Final setup of Reverse Proxy for HA with NGINX

I have two servers both needing 443 to run. My Windows Essentials server as well as HA. HA specifically because I’m trying to do the integration with Amazon and they only support connecting in 443. So I have a working reverse proxy and even my essentials server remote desktop is rocking. Essentials is straight 443 to 443 in the proxy, and HA is 443 to 8123 in the proxy settings. Few things:

  1. I was on 8123 for HA and have my router directing external IP on 8123 traffic to my internal HA IP on 8123. Is there any reason to keep this or should I switch HA to 443?
  2. If I switch HA to 443 will that break anything? The only component I know right now that I’m actively using that may be effected is the iOS app. So hoping I can just change the server info in the app and it will keep working.
  3. I saw a message elsewhere on the forum saying you should set the below in your configuration.yaml. Is this necessary?
You need to make sure the proxy is passing through ‘header_upstream X-Forwarded-For’ and HA has the following in the config,

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1

Thanks.

JR

No need to change it, especially if it’s working.

Shouldn’t but again, if it isn’t broken, don’t fix it :stuck_out_tongue:

This is preferred that way if someone randomly port scanning you doesn’t cause HA to block your proxy machine from contacting it essentially breaking the reverse proxy.

Thanks. So I guess when they do 127.0.0.1 they are assuming the HA computer is also the reverse proxy server? What should I be putting in there? The external static IP, the internal 192.168… address of my router which is also the reverse proxy?

Well 127.0.0.1 is localhost that’s for things like scripts running on the local server hitting HA to do things.
For a trusted proxy you’d set your LAN IP of your proxy server/VM ie: 192.168.1.212

The use_x_forwarded_for: true will give you the IP of the device hitting your HA instance via the proxy and allow you to ban them if they’re being bad.

OK thanks. I’m really excited this is working as I have not been able to activate the Lambda function with Amazon because of the port challenges. Then when I got close, remote desktop wouldn’t work thru the proxy. Now that that’s all resolved game on!!!

1 Like