Adguard Home Dashboard shows "Client sent an HTTP request to an HTTPS server." only

[quyleanh]

I'm running Adguard Home with docker-compose file. The config is following:

version: "3"                                                                                                                                               
services:                                                                                                                                                  
  adguardhome:                                                                                                                                             
    image: adguard/adguardhome                                                                                                                             
    container_name: adguardhome                                                                                                                            
    ports:                                                                                                                                                 
      - 53:53/tcp                                                                                                                                          
      - 53:53/udp                                                                                                                                          
      - 784:784/udp                                                                                                                                        
      - 853:853/tcp                                                                                                                                        
      - 3000:3000/tcp                                                                                                                                      
      - 3080:80/tcp                                                                                                                                        
      - 3443:443/tcp                                                                                                                                       
      - 3443:443/udp                                                                                                                                       
    volumes:                                                                                                                                               
      - ./workdir:/opt/adguardhome/work                                                                                                                    
      - ./confdir:/opt/adguardhome/conf                                                                                                                    
    restart: unless-stopped                                                                                                                                
    networks:                                                                                                                                              
      agh_net:                                                                                                                                             
        ipv4_address: 172.18.0.2                                                                                                                           
                                                                                                                                                           
networks:                                                                                                                                                  
  agh_net:                                                                                                                                                 
    driver: bridge                                                                                                                                         
    ipam:                                                                                                                                                  
      driver: default                                                                                                                                      
      config:                                                                                                                                              
        - subnet: 172.18.0.1/16

I setup initially with port 3000 and Adguard Home is running well in internal network.

When I come to encryption to take advantage of DoH, DoT with a domain like sub.example.com. I change port 80 to 3080, port 443 to 3443 to reserve default http and https port (80 and 443) for my webserver.

The DoT work well with port 853 default. However I have to use port 3443 to access Adguard Home dashboard as well as DoH.

Since I want to config nginx to access Adguard Home dashboard directly through port 443 by just entering sub.example.com instead of sub.example.com:3443, I use the following config in nginx.

location / {
  proxy_pass http://127.0.0.1:3443;
  proxy_redirect / /;
  proxy_cookie_path / /;
}

as How to configure a reverse proxy server for AdGuard Home? wiki instruction.
However, when ever I access to sub.example.com, the Client sent an HTTP request to an HTTPS server. appears on brower.

How can I config nginx to achieve my purpose? Thank you.

[ainar-g]

@quyleanh, if your Nginx deals with the TLS stuff, you should enable allow_unencrypted_doh in the configuration file and point Nginx at the plain HTTP port, not the HTTPS one.

[quyleanh]

Thank you for your response.

As your suggest, I've tried the following configs but none of them works.

    proxy_pass http://127.0.0.1:80;
    proxy_pass http://127.0.0.1:3080;
    proxy_pass http://172.18.0.1:3080;
    proxy_pass http://172.18.0.1:80;
    proxy_pass http://172.18.0.2:3080;
    proxy_pass http://172.18.0.2:80;

[quyleanh]

My mistake when using http://127.0.0.1:3443; instead of https://127.0.0.1:3443. Now it's working fine.