I am running Home Assistant OS (12.4) in a Proxmox (8.2) VM and have installed Nginx proxy manager and Cloudflared. I have not been able to setup external access to my home assistant. The closest I have gotten is when setting the service in cloudflare tunnel to the nginx url 192.168.xx.xx:30, I can hit the nginx login. When I change it to the home assistant url 192.168.xx.xx:8123, I get a 404: not found.
I cannot tell what I am doing wrong. Any assistance would be much appreciated.
You donât need NGINX for cloudflared to work, so I assume you only mention it because itâs also installed and itâs an alternative destination to test with cloudflare.
Since youâre saying youâre pointing cloudflared to an IP address, I assume youâre using the âadditional domainsâ config. Have you tried just setting the âexternal home assistant hostnameâ field with your domain?
If you instead (or also) want to use a subdomain like âha.mydomain.comâ then the additional fields should look like:
- hostname: ha.mydomain.com
service: http://192.168.x.x:8123
And I assume you can go to âhttp://192.168.x.x:8123â locally and get to HA.
It also seems a bit weird that you can go to â192.168.xx.xx:30â and see the NGINX login - have you configured that addon to listen on that port? Iâm surprised that it gets that far.
Thanks for the reply. I made a few changes, including the ones you mentioned, and now I am able to connect remotely. I can access my home assistant on my phone browser, but cannot connect through the app. I looked through online documentation, but it seems outdated and I cannot locate some of the settings mentioned.
You donât need NGINX for cloudflared to work, so I assume you only mention it because itâs also installed and itâs an alternative destination to test with cloudflare.
** As I understand, this is the best way to access home assistant from outside my lan securely and within my lan without a certificate. I thought there were issues with connecting devices to home assistant if i need a certificate within my lan. **
If you instead (or also) want to use a subdomain like âha.mydomain.comâ then the additional fields should look like:
- hostname: ha.mydomain.com
service: http://192.168.x.x:8123
And I assume you can go to âhttp://192.168.x.x:8123 â locally and get to HA.
** but for building out a homelab that includes other services on other subdomains, isnât it better to manage it with nginx? **
It also seems a bit weird that you can go to â192.168.xx.xx:30â and see the NGINX login - have you configured that addon to listen on that port? Iâm surprised that it gets that far.
**I followed a process similar to this:
https://theprivatesmarthome.com/how-to/set-up-nginx-proxy-manager-in-home-assistant/
Where it says " Go to the Nginx Proxy Manager page. It will be the hostname of your Home Assistant on port 81. For example: http://homeassistant:81. You should see the login page. Enter the default"
I am hoping I can use this proxy manager for other servers that are independent of home assistant in the future.**
I was initially a bit confused when you had issues with Cloudflare, but mentioned nginx because for the most part they are often used separately.
I use both - Cloudflare for accessing site from outside the home, and nginx for accessing within the home. I wanted to do this so the same link (ie. ha.mydomain.com) could be used at home and away.
For browsers this works fine, as they only cache the IP address for the domain for about 5 minutes. However, Iâve found apps are different, and some seem to cache for over a day. This therefore doesnât work because it caches the local IP at home, and then tries to use it away from home. I think the Companion App falls into this category - if both the internal and external address is ha.mydomain.com, it doesnât work. I set up a separate domain ha-internal.mydomain.com for the internal server (only used by the companion app), and this works for me. Similarly I use ntfy for notifications, and its app couldnât cope with the same server internally and externally. The only solution here was to use the external domain from within home.
I have found one other wrinkle in âsharingâ a domain internally and externally. If you set up a zero trust application in Cloudflare to have an extra layer of security, you can have more than one end-point in the application, so each can âshareâ the same authentication. This works by redirecting one domain via another to get the auth cookie, and can get confused if your nginx gets in the middle and redirects elsewhere.