When running Yet Another WhosAtMyFeeder (YA-WAMF) behind a reverse proxy, specific configurations are required to ensure the Live Status (Server-Sent Events) and Video Playback features work correctly without disconnection or buffering issues.
Warning
The monolithic container (yawamf-monalithic) is the recommended deployment. New installs should use the monolithic examples on this page. The split yawamf-frontend + yawamf-backend path is legacy and kept only for existing installs that have not yet migrated.
YA-WAMF supports two proxy layouts:
- Monolithic (recommended):
yawamf-monalithic:8080— one container, one upstream - Legacy split:
yawamf-frontend:80plusyawamf-backend:8000— two containers
Use the monolithic examples below for new installs. Only use the split upstreams if you are still running the old two-container stack and have not yet migrated.
- Support for Server-Sent Events (SSE): Buffering must be disabled, and timeouts must be increased.
- Long-Lived Connections: The backend heartbeat is 20s. Proxy timeouts should be >60s.
- Correct Headers:
Host,X-Forwarded-For, andX-Forwarded-Protomust be passed correctly to avoid "Authentication enabled over HTTP" warnings.
If you are using Cloudflare Tunnel (cloudflared), use these settings to prevent "unexpected EOF" or stream cancellations.
- Service:
http://yawamf-monalithic:8080(or your internal IP/Hostname) - HTTP Host Header:
your-public-domain.com(e.g.,yetanotherwhosatmyfeeder.pownet.uk)- Critical: Must match your public domain exactly. Do not duplicate it.
| Setting | Value | Reason |
|---|---|---|
| No Chunked Encoding | Off (Disabled) | CRITICAL: SSE requires chunked encoding. Enabling this will break the stream. |
| Idle Timeout | 120s |
Prevents Cloudflare from closing the stream during silence between heartbeats (20s). |
| TCP Keep-Alive | 15s |
Keeps the underlying tunnel socket active. |
| Connect Timeout | 30s |
Standard timeout. |
In Nginx Proxy Manager, standard UI settings are not enough for SSE. You must use the Advanced tab.
- Websockets Support: Enabled
- Block Common Exploits: Enabled
- Force SSL: Enabled (or Disabled if Cloudflare handles it, to avoid redirect loops)
- HTTP/2 Support: Enabled (Highly Recommended for SSE performance)
- HSTS: Enabled
Paste this entire block into the "Custom Nginx Configuration" box for the monolithic deployment. This handles SSE, video clips, and correct header forwarding while using a resolver to prevent stale DNS cache issues.
# Docker DNS Resolver (Required for dynamic container resolution)
resolver 127.0.0.11 valid=30s;
set $app_upstream yawamf-monalithic;
# Global Timeout Increase
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
# 1. Server-Sent Events (SSE) - Live Status Stream
location /api/sse {
proxy_pass http://$app_upstream:8080;
# Connection Settings
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding on;
# Critical: Disable Buffering
proxy_buffering off;
proxy_cache off;
proxy_set_header X-Accel-Buffering no;
# Extended Timeouts
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
# Headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
}
# 2. Video Clips (Optimized for large files)
location ~ ^/api/frigate/.+/clip\.mp4$ {
proxy_pass http://$app_upstream:8080;
# Enable Buffering for Performance
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 8 256k;
proxy_busy_buffers_size 512k;
# Reasonable Timeout
proxy_read_timeout 300s;
proxy_send_timeout 300s;
client_max_body_size 0;
# Headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
}
# 3. API Routes
location /api/ {
proxy_pass http://$app_upstream:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_http_version 1.1;
}
# 4. Root / Main App
location / {
proxy_pass http://$app_upstream:8080;
# Ensure backend sees "https" even if proxy terminates SSL
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
# Standard NPM inclusions
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}If you are still on the legacy split deployment, keep the old two-upstream pattern:
/->yawamf-frontend:80/api/*->yawamf-backend:8000
If you are writing a raw nginx.conf:
server {
listen 80;
server_name your-domain.com;
# ... SSL settings ...
location /api/sse {
proxy_pass http://yawamf-monalithic:8080;
# SSE Required Settings
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_cache off;
chunked_transfer_encoding on;
# Timeouts
proxy_read_timeout 86400s;
# Headers
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/ {
proxy_pass http://yawamf-monalithic:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://yawamf-monalithic:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
}Caddy handles SSE automatically in most cases, but ensuring flush_interval is set to -1 (immediate) helps.
your-domain.com {
reverse_proxy /api/sse yawamf-monalithic:8080 {
# Flush immediately for SSE
flush_interval -1
header_up Host {host}
header_up X-Forwarded-Proto {scheme}
}
reverse_proxy /api/* yawamf-monalithic:8080 {
header_up Host {host}
header_up X-Forwarded-Proto {scheme}
}
reverse_proxy /* yawamf-monalithic:8080 {
header_up Host {host}
header_up X-Forwarded-Proto {scheme}
}
}- Cause: Connection dropping between heartbeats (20s).
- Fix: Increase proxy
read_timeoutto >60s and backendkeep-alive-timeoutto 75s.
- Cause: Backend sees
X-Forwarded-Proto: httpinstead ofhttps. - Fix: Ensure your proxy passes
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;(or hardcode tohttps).
- Cause: "Force SSL" enabled on Proxy but Cloudflare is connecting via HTTP.
- Fix: Disable "Force SSL" on the internal proxy if Cloudflare is already handling HTTPS redirection, or ensure Cloudflare connects via HTTPS Origin.