Accessing HASS.io through Apache, error "Unable to Connect to Home Assistant, Retry"

arretx · November 19, 2018, 1:17am

Environment:

Router forwards port 80 and 443 to Ubuntu server running Apache. Server is managed with Webmin and Virtualmin.

I created a virtual server hassio.domain.com. I edited that server’s Proxy information and entered the internal IP address of my Raspberry Pi3 (http://192.168.x.x:8123).

When I access http://hassio.domain.com, the login screen for HASS.io pops up, but if I try to login, I get a screen that reads:

“Unable to Connect to Home Assistant” with a “retry” link.

I can easily login without problems at http://hassio.local:8123 and http://192.168.x.x:8123.

I’ve also enabled SSL for the virtual server, so visiting https://hassio.domain.com also pulls up the login screen.

I get the same result when I attempt to access it from outside of my connection at home.

Is there something in HASS.io that I need to tweak so I can access my instance of HA?

bytejunk · January 18, 2019, 5:03pm

Did you ever solve this?

I’m in exactly the same situation, same setup - router forwards 80 and 443 to apache, which proxies https://ha.domain.com to local_IP:8123.

I can login to local_IP:8123 just fine.
I see the login prompt at https://ha.domain.com both from inside and outside the LAN, but get an «Unable to connect to Home Assistant. -Retry» message.

pathia · January 22, 2019, 9:20pm

I experienced the exact same issue and was able to solve this by adding 2 custom headers in my proxy server configuration.
Just add a Upgrade and Connection header like described in this post.

bytejunk · January 22, 2019, 10:02pm

I forgot to update this post, but I eventually figured it out - I was only setting up the proxy for the base (frontend) access, but it seems the api/websocket also needs to be setup.

My vhost:

  ServerAdmin [email protected]
  ServerName homeassistant.my.domain
  
  SSLProxyEngine On
  SSLCertificateFile /etc/letsencrypt/live/my.domain/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/my.domain/privkey.pem
  SSLCertificateChainFile  /etc/letsencrypt/live/my.domain/chain.pem

  ProxyPreserveHost On
  ProxyRequests Off
  ProxyPass / http://homeassistant_server_ip:8123
  ProxyPassReverse / http://homeassistant_server_ip:8123
  ProxyPass /api/websocket ws://homeassistant_server_ip:8123/api/websocket
  ProxyPassReverse /api/websocket ws://homeassistant_server_ip:8123/api/websocket

  RewriteEngine on
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)  ws://homeassistant_server_ip:8123/$1 [P,l]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*)  http://homeassistant_server_ip:8123/$1 [P,l]

aktivalux · January 24, 2019, 9:59am

I am using NGinx but I had to add the X-Forwarded-For header with the value being the remote address (IP address) of the client. Otherwise I could see a “ip address changed” error in the network trace (but not on the UI).

Joe_Saiko · April 20, 2022, 11:02pm

In case anyone else is having this issue, the following fixed it for me.

sudo a2enmod proxy_wstunnel
sudo systemctl restart apache2