Accessing nabula cloud from ios device remotely when running home assistant in docker via nginx


I’m trying to solve an issue.
My Home Assistant is running via Docker on a Raspberry Pi 3B with ip (hostname hawk on the network).
Nginx is running on that same PI ( but not in a docker container.
My Openwrt router is running on
No external ports to home assistant is open in the router, that shouldn’t be needed right?
My ssl certs are managed my (afraid with letsencrypt)
I’m trying to use my Home Assistant remotely on my IOS phone to access my instance via nabu casa.
Nabu Casa is connected.
Home assisant works fine otherwise and can be accessed via the lan on, same if IOS app is connected via LAN.

Trying to enable Remote Control throws this error:

Remote UI not compatible with as trusted proxies.

I think I then tried to change to “trusted_proxies:” with no luck.

Any tips much appriciated.


Home Assistant docker-compose:

version: '3'
  # HomeAssistant  
    container_name: hassio
    image: homeassistant/raspberrypi3-homeassistant:stable
      - /home/pi/docker/hassio:/config
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    network_mode: host
      - mariadb
      - /dev/ttyUSB-ConBeeII:/dev/ttyACM0
      - /dev/ttyUSB-ZStick-5G:/dev/ttyACM1

Home Assistant configurations.yaml:

  # For extra security set this to only accept connections on localhost if NGINX is on the same machine
  # server_host:
  # Update this line to be your domain
  use_x_forwarded_for: true
  # You must set the trusted proxy IP address so that Home Assistant will properly accept connections
  # Set this to your NGINX machine IP, or localhost if hosted on the same machine.

NGINX site config:

upstream hawk {
        server hawk:8123;

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;

server {
    # Update this line to be your domain
    # These shouldn't need to be changed
    #listen [::]:80 default_server ipv6only=off;
    listen [::]:80;
    return 301 https://$host$request_uri;
server {
    # Update this line to be your domain
    #listen [::]:443 ssl default_server ipv6only=off; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
    #listen [::]:443 ssl; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
    listen 443 ssl;
    # Ensure these lines point to your SSL certificate and key
    ssl_certificate /etc/nginx/ssl/;
    ssl_certificate_key /etc/nginx/ssl/;
    # Ensure this line points to your dhparams file
    #ssl_dhparam /etc/nginx/ssl/dhparams.pem;
    # These shouldn't need to be changed
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    proxy_buffering off;

    location / {
        proxy_pass http://hawk;
        proxy_set_header Host $host;
        proxy_redirect http:// https://;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

Hmm, suddenly I could activate Remote UI, and can access home assistant via the https://* link remotely. But IOS app still not working?