Hi there.
I’m using HA with Docker, NGINX and SSL.
It works flawless via local network by accessing
https://myhostname.org
but it loads very very slowly when accessing the same address via an external network.
the HA app timeouts and I need to retry many times before accessing the frontend.
this is weird because it worked well before without any modification from my side if not for usual updates in Ubuntu 24.04 server and HA.
It’s like if HA defaults to a wrong network and then rollback to the good one.
I don’t know why it’s so slow form external network now.
This is my docker compse:
reverse_proxy:
driver: bridge
ipam:
config:
- subnet: 172.16.0.0/16
gateway: 172.16.0.1
services:
nginx:
image: nginx:latest
restart: always
environment:
TZ: Europe/Rome
ports:
- "81:80"
- "444:443"
- "8068:8067"
volumes:
- ./nginx/nginx:/etc/nginx/conf.d:ro
- ./nginx/wwwroot:/var/www/root:ro
- ./nginx/certbot/conf:/etc/letsencrypt:ro
- ./nginx/certbot/www:/var/www/certbot:ro
- ./nginx:/restricted:ro
- ./nginx/logs:/var/log/nginx
networks:
reverse_proxy:
ipv4_address: 172.16.0.2
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
restart: always
volumes:
- /opt/docker_ha/homeassistant/config:/config
- ${PATH_TO_FAN_FILE}:/config/fan/fan1_input
- /etc/localtime:/etc/localtime:ro
- /run/dbus:/run/dbus:ro
privileged: true
network_mode: host
and this is the configuration of the NGINX
#limit_req_zone $binary_remote_addr zone=mylimit:10m rate=20r/s;
server {
listen 80;
server_name myhostname.org;
location /.well-known/acme-challenge/ {
#limit_req zone=mylimit burst=2;
root /var/www/certbot;
}
#location / {
# root /var/www/root;
#}
}
server {
listen 443 ssl;
server_name myhostname.org;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
location / {
#limit_req zone=mylimit burst=10;
proxy_pass http://192.168.1.3:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /zigbee {
proxy_pass http://192.168.1.3:8069/#/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /assets {
#limit_req zone=mylimit burst=10;
proxy_pass http://192.168.1.3:8069;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /zigbee/api {
#limit_req zone=mylimit burst=10;
proxy_pass http://192.168.1.3:8069/api;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
ssl_certificate /etc/letsencrypt/live/myhostname.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myhostname.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_protocols TLSv1.3;
}
I tried removing homeassistant container from the network: host
and it helps, but then all other integrations stops working…