Given that I’ve seen quite a few of these and spent quite a while trying to get HA to work through a reverse proxy, I thought I’d share my working config.
In my case, I have an Apache reverse proxy on a remote server which connects back over VPN to the local HA machine, but that makes no difference in this instance, it only changes the IP address in use!
I have the below (and, importantly, the order matters and I have no rewrites necessary to make this work!):
ProxyPreserveHost On
ProxyRequests off
ProxyPass /api/websocket ws://<IP of HA box>:8123/api/websocket upgrade=websocket
ProxyPassReverse /api/websocket ws://<IP of HA box>:8123/api/websocket
ProxyPass / http://<IP of HA box>:8123/
ProxyPassReverse / http://<IP of HA box>:8123/
This not only works once, but through a DOUBLE reverse-proxy.
I have an external dedicated server, running LetsEncrypt to get free SSL.
That reverse proxies it with the above config over a VPN to a device that runs my network (it does this via HTTP, by the way, because it’s going over the VPN anyway).
That device then has the same config with Apache, and reverse proxies it again to the actual HA box that lives on the same network (I’m using HA OS on an RPi).
And… it now just works.
Given that I’ve spent inordinate amounts of time to realise how simple it was, I thought I’d post it for others.
The critical part is the upgrade=websocket for the appropriate websocket URL, which if your Apache doesn’t support it, you need to upgrade.
Strangely, it didn’t work when I had that on the bottom ProxyPass statement, though it’s supposed to be clever enough to do that.