Issue proxying Firefly III (Docker) via nginx - 502 Bad Gateway

My issue:
I’m trying to reverse proxy Firefly III (running in Docker) using nginx (also in Docker), but I’m getting a 502 Bad Gateway when accessing the app through nginx on port 80. Direct access via the exposed port works fine.

How I encountered the problem:
After deploying Firefly III in Docker, I set up an nginx container to reverse proxy it. Accessing http://my_vps_ip_address:8000 works as expected (this is Firefly directly). But accessing http://my_vps_ip_address (which hits nginx on port 80) results in a 502 error. Both containers are in the same Docker network, and nginx is configured to proxy to http://firefly:8000.

Solutions I’ve tried:

  • Verified Firefly is running and accessible via my_vps_ip_address:8000
  • Confirmed that both containers are in the same custom Docker network
  • Used container name firefly in the nginx proxy_pass directive
  • Tried restarting both containers

Still, nginx returns a 502 Bad Gateway.

My config:

nginx.conf (simplified)

http {
    server {
        listen 80;
        server_name my_vps_ip_address;

        location / {
            proxy_pass http://firefly:8000;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        proxy_buffering off;
        proxy_buffer_size 16k;
        proxy_busy_buffers_size 24k;
        proxy_buffers 64 4k;
    }
}

docker-compose.yml (excerpt)

services:
  nginx:
    image: nginx:latest
    container_name: nginx
    restart: always
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
    ports:
      - "80:80"
    networks:
      - firefly_iii
    depends_on:
      - firefly

  firefly:
    image: fireflyiii/core:latest
    container_name: firefly
    restart: always
    networks:
      - firefly_iii
    ports:
      - "8000:8080"
    env_file: .env

networks:
  firefly_iii:
    driver: bridge

Any insights into what might be causing the 502 or how to properly connect nginx to a Docker service on the same network would be greatly appreciated. Thanks!

2 Likes

The most likely problem is a port mismatch between your Nginx configuration and your actual Firefly III container. In your docker-compose.yml, Firefly III exposes port 8080 internally, but your Nginx is trying to connect to port 8000.

2 Likes

If the firefly app is available on my_vps_ip_address:8000, you would want to use that in the proxy_pass directive. I am assuming that NGINX is unable to properly resolve the firefly hostname, which would cause this sort of error.

1 Like

Thanks for your response. From my understanding, it would be required to use the internal name and not the public ip address because after nginx works, I would like to disable the my_vps_ip_address:8000 port reveal and allow access only using :80 or :443 later on. I’m wondering why the hostname cannot be resolved, I put them in the same network. Also when using the my_vps_ip_address, it results in a 504 Gateway Timeout. Currently I cannot grasp why.

Thank you for your response. I tried using 8080, but this also results in 502 Bad Gateway unfortunately.

Try running these inside the nginx container:

curl -v http://firefly:8000
curl -v http://firefly:8080

8000 did not work (Connection refused)

8080 did work (302 Found)

It seems like 8080 would be correct than, that is a good learning. However it still says 502 Bad Gateway when using 8080 despite having http://firefly:8080 in nginx config. I also tried 172.18.0.4:8080 now, this is the internal ip address presented by curl. But this does not work as well unfortunately.

Try this now:

set $upstream_firefly "firefly";
proxy_pass http://$upstream_firefly:8080;
1 Like

When you were testing on port 8080, was that on the nginx node? it seems like this is a connectivity issue between the nginx node and the application.

2 Likes

Yes I tested it using

sudo docker exec -it 775484b6576f sh

and then used curl commands. So I did this in nginx container.

I tried but it still says Bad Gateway. :thinking:

What does the logs says for both nginx and firefly containers?

Firefly:

+------------------------------------------------------------------------------+
|                                                                              |
| Thank you for installing Firefly III, v6.2.12!                               |
| There are no extra installation instructions.                                |
| Firefly III should be ready for use.                                         |
|                                                                              |
| Did you know you can support the development of Firefly III?                 |
| You can donate in many ways, like GitHub Sponsors or Patreon.                |
| For more information, please visit https://bit.ly/donate-to-Firefly-III      |
|                                                                              |
+------------------------------------------------------------------------------+
[01-May-2025 22:48:50] NOTICE: fpm is running, pid 166
[01-May-2025 22:48:50] NOTICE: ready to handle connections
✅ NGINX + PHP-FPM is running correctly.

nginx:

2025/05/01 20:58:57 [error] 22#22: *5 no resolver defined to resolve firefly, client: IP_ADDRESS, server: SERVER_IP_ADDRESS, request: "GET / HTTP/1.1", host: "SERVER_IP_ADDRESS"
IP_ADDRESS - - [01/May/2025:20:58:57 +0000] "GET / HTTP/1.1" 502 157 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0"

Seems like I have to define a resolver, how do I define that?

@ServiceGuards I added

resolver 127.0.0.11;

which seems to be Docker-specific, to http in NGINX config.

Now this error occurs:

2025/05/01 21:02:41 [error] 22#22: *1 connect() failed (111: Connection refused) while connecting to upstream, client: CLIENT_ADDRESS, server: SERVER_ADDRESS, request: "GET / HTTP/1.1", upstream: "http://172.18.0.4:8080/", host: "SERVER_ADDRESS"
CLIENT_ADDRESS - - [01/May/2025:21:02:41 +0000] "GET /favicon.ico HTTP/1.1" 499 0 "http://SERVER_ADDRESS/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0"

Try these commands:

docker exec -it nginx curl -v -H "Host: localhost:8080" http://firefly:8080
docker exec -it nginx curl -v -H "Host: firefly:8080" http://firefly:8080
docker exec -it nginx curl -v -H "Host: my_vps_ip_address" http://firefly:8080
docker exec -it nginx curl -v -H "Host: my_vps_ip_address:8000" http://firefly:8080

Each of them returns this:

*   Trying 172.18.0.4:8080...
* Connected to firefly (172.18.0.4) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.88.1
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx
< Content-Type: text/html; charset=utf-8
...

For me that looks like it should work but does not while it seems to be found though

1 Like

I used another browser and now I was able to connect. Seems to be working now! So the problem was the resolver resolver 127.0.0.11; I think. Thank you a lot for your help so far!

2 Likes