':72 'internet':43 'issu':246 'jc21/mariadb-aria':166 'jc21/nginx-proxy-manager':132 'kind':29 'latest':133,167,178 'lemmy.world':244 'lemmy.world/pictrs/image/534b7ad1-c10d-42a8-9da4-90e2aac4c67f.png)':243 'login':194,199 'manag':125 'max':196,205 'mode':113 'mysql':143,149 'name':96,127,161,174 'network':112 'never':274 'nginx':123,128,146,158,163,240 'nginx-db':145,157,162 'nginx-proxy-manag':122 'open':250 'option':271 'org':310 'port':117,134,150,186,232 'privileg':115,129 'proxi':86,124 'ratelimit':195,200,204,209 'reason':280 'restart':108,179 'ro':107 'router':56,235 'run':27 'second':201,210 'send':214 'set':47,62,65,238,287,298 'setup':54 'signup':225 'sort':289 'still':5 'stop':111,182 'stuff':13 'system':26 'thing':293 'though':264 'today':276 'token':213 'true':84,116,130,216,220,224,227 'trust':85 'ubuntu':25 'unless':110,181 'unless-stop':109,180 'updat':59 'url':73,77,306 'use':80 'vault':222 'vaultwarden':40,172,175,295 'vaultwarden/server':177 'volum':102,152,169,183 'vw.xxxxx.duckdns':309 'vw.xxxxx.duckdns.org':193 'want':35 'web':221 'websit':252 'whichi':307 'x':81"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1703803540
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10039683"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703717140 {#1793
      date: 2023-12-27 23:45:40.0 +01:00
    }
  }
  +magazine: App\Entity\Magazine {#265}
  +image: null
  +parent: App\Entity\EntryComment {#4424
    +user: App\Entity\User {#4270 …}
    +entry: App\Entity\Entry {#2419}
    +magazine: App\Entity\Magazine {#265}
    +image: null
    +parent: App\Entity\EntryComment {#4339
      +user: Proxies\__CG__\App\Entity\User {#1970 …}
      +entry: App\Entity\Entry {#2419}
      +magazine: App\Entity\Magazine {#265}
      +image: null
      +parent: App\Entity\EntryComment {#4257
        +user: App\Entity\User {#4270 …}
        +entry: App\Entity\Entry {#2419}
        +magazine: App\Entity\Magazine {#265}
        +image: null
        +parent: null
        +root: null
        +body: """
          What cert did you put on the proxy answering the inbound? Usually that error means either the browser doesn’t like the cert, or it’s connecting to 80, and modern browsers really fight you on that sometimes. Also, cache. Clear your cache if you’re bouncing between internal URL/IP and the public.\n
          \n
          I assume you just want to expose to internet to learn art of reverse. Otherwise there’s better ways.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1708785732 {#4252
          date: 2024-02-24 15:42:12.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Lobotomie@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#4258 …}
        +nested: Doctrine\ORM\PersistentCollection {#4260 …}
        +votes: Doctrine\ORM\PersistentCollection {#4262 …}
        +reports: Doctrine\ORM\PersistentCollection {#4264 …}
        +favourites: Doctrine\ORM\PersistentCollection {#4266 …}
        +notifications: Doctrine\ORM\PersistentCollection {#4268 …}
        -id: 258005
        -bodyTs: "'80':29 'also':39 'answer':9 'art':65 'assum':55 'better':71 'bounc':47 'browser':18,32 'cach':40,43 'cert':2,23 'clear':41 'connect':27 'doesn':19 'either':16 'error':14 'expos':60 'fight':34 'inbound':11 'intern':49 'internet':62 'learn':64 'like':21 'mean':15 'modern':31 'otherwis':68 'proxi':8 'public':53 'put':5 're':46 'realli':33 'revers':67 'sometim':38 'url/ip':50 'usual':12 'want':58 'way':72"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://infosec.pub/comment/5279971"
        +editedAt: null
        +createdAt: DateTimeImmutable @1703722390 {#4253
          date: 2023-12-28 01:13:10.0 +01:00
        }
      }
      +root: App\Entity\EntryComment {#4257}
      +body: "Mainly I want to expose it so I can access my stuff remotely. What would you recommend otherwise? Traefik looks alot more difficult to me from the get go but I haven’t tried it out yet (because I dont know where to start) Issue is just that I have a basic understanding about docker/ubuntu stuff now (or I know how to manipulate stuff like I want) but basically everything with Web and https is a big black hole for me which I can’t seem to grasp yet."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1703764823 {#4338
        date: 2023-12-28 13:00:23.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Lobotomie@lemmy.world"
        "@MSgtRedFox@infosec.pub"
      ]
      +children: Doctrine\ORM\PersistentCollection {#4342 …}
      +nested: Doctrine\ORM\PersistentCollection {#4347 …}
      +votes: Doctrine\ORM\PersistentCollection {#4343 …}
      +reports: Doctrine\ORM\PersistentCollection {#4349 …}
      +favourites: Doctrine\ORM\PersistentCollection {#4351 …}
      +notifications: Doctrine\ORM\PersistentCollection {#4353 …}
      -id: 259054
      -bodyTs: "'access':10 'alot':21 'basic':52,69 'big':77 'black':78 'difficult':23 'docker/ubuntu':55 'dont':40 'everyth':70 'expos':5 'get':28 'go':29 'grasp':88 'haven':32 'hole':79 'https':74 'issu':45 'know':41,60 'like':65 'look':20 'main':1 'manipul':63 'otherwis':18 'recommend':17 'remot':13 'seem':86 'start':44 'stuff':12,56,64 'traefik':19 'tri':34 'understand':53 'want':3,67 'web':72 'would':15 'yet':37,89"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6275470"
      +editedAt: null
      +createdAt: DateTimeImmutable @1703764823 {#4335
        date: 2023-12-28 13:00:23.0 +01:00
      }
    }
    +root: App\Entity\EntryComment {#4257}
    +body: """
      Yeah, it’s a lot. It’s a very large field, and you’re playing in two or three areas here.\n
      \n
      Look at a couple of overlay options. ZeroTier is the one I remember off top of my head. There are others, Google alternatives. These use a coordination server. Some are a hosted service, but there’s some that you host yourself. These are supposed to be pretty easy. You watch a couple of videos on these, I bet you’re be fine.\n
      \n
      Wire guard offers more traditional VPN. You can tunnel your device back to your network. Some routers offer a VPN option. There’s open sense, ddwrt, etc. Again, lots of videos.\n
      \n
      Since you said you mostly wanted remote access, I strongly suggest not opening services to public and use VPN.\n
      \n
      You can still learn reverse proxy too, but just do it internally, even though it wouldn’t technically be needed. This will be much safer and learner friendly.\n
      \n
      I have ridiculous amounts of services running, but I use gateway router VPN to access most of them.
      """
    +lang: "en"
    +isAdult: false
    +favouriteCount: 2
    +score: 0
    +lastActive: DateTime @1703767493 {#4422
      date: 2023-12-28 13:44:53.0 +01:00
    }
    +ip: null
    +tags: null
    +mentions: [
      "@Lobotomie@lemmy.world"
      "@MSgtRedFox@infosec.pub"
    ]
    +children: Doctrine\ORM\PersistentCollection {#4425 …}
    +nested: Doctrine\ORM\PersistentCollection {#4427 …}
    +votes: Doctrine\ORM\PersistentCollection {#4429 …}
    +reports: Doctrine\ORM\PersistentCollection {#4431 …}
    +favourites: Doctrine\ORM\PersistentCollection {#4433 …}
    +notifications: Doctrine\ORM\PersistentCollection {#4435 …}
    -id: 259152
    -bodyTs: "'access':122,176 'altern':44 'amount':165 'area':20 'back':95 'bet':79 'coordin':48 'coupl':25,73 'ddwrt':109 'devic':94 'easi':69 'etc':110 'even':146 'field':11 'fine':83 'friend':161 'gateway':172 'googl':43 'guard':85 'head':39 'host':53,61 'intern':145 'larg':10 'learn':137 'learner':160 'look':22 'lot':5,112 'most':119 'much':157 'need':153 'network':98 'offer':86,101 'one':32 'open':107,127 'option':28,104 'other':42 'overlay':27 'play':15 'pretti':68 'proxi':139 'public':130 're':14,81 'rememb':34 'remot':121 'revers':138 'ridicul':164 'router':100,173 'run':168 'safer':158 'said':117 'sens':108 'server':49 'servic':54,128,167 'sinc':115 'still':136 'strong':124 'suggest':125 'suppos':65 'technic':151 'though':147 'three':19 'top':36 'tradit':88 'tunnel':92 'two':17 'use':46,132,171 'video':75,114 'vpn':89,103,133,174 'want':120 'watch':71 'wire':84 'wouldn':149 'yeah':1 'zeroti':29"
    +ranking: 0
    +commentCount: 0
    +upVotes: 0
    +downVotes: 0
    +visibility: "visible             "
    +apId: "https://infosec.pub/comment/5285763"
    +editedAt: null
    +createdAt: DateTimeImmutable @1703767493 {#4423
      date: 2023-12-28 13:44:53.0 +01:00
    }
  }
  +root: App\Entity\EntryComment {#4257}
  +body: "using a vpn or similar is not really an option as I have famiy members accessing it and I dont want to always connect using a vpn just for example to open my garage or accessing my shopping list. Security wise I just use 2FA so I dont think thats the issue."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1703791148 {#4473
    date: 2023-12-28 20:19:08.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Lobotomie@lemmy.world"
    "@MSgtRedFox@infosec.pub"
  ]
  +children: Doctrine\ORM\PersistentCollection {#4477 …}
  +nested: Doctrine\ORM\PersistentCollection {#4482 …}
  +votes: Doctrine\ORM\PersistentCollection {#4478 …}
  +reports: Doctrine\ORM\PersistentCollection {#4484 …}
  +favourites: Doctrine\ORM\PersistentCollection {#4486 …}
  +notifications: Doctrine\ORM\PersistentCollection {#4488 …}
  -id: 260145
  -bodyTs: "'2fa':45 'access':16,36 'alway':23 'connect':24 'dont':20,48 'exampl':30 'famiy':14 'garag':34 'issu':52 'list':39 'member':15 'open':32 'option':10 'realli':8 'secur':40 'shop':38 'similar':5 'that':50 'think':49 'use':1,25,44 'vpn':3,27 'want':21 'wise':41"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6280927"
  +editedAt: null
  +createdAt: DateTimeImmutable @1703791148 {#4470
    date: 2023-12-28 20:19:08.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS DENIED 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details
65 DENIED edit 
App\Entity\Magazine {#265
  +icon: Proxies\__CG__\App\Entity\Image {#246 …}
  +name: "selfhosted@lemmy.world"
  +title: "selfhosted"
  +description: """
    A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.\n
    \n
    Rules:\n
    \n
    - Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.\n
    - No spam posting.\n
    - Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.\n
    - Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).\n
    - No trolling.\n
    \n
    Resources:\n
    \n
    - [awesome-selfhosted software](https://github.com/awesome-selfhosted/awesome-selfhosted)\n
    - [awesome-sysadmin](https://github.com/awesome-foss/awesome-sysadmin) resources\n
    - [Self-Hosted Podcast from Jupiter Broadcasting](https://selfhosted.show)\n
    \n
    &gt; Any issues on the community? Report it using the report flag.\n
    \n
    &gt; Questions? DM the mods!
    """
  +rules: null
  +subscriptionsCount: 1
  +entryCount: 222
  +entryCommentCount: 3916
  +postCount: 0
  +postCommentCount: 0
  +isAdult: false
  +customCss: null
  +lastActive: DateTime @1729582735 {#275
    date: 2024-10-22 09:38:55.0 +02:00
  }
  +markedForDeletionAt: null
  +tags: null
  +moderators: Doctrine\ORM\PersistentCollection {#237 …}
  +ownershipRequests: Doctrine\ORM\PersistentCollection {#233 …}
  +moderatorRequests: Doctrine\ORM\PersistentCollection {#222 …}
  +entries: Doctrine\ORM\PersistentCollection {#180 …}
  +posts: Doctrine\ORM\PersistentCollection {#138 …}
  +subscriptions: Doctrine\ORM\PersistentCollection {#200 …}
  +bans: Doctrine\ORM\PersistentCollection {#117 …}
  +reports: Doctrine\ORM\PersistentCollection {#103 …}
  +badges: Doctrine\ORM\PersistentCollection {#81 …}
  +logs: Doctrine\ORM\PersistentCollection {#71 …}
  +awards: Doctrine\ORM\PersistentCollection {#1346 …}
  +categories: Doctrine\ORM\PersistentCollection {#1823 …}
  -id: 120
  +apId: "selfhosted@lemmy.world"
  +apProfileId: "https://lemmy.world/c/selfhosted"
  +apPublicUrl: "https://lemmy.world/c/selfhosted"
  +apFollowersUrl: "https://lemmy.world/c/selfhosted/followers"
  +apInboxUrl: "https://lemmy.world/inbox"
  +apDomain: "lemmy.world"
  +apPreferredUsername: "selfhosted"
  +apDiscoverable: true
  +apManuallyApprovesFollowers: null
  +privateKey: null
  +publicKey: null
  +apFetchedAt: DateTime @1703473826 {#269
    date: 2023-12-25 04:10:26.0 +01:00
  }
  +apDeletedAt: null
  +apTimeoutAt: null
  +visibility: "visible             "
  +createdAt: DateTimeImmutable @1703473826 {#271
    date: 2023-12-25 04:10:26.0 +01:00
  }
}
 
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\EntryVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MagazineVoter"
 ACCESS DENIED 
"App\Security\Voter\MessageThreadVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\MessageVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\NotificationVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\OAuth2UserConsentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostCommentVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\PostVoter"
 ACCESS ABSTAIN 
"App\Security\Voter\UserVoter"
 ACCESS ABSTAIN
Show voter details