Issue proxying Firefly III (Docker) via nginx - 502 Bad Gateway

My issue:
I’m trying to reverse proxy Firefly III (running in Docker) using nginx (also in Docker), but I’m getting a 502 Bad Gateway when accessing the app through nginx on port 80. Direct access via the exposed port works fine.

How I encountered the problem:
After deploying Firefly III in Docker, I set up an nginx container to reverse proxy it. Accessing http://my_vps_ip_address:8000 works as expected (this is Firefly directly). But accessing http://my_vps_ip_address (which hits nginx on port 80) results in a 502 error. Both containers are in the same Docker network, and nginx is configured to proxy to http://firefly:8000.

Solutions I’ve tried:

• Verified Firefly is running and accessible via my_vps_ip_address:8000
• Confirmed that both containers are in the same custom Docker network
• Used container name firefly in the nginx proxy_pass directive
• Tried restarting both containers

Still, nginx returns a 502 Bad Gateway.

My config:

nginx.conf (simplified)

http {
    server {
        listen 80;
        server_name my_vps_ip_address;

        location / {
            proxy_pass http://firefly:8000;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        proxy_buffering off;
        proxy_buffer_size 16k;
        proxy_busy_buffers_size 24k;
        proxy_buffers 64 4k;
    }
}

docker-compose.yml (excerpt)

services:
  nginx:
    image: nginx:latest
    container_name: nginx
    restart: always
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
    ports:
      - "80:80"
    networks:
      - firefly_iii
    depends_on:
      - firefly

  firefly:
    image: fireflyiii/core:latest
    container_name: firefly
    restart: always
    networks:
      - firefly_iii
    ports:
      - "8000:8080"
    env_file: .env

networks:
  firefly_iii:
    driver: bridge

Any insights into what might be causing the 502 or how to properly connect nginx to a Docker service on the same network would be greatly appreciated. Thanks!

The most likely problem is a port mismatch between your Nginx configuration and your actual Firefly III container. In your docker-compose.yml, Firefly III exposes port 8080 internally, but your Nginx is trying to connect to port 8000.

If the firefly app is available on my_vps_ip_address:8000, you would want to use that in the proxy_pass directive. I am assuming that NGINX is unable to properly resolve the firefly hostname, which would cause this sort of error.

Thanks for your response. From my understanding, it would be required to use the internal name and not the public ip address because after nginx works, I would like to disable the my_vps_ip_address:8000 port reveal and allow access only using :80 or :443 later on. I’m wondering why the hostname cannot be resolved, I put them in the same network. Also when using the my_vps_ip_address, it results in a 504 Gateway Timeout. Currently I cannot grasp why.

Thank you for your response. I tried using 8080, but this also results in 502 Bad Gateway unfortunately.

Try running these inside the nginx container:

curl -v http://firefly:8000
curl -v http://firefly:8080

8000 did not work (Connection refused)

8080 did work (302 Found)

It seems like 8080 would be correct than, that is a good learning. However it still says 502 Bad Gateway when using 8080 despite having http://firefly:8080 in nginx config. I also tried 172.18.0.4:8080 now, this is the internal ip address presented by curl. But this does not work as well unfortunately.

Try this now:

set $upstream_firefly "firefly";
proxy_pass http://$upstream_firefly:8080;

When you were testing on port 8080, was that on the nginx node? it seems like this is a connectivity issue between the nginx node and the application.

Yes I tested it using

sudo docker exec -it 775484b6576f sh

and then used curl commands. So I did this in nginx container.

I tried but it still says Bad Gateway.

What does the logs says for both nginx and firefly containers?

Firefly:

+------------------------------------------------------------------------------+
|                                                                              |
| Thank you for installing Firefly III, v6.2.12!                               |
| There are no extra installation instructions.                                |
| Firefly III should be ready for use.                                         |
|                                                                              |
| Did you know you can support the development of Firefly III?                 |
| You can donate in many ways, like GitHub Sponsors or Patreon.                |
| For more information, please visit https://bit.ly/donate-to-Firefly-III      |
|                                                                              |
+------------------------------------------------------------------------------+
[01-May-2025 22:48:50] NOTICE: fpm is running, pid 166
[01-May-2025 22:48:50] NOTICE: ready to handle connections
✅ NGINX + PHP-FPM is running correctly.

nginx:

2025/05/01 20:58:57 [error] 22#22: *5 no resolver defined to resolve firefly, client: IP_ADDRESS, server: SERVER_IP_ADDRESS, request: "GET / HTTP/1.1", host: "SERVER_IP_ADDRESS"
IP_ADDRESS - - [01/May/2025:20:58:57 +0000] "GET / HTTP/1.1" 502 157 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0"

Seems like I have to define a resolver, how do I define that?

@ServiceGuards I added

resolver 127.0.0.11;

which seems to be Docker-specific, to http in NGINX config.

Now this error occurs:

2025/05/01 21:02:41 [error] 22#22: *1 connect() failed (111: Connection refused) while connecting to upstream, client: CLIENT_ADDRESS, server: SERVER_ADDRESS, request: "GET / HTTP/1.1", upstream: "http://172.18.0.4:8080/", host: "SERVER_ADDRESS"
CLIENT_ADDRESS - - [01/May/2025:21:02:41 +0000] "GET /favicon.ico HTTP/1.1" 499 0 "http://SERVER_ADDRESS/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0"

Try these commands:

docker exec -it nginx curl -v -H "Host: localhost:8080" http://firefly:8080
docker exec -it nginx curl -v -H "Host: firefly:8080" http://firefly:8080
docker exec -it nginx curl -v -H "Host: my_vps_ip_address" http://firefly:8080
docker exec -it nginx curl -v -H "Host: my_vps_ip_address:8000" http://firefly:8080

Each of them returns this:

*   Trying 172.18.0.4:8080...
* Connected to firefly (172.18.0.4) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.88.1
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx
< Content-Type: text/html; charset=utf-8
...

For me that looks like it should work but does not while it seems to be found though

I used another browser and now I was able to connect. Seems to be working now! So the problem was the resolver resolver 127.0.0.11; I think. Thank you a lot for your help so far!