How do I set up reverse-proxy for Tunarr

Projects NGINX
, , ,
1

What I’m trying to do:
Tunarr is an IPTV app that does not have a default auth built in to it. I would like to use my IPTV service when leaving my home, however I do not want to just expose this service to the web without protection. There are recommendations for using OIDC to secure the interface and leave just the api endpoints without auth.

Where I’m stuck:
I’m trying to get a basic reverse-proxy working to secure the main ui and leave the api endpoints unprotected but I cant even serve the assets to give me a view of the UI

What I’ve already tried:
Here is the docker-compose I use to host Tunarr:

tunarr:
   container_name: tunarr
   image: chrisbenincasa/tunarr:latest-nvidia
   ports:
     - 23478:8000
   runtime: nvidia
   environment:
     - LOG_LEVEL=${TUNARR_LOG_LEVEL:-INFO}
     - TZ=America/Chicago
     - NVIDIA_VISIBLE_DEVICES=all
     - TUNARR_SERVER_TRUST_PROXY=true
   volumes:
     - /home/miller/Docker/tunarr:/config/tunarr
   privileged: true
   restart: unless-stopped
   build:
     context: ..
     dockerfile: docker/nvidia/Dockerfile
   deploy:
     resources:
       reservations:
         devices:
           - driver: nvidia
             count: 1
             capabilities: [gpu]

Here is my tunarr.conf for my nginx instance:

location ^~ /tunarr/ {
    proxy_pass http://127.0.0.1:23478/web;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;

    auth_basic "What's the password?";
    auth_basic_user_file /etc/htpasswd.d/htpasswd.miller;
}

Here are my logs for trying to access using the /tunarr/ endpoint that I’ve set up:

192.168.1.76 - miller [25/May/2025:14:51:55 -0500] "GET /tunarr/ HTTP/2.0" 200 310 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Gecko/20100101 Firefox/138.0"
192.168.1.76 - miller [25/May/2025:14:51:55 -0500] "GET /web/assets/index-Dlye0elR.js HTTP/2.0" 404 173 "https://192.168.1.74/tunarr/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Gecko/20100101 Firefox/138.0"
192.168.1.76 - miller [25/May/2025:14:51:55 -0500] "GET /web/assets/index-BwGHPUE0.css HTTP/2.0" 404 173 "https://192.168.1.74/tunarr/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Gecko/20100101 Firefox/138.0"
2

Heya! I am not familiar with Tunarr, but from what I am seeing in your logs the relevant JS/CSS files are not being found by NGINX. Are they in that location (/web/assets/) in your container? Also, does Tunarr contain its own web server or is NGINX supposed to be the web server? The logs seem to be hinting at NGINX being used to host Tunarr given the requests for JS/CSS files. Finally, I would suggest asking in any Tunarr community channels and see if they have any suggestions since there might be some specific implementation details to get it running on NGINX :slightly_smiling_face: