Add-on: NGINX reverse proxy

Hello,

I tried to install and configure the NGINX reverse SSL proxy. In the documentation is stated that “the certificate has to be stored in the /ssl folder”.
How can I upload a certificate to that folder? - The SMB add-on is no option since I do not want to transfer the private key of my certificate unencrypted thru the network. Is there a secure way to get the keyfile to Home Assistant? - It is marginal enough that the key ist stored in the same folder as the certificate, since Home Assistant is a ready made appliance and I do not know the folder- and rights-Structure.

You might find the NGINX Proxy Manager easier to set up (although it requires you first install the MariaDB addon - no longer the case). It handles all the certificates for you using DuckDNS (without the need to install that addon too).

1 Like

OK, thank you for your reply…

Unfortunally this not an answer to my question which was how I can securely transfer my (existing) certificate and key to the Home Assistant Raspi and to store it relatively secure there.

I nevertheless tried your solution, but came to no success. The Proxy Manager isn’t really helping me (I’d love to have an editor window for the NGINX config files, this would be easier for me), and for that little “click-and-run” having to install a complete database software (wich I would already have running in my network an cannot utilize for this task) is a no-go for me.
Also Duck-DNS does not do anything for me, since it only handles its own domain “duckdns.org” as far as I could see… and: I don’t want to use Let’s encrypt, I want to use my own Certificates.

Ok fair enough if you don’t want to install MariaDB. You don’t have to use DuckDNS for certificates with this addon, as you can add custom ones (although not with a passphrase). As you mention, I mainly use this one because of the UI.

  1. Install one of the ssh add-ons. Use scp to move the file
  2. Go to media in the ui. Upload it there. Then move it from /media to /ssl by sshing in via the ssh addon
  3. Install the vscode addon. Drag and drop the file into the ssl folder in the UI

Probably other ways, that was 3 off the top of my head.

Follow this excellent tutorial for Nginx proxy manager installation.

1 Like

This guide assumes they want NPM to manage the certs for them (get them from LE, auto-renew them, etc). The OP has stated pretty clearly they do not want that, they want to use their own certificate not one from LE.

@picsnmore NPM does let you upload your own certificate via the UI. And then when you add a host you can select that uploaded cert. It will then serve it up and won’t attempt to do any management of it, you’ll have to manually upload a new one when it expires. So not exactly matching this guide but NPM works as well.

Basically follow all steps of the guide up until where it tells you to add a host. At that point go to certs tab, upload yours, then make a host and select your cert instead of asking it to get a new one for you.

He wants a self signed certificate