Apache reverse proxy with path

Hello.

I stuggle with the reverse proxy configuration. The server should accessible under http://10.0.0.104/hass, but i get some errors in the browser.

I found this https://www.home-assistant.io/docs/ecosystem/apache/ and modified it, because on the server running more than one websites.

This is the apache config.

<IfModule mod_proxy.c>
      ProxyPreserveHost On
      ProxyRequests off
      ProxyPass "/hass/api/websocket" "ws://localhost:8123/api/websocket"
      ProxyPassReverse "/hass/api/websocket" "ws://localhost:8123/api/websocket"
      ProxyPass "/hass" "http://localhost:8123"
      ProxyPassReverse "/hass" "http://localhost:8123"
      RewriteEngine on
      RewriteCond %{HTTP:Upgrade} =websocket [NC]
      RewriteRule /(.*)  ws://localhost:8123/$1 [P,L]
      RewriteCond %{HTTP:Upgrade} !=websocket [NC]
      RewriteRule /(.*)  http://localhost:8123/$1 [P,L]
</IfModule>

And this are the error from the browser.

Loading failed for the <script> with source “http://10.0.0.104/static/webcomponents-bundle.js”. hass:1
Loading failed for the <script> with source “http://10.0.0.104/frontend_latest/core-5cad4d70745d4596fd4b733ac1d4cdfd.js”. hass:1
Loading failed for the <script> with source “http://10.0.0.104/frontend_latest/app-6e4d53ede29a686d41a2bb0807ecd12c.js”. hass:1
Loading failed for the <script> with source “http://10.0.0.104/frontend_latest/hass-icons-ee13d5e1c4eddae529f72ccb088bbad3.js”.

Has anybody a idea where’s the problem?

Bildschirmfoto%20vom%202018-07-22%2019-40-361503×711 63.3 KB

I believe HA isn’t suitable for a path based reverse proxy configuration (i.e. you can’t tell HA to prefix every single URL with your selected path). Try a separate virtual host with different hostname instead.

Thanks for your reply, but this is not really an option for me. My router (fritzbox) doesn’t support multiple hostnames per host and it needs another SSL certificate

now i found this open feature request from 2016. But I do not think that will do something there.

In case your still dealing with this. I agree using relative paths would have been nice when they started this project. I put together a hacky rewrite for apache, this could also be translated into nginx. There is one known issue debugging didn’t expose anything but when it loads for the first time you will get a spinning wheel. If you click dashboard everything will load fine. These rules are setup for hosting from the context root of “/home/”. This is considered pretty hacky since it uses alot of extra context roots which might be in use by other applications on your root. Second reason is future updates may break this.

ProxyPass /api/websocket ws://192.168.1.200:8123/api/websocket
ProxyPass /manifest.json http://192.168.1.200:8123/manifest.json
ProxyPass /service_worker_es5.js http://192.168.1.200:8123/service_worker_es5.js
ProxyPass /home/ http://192.168.1.200:8123/
ProxyPassReverse /home/ http://192.168.1.200:8123/
ProxyPass /frontend_es5/ http://192.168.1.200:8123/frontend_es5/
ProxyPassReverse /frontend_es5/ http://192.168.1.200:8123/frontend_es5/
ProxyPass /static/ http://192.168.1.200:8123/static/
ProxyPassReverse /static/ http://192.168.1.200:8123/static/
ProxyPass /auth/ http://192.168.1.200:8123/auth/
ProxyPassReverse /auth/ http://192.168.1.200:8123/auth/
ProxyPass /api/ http://192.168.1.200:8123/api/
ProxyPassReverse /api/ http://192.168.1.200:8123/api/
ProxyPass /lovelace/ http://192.168.1.200:8123/lovelace/
ProxyPassReverse /lovelace/ http://192.168.1.200:8123/lovelace/

I don’t think the lovelace one is required

Has this been addressed in .94? or do we still have to forward to a subdomain?

Has this been addressed in .95? or do we still have to forward to a subdomain?

I don’t think this is deemed important enough that anyone is working on this. But feel free to chip in and contribute functionality to this project that is important to you and may be for others.

Configure like this to fix the following issues

• External proxy to internal IP
• HTTP redirect to HTTPS configuration
• Wrong IP Address showed in login notifications within Home Assistant
• Websockets don’t work properly
• Addons don’t work

<VirtualHost *:80>
        ServerName        homeassistant.adamoutler.com #MODIFY to your host name
        ServerAdmin       [email protected] #MODIFY to your email
        RewriteEngine On
        # This will enable the Rewrite capabilities
        RewriteCond %{HTTPS} !=on
        # This checks to make sure the connection is not already HTTPS
        RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>

		#Declare server
        ServerName        homeassistant.adamoutler.com #MODIFY to your host name
        ServerAdmin       [email protected] #MODIFY to your email

        #fix detecting incorrect login IP by proxy server
        RemoteIPInternalProxy 192.168.1.1  #MODIFY to your proxy, or delete if you aren't using a firewall
        RemoteIPHeader X-Forwarded-For

        #proxy server setup
        ProxyPreserveHost On
        ProxyRequests Off
        ProxyPass /api/websocket ws://192.168.1.8:8123/api/websocket #MODIFY to your HA IP:Port
        ProxyPassReverse /api/websocket wss://192.168.1.8:8123/api/websocket #MODIFY to your HA:Port
        ProxyPass / http://192.168.1.8:8123/ #MODIFY to your HA IP:Port
        ProxyPassReverse / http://192.168.1.8:8123/ #MODIFY to your HA IP:Port

        #fix websockets for addons and apis
        RewriteEngine On
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteRule ^/?(.*) "ws://192.168.1.8:8123/$1" [P,L] #MODIFY to your HA IP address


        #Set security on certan areas(some redacted)
        <Location "/">
                Satisfy any
#               Include /path/to/mySecuritySettings.conf
        </Location>
        <Location "/api">
                Satisfy any
        </Location>

        #HTTPS certs
#        Include /path/to/sites-available/ssl.conf
#        Include /path/to/options-ssl-apache.conf
#        SSLProxyEngine On
#        SSLCertificateFile /path/to/my-chain.pem
#        SSLCertificateKeyFile /path/to/my-cert.pem
</VirtualHost>
</IfModule>

Das funktioniert bei mir nur im chrome nicht im firefox. da gibt es probleme mit lovalace
Hat wer eine Lösung ?

ProxyPreserveHost On
ProxyRequests off
ProxyPass /api/websocket ws://127.0.0.1:8123/api/websocket disablereuse=on
ProxyPassReverse /api/websocket ws://127.0.0.1:8123/api/websocket
ProxyPass / http://127.0.0.1:8123/ disablereuse=on
ProxyPassReverse / http://127.0.0.1:8123/

RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*)  ws://127.0.0.1:8123/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*)  http://127.0.0.1:8123/$1 [P,L]

configutarion.yaml:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1

I am trying to get this working on a location level. Is it possible? This is what I have but it is showing 404 error in console.

<VirtualHost *:20530> 
    <Location /homeassistant/>
        RequestHeader unset Accept-Encoding
        
        ProxyPreserveHost On
        ProxyHTMLEnable on
        ProxyHTMLURLMap / /homeassistant/
        
	    ProxyPass http://localhost:20536/ disablereuse=on
	    ProxyPassReverse http://localhost:20536/

        RewriteEngine On
        RewriteCond %{HTTP:Upgrade}    =websocket [NC]
        RewriteRule /(.*)           ws://localhost:20536/$1 [P,L]
        RewriteCond %{HTTP:Upgrade}    !=websocket [NC]
        RewriteRule /(.*)           http://localhost:20536/$1 [P,L]
    </Location>
    <Location /homeassistant/api/websocket>
        ProxyPreserveHost On
        ProxyPass ws://localhost:20536/api/websocket disablereuse=on
        ProxyPassReverse ws://localhost:20536/api/websocket
    </Location>
</VirtualHost>

have you set "external_url" https://mysite.com/homeassistant ?
/homeassistant/.storage/core.config

{
  "version": 1,
  "minor_version": 3,
  "key": "core.config",
  "data": {
...
    "external_url": "https://mysite.com/homeassistant",
...
  }
}

Yes I did, but under System - Settings - Network.

Internet: http://1nuc.mooo.com:20536/

    "external_url": "http://1nuc.mooo.com:20536/",
    "internal_url": "http://192.168.188.203:20536/",

I don’t understand what your site should look like with “/homeassistant” or without

With, like this.

http://1nuc.mooo.com:20530/homeassistant

delete all and try:

<VirtualHost>

ProxyPreserveHost On
ProxyRequests off
ProxyPass /api/websocket ws://127.0.0.1:8123/api/websocket disablereuse=on
ProxyPassReverse /api/websocket ws://127.0.0.1:8123/api/websocket
ProxyPass /homeassistant http://127.0.0.1:8123/ disablereuse=on
ProxyPassReverse /homeassistant http://127.0.0.1:8123/

RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /homeassistant ws://127.0.0.1:8123/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /homeassistant http://127.0.0.1:8123/$1 [P,L]

</VirtualHost>

/homeassistant/.storage/core.config
delete internal_url:
set “external_url”: “http://1nuc.mooo.com:20530/homeassistant”,

restart HA

What is the exact reverse proxy you are trying to use?
I have a reverse proxy setup without opening any ports in the router via a zero trust network, if you provide some more details i might be able to help.

Edit:

i run a docker version (hoass core) with cloudflare tunnel (zero trust)
The tunnel converts the http into a https, and with some cloudflare firewall rules you can limit access to a VPN connection or to certain IP adresses.

I am trying to have HA as subdomain to avoid having additional port. All my applications are the same way proxied. I will play around with above example and see change external url.