Auto-discovery of homeassistant docker container behind NGINX reverse proxy

Installation
,
1

I have a home assistant install running in a docker container on a raspberry pi behind an NGINX proxy so I can do additional authentication and hardening. I have the NGINX forwarding both port 80 and port8123 to the container and I can log into the app using the reverse proxied domain name. However the one piece I am missing is the auto detect. Currently when I open the app it autodetects the ip address not the domain name. And when I bind the docker container to localhost to pass all traffic through the nginx the auto-discovery breaks.

What is home assistant using for auto-discovery? How can I adjust either my docker-compose or nginx config to allow the necessary data to passthrough?

My docker-compose is:

version: '3'
services:
  homeassistant:
    container_name: homeassistant
    image: "ghcr.io/home-assistant/home-assistant:stable"
    ports:
      - "8123:8123"
    volumes:
      - ./config:/config
      - /etc/localtime:/etc/localtime:ro
      - /run/dbus:/run/dbus:ro
    restart: unless-stopped
    network_mode: host
    cap_add:
      - NET_ADMIN
      - NET_RAW
    environment:
      - TZ: America/Los_Angeles
      - DISABLE_JEMALLOC: true
      - VIRTUAL_HOST=homeassist.voh.haus
      - VIRTUAL_PORT=8123

And my nginx configuration is:

server {
    server_name homeassist.voh.haus; # Replace with your chosen domain/hostname
    listen 80;

    # Optional: Redirect root URL to the /admin interface
    location / {
        proxy_pass http://127.0.0.1:8123; # Use container IP/hostname and internal port 80
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}
server {
    server_name homeassist.voh.haus; # Replace with your chosen domain/hostname
    listen 8123;

    # Optional: Redirect root URL to the /admin interface
    location / {
        proxy_pass http://127.0.0.1:8123; # Use container IP/hostname and inter>
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

I broke out the listening so I could secure each separately with different methods in the future.

2

Do you need 80?

MDNS. Everything is using mdns for discovery and other connectivity checks over network.

Also, did you set x_Forwarded_for and trusted_proxies. Generally needed so HA can see ip of client device instead of all coming from proxy ip