Dear Community,
my problem appears somewhat strange and does not really fit to the topics and discussions I found across the web (here and other communities), so I will try to describe it here in an own topic.
Prologue:
I am running HA OS as a virtual machine on proxmox, which is running on a dedicated home server.
I am also running an nginx reverse proxy as a docker container.
In nginx, I have set up home assistant as a proxy host, which is directing an url to the internal network IP (fixed) of home assistant. For this, I use an SSL certificate created with Let’s Encrypt.
I have a registered domain with a provider which allows change of dns settings via API.
So, in order to always have (SSL) access home assistant (and other services as well), I have done three things.
- since my ISP (Deutsche Telekom) forces disconnection and reconnection regularly and assigns a new WAN IP, I scheduled my router (Fritz!Box 7490) to disconnect and reconnect every day at 3:55 a.m.
- I have set up a cron job, which updates the DNS entries for my domain with the current WAN IP at 4:00 a.m.
- I have also redirected the http and https ports to the internal (fixed) IP of nginx.
You could say that I have set up kind of my own dynDNS.
In priciple, this works pretty well, I can access all services my home server provides, which have an entry in nginx.
It might be of intererest, that I am using a sub sub domain naming scheme:
https://service.machine.domain.extension
I am using a wildcard certificate issued for *.domain.extension, so I can use one cert for all services I plan to make accessible from outside my local network.
And here comes my problem:
Remote access AND LOGIN to home assistant does also, kind of, work, but only after midday/afternoon. In the earlier hours of the day, I can not log in. The companion app on my smartphone, which only relies on access via external url, also does not work in the morning hours.
This is the same every day. In the morning, no LOGIN to home assistant, from outside of the local network is possible; several hours later, it suddenly works, as if the problem resolved itself.
Access via local IP always works.
Various DNS checking sites do confirm that the url (also the respective sub-sub domains) points to my correct WAN IP, minutes after DNS entry update.
Remote access (also SSL) and login to other serivces does always work, even in the early morning.
I guess, we can factor out any issues with url redirection.
From my perspective, the root cause must be anywhere between nginx and home assistant.
I should point out: If I try to access home assistant remotely in the morning, the login screen does appear, but the login process can not be completed:
In nginx, I have activated web sockets.
In home assistant, I have also activated remote access. In configuration.yaml, I have also inserted the necessary lines for allowing access via reverse proxy.
I can post the lines later, when I have access again (currently in the office and remote access does currently not work).
So, what can be the root cause of this somewhat strange behaviour, which I have not read about in any other topic, which deals with remote access not working.
Is there some cache in home assistant (or nginx) that needs be flushed?
I hope I have explained everything understandable.
Please ask, if you need more data and information.
Thanks a lot!