Setup: Proxy

Google will require that you expose the application through SSL/TLS on port 443. This app does not expose functionality for configuring an SSL certificate and exposing it directly, so you are expected to configure an nginx proxy that handles the SSL setup. Setup of the SSL pieces isn't documented here as its covered far better in other docs, and how to set it up with certbot to renew SSL certs, etc. You must use a proper CA issued certificate (like from LetsEncrypt), self-signed certificates will not work.

You must ensure the proxy is setup to pass X-Forwarded-For and X-Forwarded-Proto headers.

However, below is the proxy configuration I use to expose my Docker image in nginx. Note you will have to change the proxy_pass IP address to whatever IP you are hosting the app at on port 5000:

  location /google/home {
    allow all;

    proxy_pass http://192.168.1.x:5000;
    proxy_set_header X-Real-IP $remote_addr;

    proxy_buffers 8 16k;
    proxy_buffer_size 16k;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }

Note: I use allow all here because I proxy several sites through this nginx instance, and have my sites locked down by IP address, basic auth, etc. You might not need that if you aren't doing similar things, but all endpoints in this app need to be publicly accessible on some IP / dynamic DNS endpoint mapped through your router.