After getting a fresh HA install on a raspberry pi and verifing access on port 8123, I installed the LetsEncrypt Add-on. I have other services on my network running on port 80, so I have an external nginx server setup. Using the following config, I was able to get some certificates onto the raspberry pi:
server {
listen 80;
server_name smarthome.example.com;
location / {
proxy_pass http://smarthome.example.com;
}
}
After verifying the new certs, I opt’ed to install the Nginx Addon from the add-on store. Given that Alexa and Google both require 443 to be open anyway, I prefer access my HA instance via http://smarthome.example.com. I do not want to use http://smarthome.example.com:8123. The only config change I did was to add:
domain: smarthome.example.com
Forwarding 443 to directly to the raspberry pi, I can access the interface from remote and log in. However, again, I have other services at home running on 443 (in addition to port 80). So I would like to do proxy request for 443 as well from the external nginx server. After verifying the Nginx Add-On is functioning, I modified the external nginx config to the following:
server {
listen 80;
server_name smarthome.example.com;
location / {
proxy_pass http://smarthome.example.com;
}
}
server {
listen 443 ssl http2;
server_name smarthome.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_pass https://smarthome.example.com;
}
}
I modified my firewall to forward both port 80 and 443 to the machine hosing the external nginx server. Note: I also have an internal DNS severing the private subnet behind the firewall. Now, from external, I can access http://smarthome.example.com. However, after providing credentials, I get the error “Unable to connect to Home Assistant, Retry”. After every attempt to login through the external nginx proxy, I find a new refresh token under my account in HA (when accessed directly from internal). So I can see the external nginx proxy is forwarding request to the HA Nginx Add-on which it forwarding the request to the HA instance. However, something along the way is getting broken.
The question can anyone assist in configured my external nginx proxy to properly forward request to my HA Nginx Add-on which I think thing is correctly working.
Some other notes. On the internet, I own the domain used in the letsencrypt certs. This URL leads to my external IP. From there, the request is port forwarded to an nginx install on my private network. I have internal DNS that resolves the same URL to the actual IP address of the raspberry pi. I assume this all working because I can see the login page of the HA instance from external. So I think the SSL forwarding is broken somehow.
Lastly, full disclosure: 443 forwarding is not working for my other apps well. When port forwarding directly, HA and the other apps work individually, but I need to host multiple services on the same port. Hence the need for nginx proxying (server_names).