Hello.
I’m trying to solve an issue.
My Home Assistant is running via Docker on a Raspberry Pi 3B with ip 192.168.1.22 (hostname hawk on the network).
Nginx is running on that same PI (192.168.1.22) but not in a docker container.
My Openwrt router is running on 192.168.1.1.
No external ports to home assistant is open in the router, that shouldn’t be needed right?
My ssl certs are managed my acme.sh (afraid with letsencrypt)
I’m trying to use my Home Assistant remotely on my IOS phone to access my instance via nabu casa.
Nabu Casa is connected.
Home assisant works fine otherwise and can be accessed via the lan on https://sub.domain.com, same if IOS app is connected via LAN.
Trying to enable Remote Control throws this error:
Remote UI not compatible with 127.0.0.1/::1 as trusted proxies.
I think I then tried to change to “trusted_proxies: 192.168.1.22” with no luck.
Any tips much appriciated.
MY CONFIGS
Home Assistant docker-compose:
version: '3'
services:
# HomeAssistant
homeassistant:
container_name: hassio
image: homeassistant/raspberrypi3-homeassistant:stable
volumes:
- /home/pi/docker/hassio:/config
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
network_mode: host
depends_on:
- mariadb
devices:
- /dev/ttyUSB-ConBeeII:/dev/ttyACM0
- /dev/ttyUSB-ZStick-5G:/dev/ttyACM1
Home Assistant configurations.yaml:
http:
# For extra security set this to only accept connections on localhost if NGINX is on the same machine
# server_host: 127.0.0.1
# Update this line to be your domain
base_url: https://sub.domain.com
use_x_forwarded_for: true
# You must set the trusted proxy IP address so that Home Assistant will properly accept connections
# Set this to your NGINX machine IP, or localhost if hosted on the same machine.
trusted_proxies: 127.0.0.1
NGINX site config:
upstream hawk {
server hawk:8123;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
# Update this line to be your domain
server_name sub.domain.com;
# These shouldn't need to be changed
#listen [::]:80 default_server ipv6only=off;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
# Update this line to be your domain
#listen [::]:443 ssl default_server ipv6only=off; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
#listen [::]:443 ssl; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
listen 443 ssl;
server_name sub.domain.com;
# Ensure these lines point to your SSL certificate and key
ssl_certificate /etc/nginx/ssl/sub.domain.com/cert.pem;
ssl_certificate_key /etc/nginx/ssl/sub.domain.com/key.pem;
# Ensure this line points to your dhparams file
#ssl_dhparam /etc/nginx/ssl/dhparams.pem;
# These shouldn't need to be changed
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
proxy_buffering off;
location / {
proxy_pass http://hawk;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}