How do I set up reverse-proxy for Tunarr

"How Do I...?"
, ,
1

What I’m trying to do:
Tunarr is an IPTV app that does not have a default auth built in to it. I would like to use my IPTV service when leaving my home, however I do not want to just expose this service to the web without protection. There are recommendations for using OIDC to secure the interface and leave just the api endpoints without auth.

Where I’m stuck:
I’m trying to get a basic reverse-proxy working to secure the main ui and leave the api endpoints unprotected but I cant even serve the assets to give me a view of the UI

What I’ve already tried:
Here is the docker-compose I use to host Tunarr:

tunarr:
   container_name: tunarr
   image: chrisbenincasa/tunarr:latest-nvidia
   ports:
     - 23478:8000
   runtime: nvidia
   environment:
     - LOG_LEVEL=${TUNARR_LOG_LEVEL:-INFO}
     - TZ=America/Chicago
     - NVIDIA_VISIBLE_DEVICES=all
     - TUNARR_SERVER_TRUST_PROXY=true
   volumes:
     - /home/miller/Docker/tunarr:/config/tunarr
   privileged: true
   restart: unless-stopped
   build:
     context: ..
     dockerfile: docker/nvidia/Dockerfile
   deploy:
     resources:
       reservations:
         devices:
           - driver: nvidia
             count: 1
             capabilities: [gpu]

Here is my tunarr.conf for my nginx instance:

location ^~ /tunarr/ {
    proxy_pass http://127.0.0.1:23478/web;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;

    auth_basic "What's the password?";
    auth_basic_user_file /etc/htpasswd.d/htpasswd.miller;
}

Here are my logs for trying to access using the /tunarr/ endpoint that I’ve set up:

192.168.1.76 - miller [25/May/2025:14:51:55 -0500] "GET /tunarr/ HTTP/2.0" 200 310 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Gecko/20100101 Firefox/138.0"
192.168.1.76 - miller [25/May/2025:14:51:55 -0500] "GET /web/assets/index-Dlye0elR.js HTTP/2.0" 404 173 "https://192.168.1.74/tunarr/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Gecko/20100101 Firefox/138.0"
192.168.1.76 - miller [25/May/2025:14:51:55 -0500] "GET /web/assets/index-BwGHPUE0.css HTTP/2.0" 404 173 "https://192.168.1.74/tunarr/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Gecko/20100101 Firefox/138.0"