Configuring Nginx on linuxserver/letsencrypt for Hass.io

norsemanGrey · January 17, 2020, 12:40pm

Hi guys! Need some help with configuring Nginx (on the linuxserver/letsencrypt docker) as a reverse proxy for web-servers on my network (Hass.io to begin with). Any input to point me in the right direction is highly appreciated.

Current Setup

Router:

Type: AmpliFi HD
Forwarded Ports: 443 -> 8123 (RPi / Hass.io)
DNS: Using Pi-Hole IP

Raspberry Pi 1 (w/ConBee II)

Hass.io

Rasberry Pi 2

Pi-Hole

Ubuntu Server (18.04)

Docker Containers
- linuxserver/letsencrypt (reverse proxy not configured)

Domain

FQDN (Domeneshop)

Currently my HA is the only server that I access from outside my network (via www..no by default as it forwarded on 443), but I plan to have other web servers (both as Docker images on the Ubuntu server and on other hardware) that I want to have accessible outside using different sub-domains (i.e. homeassistant..no for HA and plex..no for Plex server).

Thus I want to use the linuxserver/letsencrypt container and configure the nginx as a reverse proxy. However I am not sure how to change the default.config file (located in <path/to/>config/nginx/site-confs on the Ubuntu host) to work for my setup, or what other changes I need to do (e.g. no my Hass.io configuration).

norsemanGrey · January 21, 2020, 7:43am

I have tried with the following setup in the nginx default file under the site-confs folder but I only get a “502 Bad Gateway” when trying “https://homeassistant.my_domain.no” in the browser:

server {

        listen 443 ssl;

        server_name homeassistant.my_domain.no;

        include /config/nginx/ssl.conf;

        client_max_body_size 0;

        location / {

                proxy_set_header Host $host;
                proxy_redirect http:// https://;
                proxy_http_version 1.1;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                proxy_buffering               off;
                proxy_ssl_verify              off;

                proxy_pass http://<RPi local IP>:8123;

        }
}

The http component in my Hass.io configuration.yaml file looks like this:

http:
  base_url: https://my_domain.no
  use_x_forwarded_for: true
  trusted_proxies: <nginx docker host server IP>