SWAG not working with hostnames

anthropoidape · 7 May 2025 21:06

Hi, I am sure I am missing something simple here.

I have had SWAG working on my unraid server for a long time now, with fail2ban and geoblocking working. There is one thing I cannot get to work - my proxy-conf files will work if they refer to an upstream app by IP, but not by hostname.

I will use Searxng as an example.

SWAG and Mealie are both in the same custom docker network. Mealie has hostname “searx” and SWAG is “swag”.

If I open a console in the SWAG container I can “ping searx” and get a response. So SWAG can clearly see that hostname.

In the proxy-conf files, searx.subdomain.conf works/doesn’t work as follows:

WORKS (LAN IP:port):


    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 192.168.0.10;
        set $upstream_port 8622;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
        proxy_max_temp_file_size 2048m;
    }

WORKS (container IP:port):

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 172.18.0.5;
        set $upstream_port 8080;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
        proxy_max_temp_file_size 2048m;
    }

502 FAIL (container hostname:port)

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app searx;
        set $upstream_port 8080;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
        proxy_max_temp_file_size 2048m;
    }

Pinging “searx” works as follows:

root@bc3a264fd046:/# ping searx
PING searx (172.18.0.5): 56 data bytes
64 bytes from 172.18.0.5: seq=0 ttl=64 time=0.112 ms
64 bytes from 172.18.0.5: seq=1 ttl=64 time=0.052 ms
64 bytes from 172.18.0.5: seq=2 ttl=64 time=0.049 ms
^C
--- searx ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.049/0.071/0.112 ms
root@bc3a264fd046:/#

When I first set SWAG up, it took some effort, so it is possible I messed with some conf files in ways I don’t remember.

Am I correct that NGINX should be able to just use the hostname “searx” identically to the container IP address?

j0nnymoe · 7 May 2025 21:10

Post your docker run’s for SWAG and searx, should show the problem.

anthropoidape · 7 May 2025 22:00

Thank you.

SWAG:

docker run
  -d
  --name='swag'
  --net='swagnet'
  --pids-limit 2048
  -e TZ="Australia/Sydney"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="Lemur"
  -e HOST_CONTAINERNAME="swag"
  -e 'EMAIL'='*****@******.com'
  -e 'URL'='******.***'
  -e 'SUBDOMAINS'='wildcard'
  -e 'ONLY_SUBDOMAINS'='true'
  -e 'VALIDATION'='dns'
  -e 'DNSPLUGIN'='porkbun'
  -e 'EXTRA_DOMAINS'=''
  -e 'STAGING'='false'
  -e 'PROPAGATION'=''
  -e 'DOCKER_MODS'='linuxserver/mods:swag-dashboard'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='https://[IP]:[PORT:443]'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver-ls-logo.png'
  -p '82:81/tcp'
  -p '8213:443/tcp'
  -v '/mnt/cache/appdata/swag':'/config':'rw'
  -v '/mnt/cache/appdata/syslog/':'/log':'rw'
  -v '/mnt/user/appdata/mealiev1':'/log-mealie':'rw'
  -v '/mnt/user/appdata/overseerr/logs':'/log-overseerr':'rw'
  -v '/mnt/user/nextcloud/':'/log-nextcloud':'rw'
  -v '/mnt/user/syslog_server/':'/log-syslog_server':'rw'
  --cap-add=NET_ADMIN 'linuxserver/swag'

SEARX:

docker run
  -d
  --name='searx'
  --net='swagnet'
  --pids-limit 2048
  -e TZ="Australia/Sydney"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="Lemur"
  -e HOST_CONTAINERNAME="searx"
  -e 'INSTANCE_NAME'='Search'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:8080]/'
  -l net.unraid.docker.icon='https://github.com/kilrah/unraid-docker-templates/raw/main/icons/searxng.png'
  -p '8622:8080/tcp'
  -v '/mnt/user/appdata/searxng/':'/etc/searxng':'rw' 'searxng/searxng'

nb - it’s not just searx, it is all containers. They can see each other (eg authentik can connect to postgres by hostname) except for nginx.

j0nnymoe · 7 May 2025 22:08

Are you changing the ports in the proxy conf files as well?

j0nnymoe · 7 May 2025 22:08

wait hang on, what’s the /config/nginx/resolver.conf file look like?

anthropoidape · 7 May 2025 22:13

In the proxy-conf files, as in my first post. Lan port for lan ip, container port for container ip and container name.

As for resolver.conf - is this the right one? To my recollection I never altered it from what was automatically generated.

/swag/nginx/resolver.conf

# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.

resolver  8.8.8.8 8.8.4.4 198.142.235.14 valid=30s;

Thanks for your time.

j0nnymoe · 7 May 2025 22:13

Delete that file and let it re-generate. it seems like you must’ve started swag with host networking at some point.

anthropoidape · 7 May 2025 22:17

Thank you. Yes, you are correct, I am pretty sure I try running host networking at some stage.

resolver.conf has been recreated:

resolver  127.0.0.11 valid=30s;

… and using the container name now appears to be working.

Much appreciated!

system · 12 May 2025 22:17

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.