Hi there,
I’ve set up my Home Assistant core in a Linux Docker environment. I used a combination of nginx and let’s encrypt to make it available via a subdomain.
On both my Windows PC and Notebook I can connect via the local IP-Address and via the external Domain I set up without any Issues.
However if I try to connect my mobile Apps on iPhone, iPad and MacOS I get the Error “Unable to connect to Home Assistant” RETRY
I can manage to get it to work, if I enter the internal address manually in the settings of the mobile apps. But if I turn off my wifi, so I’m only connected via mobile data, the iOS client also refuses to connect with the same error message.
Additionally if I try to login via the webbrowser on any of my apple devices via the domain url I also get the same error message, but it works via the local IP-Address.
I have set up external access in the configuration.yaml:
homeassistant:
external_url: "https://assistant.mydomain.xyz/"
internal_url: "http://192.168.178.60:8123"
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.178.60
And I think I set up my nginx configuration correctly for my subdomain:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream assistant {
server 192.168.178.60:8123;
}
server {
listen 80;
listen [::]:80;
server_name assistant.mydomain.xyz;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
if ($host != assistant.mydomain.xyz) {
return 403;
}
}
server {
if ($host != assistant.mydomain.xyz) {
return 403;
}
server_name assistant.mydomain.xyz;
listen [::]:443 ssl http2;
listen 443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl_certificate /etc/letsencrypt/live/mydomain.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.xyz/privkey.pem;
proxy_buffering off;
location / {
proxy_pass http://assistant;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
And for good measure this is my main nginx.conf file:
user nginx;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384';
ssl_dhparam /etc/nginx/ssl-dhparams.pem;
##
# Logging Settings
##
log_format formated escape=json
'{'
'"requestId":"$request_id",'
'"remoteAddress":"$remote_addr",'
'"remoteUser":"$remote_user",'
'"requestTimestamp":"$time_iso8601",'
'"host":"$http_host",'
'"request":"$request",'
'"status":"$status",'
'"bodyBytesSend":"$body_bytes_sent",'
'"httpReferer":"$http_referer",'
'"httpUserAgent":"$http_user_agent"'
'}';
access_log /var/log/nginx/formated_access.log formated;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
}
I don’t know if this is a problem with the ssl certificates or encryption settings, like http2, tls v1.3 or the ciphers I enabled?
Looking into the container logs of Home Assistant no errors show up.
The container logs of Nginx reveal some kind of http 304 Error for the lovelace ui
Authentication and registration of the apps in of themselves work. They show up in the integrations panel. It seems only the UI won’t load?
Any help would be greatly appreciated. Thanks in advance