Google Assistant on Hass behind nginx

Hello People,

I had my Hass working with GoogleAssistant and google Home integration over https.
I wanted to server http locally, so i set up nginx.
something in my configuration is not correct and i cannot find it.

Configuring my action in google home redirects me to my hass instance, i log in, the app says that my action is not reachable try again later.

# Loads default set of integrations. Do not remove.
default_config:

logger:

homeassistent:
  external_url: 'https://hass.xxxxxx.ddnss.de'
  internal_url: 'http://hass.merseserver.de'

google_assistant:
  project_id: xxxxxxx
  service_account: !include service_account.json
  report_state: true
  exposed_domains:
    - switch
    - light
    - climate

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.22.0.0/16
    - 192.168.178.100
    - ::1
    - fe80::3562:1f8a:e904:4d5e

group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

The SSL certificates are valid lets encrypt certificates

hass.xxxx.ddnss.de is reachable with valid ssl

My Proxy Advanced Tab is a convoluted mess of copy pasted arguments from other threads with simmilar problems. None of them helped, so i do not know if they are necessary at all.
The whole Proxy thing is new to me, so i dont understand much.

Video showing what happens in home app

Hi, dont want to bring you stupid answer, but with this level of info , nobody will find it. Sharig a little more info of what you did configure might help getting a decent answer.
WHat urls, what network etc etc.

What i have tried:

  • getting a ssl certificate for “hass.xxxxx.ddnss.de” and using that for the proxy ssl.
  • i configured a new google action (the one i posted below) when doin the switch. In case reconfiguring the old action, that worked with my hass https only config, was breaking something.
  • setting und removing external and internal URLs
  • setting external URL to xxxxx.ddnss.de (without the subdomain)

Google Actions Configuration

interesting. Is only the Google action not working? As in, if you use the internal or external URL in a browser, does HA work and you can login?

Yes Hass works on both urls

then the best location to investigate is the 'action ’ log. Put it to debug/.trace and see where it fails. A ‘not reachable’ could also be interpreted with ‘authenticaiton fail’ . So that log would be more precise

I have never done any logging other than logger: in the configuration
Do I have to add anything to that to generate the action log?
I have no directory debug/

i meant the logger from this screen… … make it log more details and see the output.

Ah okay. I can test that tomorrow. Thank for the directions

Looks like google is getting a 401 unauthorized back

is there 401 in the resource details when expanded? As i see no specific error in this shot.

if it is, then we’ll need to figure if the 401 is coming from nginx or from HA.

TextPayload: "SYNC: Request ID ... failed with code BACKEND_URL_ERROR"

Hoopsie, i read the docs incorrect.
It got something else than a 401.
Trying to figure out the GCP logging, google is a bit sparse with their guidance ^^

1 Like

I’ve found the problem…

My fulfillment URL was not correct. I forgot to add /api/google_assistant to my external Link.

Although my own fault, thanks alot @checking12

No problem, good luck