HA Loading Loop / nginx as proxy / docker container / pi4

Hi guys,
I really dont know what I should try next…

Problem:
My HA runs in a docker container on my raspi 4 with the optimized pi4 image.
I can access the HA webui with the local ip address of the raspberry. (192.168.178.34:8123)

Then I used my already working nginx container to forward the home assistant webui to the www.
This worked for a few days and suddelny stopped working for me.

On every device I tried accessing the HA WebUI: “Loading Data…” until it says “Unable to connect to Home Assistant.”

HomeAssistant1699×606 146 KB

Google Chromes inspect tool gives me:

The FetchEvent for "https://ha.xxx.dev/lovelace" resulted in a network error response: the promise was rejected.
Promise.then (async)
(anonymous) @ workbox-routing.prod.js:1
workbox-strategies.prod.js:1 Uncaught (in promise) no-response: no-response :: [{"url":"https://ha.x.dev/lovelace","error":{}}]
    at o.makeRequest (https://ha.x.dev/frontend_latest/workbox-v4.1.1/workbox-strategies.prod.js:1:3983)
n @ workbox-core.prod.js:1
makeRequest @ workbox-strategies.prod.js:1
2service_worker.js:1 Uncaught (in promise) TypeError: Failed to fetch
core.7580321d.js:1 POST https://ha.xxx.dev/auth/token net::ERR_CONNECTION_TIMED_OUT
i @ core.7580321d.js:1
refreshAccessToken @ core.7580321d.js:1
u @ core.7580321d.js:1
h @ core.7580321d.js:1
(anonymous) @ core.7580321d.js:1
Promise.then (async)
179 @ core.7580321d.js:1
r @ core.7580321d.js:1
(anonymous) @ core.7580321d.js:1
(anonymous) @ core.7580321d.js:1
The FetchEvent for "https://ha.xxx.dev/manifest.json" resulted in a network error response: the promise was rejected.
Promise.then (async)
(anonymous) @ workbox-routing.prod.js:1
workbox-strategies.prod.js:1 Uncaught (in promise) no-response: no-response :: [{"url":"https://ha.xxx.dev/manifest.json","error":{}}]
    at c.makeRequest (https://ha.xxx.dev/frontend_latest/workbox-v4.1.1/workbox-strategies.prod.js:1:3260)
n @ workbox-core.prod.js:1
makeRequest @ workbox-strategies.prod.js:1
/manifest.json:1 GET https://ha.xxx.dev/manifest.json net::ERR_FAILED
core.7580321d.js:1 WebSocket connection to 'wss://ha.xxx.dev/api/websocket' failed: Error in connection establishment: net::ERR_CONNECTION_TIMED_OUT
e @ core.7580321d.js:1
(anonymous) @ core.7580321d.js:1
u @ core.7580321d.js:1
h @ core.7580321d.js:1
(anonymous) @ core.7580321d.js:1
lovelace:1 Uncaught (in promise) 1

Accessing the HA inside the local network still works.

What I already tried to fix the issue:

• changed the nginx config a thousand times -> never had success
• used the official Home Assistant Doc on how to set up the nginx as reverse proxy -> same issue
• deleted ./storage/ dir -> same issue
• restarted the raspberry and docker container 1000x -> same issue
• tried adding the proxy as a “trused_proxy” in the configuration.yaml -> same issue
• tried fiddling around with the configuration.yaml with http entries i.e. adding the proper certificate, etc.

Here are important snippes of my config files:

NGINX config:

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    server_name xxx.dev;

    location / {
        return 301 https://$host$request_uri;
    }

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
}

server {
    server_name ha.xxx.dev;

    ssl_certificate /etc/letsencrypt/live/ha.xxx.dev/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ha.xxx.dev/privkey.pem;

    ssl_dhparam /etc/nginx/ssl/dhparams.pem;

    listen [::]:443 ssl default_server ipv6only=off;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
#    ssl_session_cache shared:SSL:10m;

    proxy_buffering off;

    location / {
        proxy_pass http://192.168.178.34:8123;
        proxy_set_header Host $host;
        proxy_redirect http:// https://;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }

}

(keep in mind: this already worked a few days and suddenly stopped working)

docker-compose.yml (HA):

version: '3.7'
services:
  homeassistant:
    container_name: homeassistant
    image: homeassistant/raspberrypi4-homeassistant:latest
    network_mode: "host"
    ports:
      - "8123:8123"
    volumes:
      - ./config:/config
#    - /docker/certbot/data/certbot/conf/live/ha.xxx.dev/:/certs #(was an fixing attempt)
      - /etc/localtime:/etc/localtime:ro
      - /etc/letsencrypt:/etc/letsencrypt:ro
#    devices:
#      - /dev/ttyACM0:/dev/ttyACM0:rwm
    restart: always

configuration.yaml

# Configure a default setup of Home Assistant (frontend, api, etc)
default_config:

http:
  base_url: https://ha.xxx.dev
#  trusted_proxies=["192.168.178.34/24", "127.0.0.1"]
  use_x_forwarded_for: true
  trusted_proxies: 127.0.0.1

# Text to speech
tts:
  - platform: google_translate

#group: !include groups.yaml
automation: !include automations.yaml
#script: !include scripts.yaml
#scene: !include scenes.yaml

sonoff:
  username: <mymail>
  password: !secret sonoff
  api_region: 'eu'

tuya:
  username: <mymail>
  password: !secret smartlife
  country_code: 49
  platform: smart_life

hacs:
  token: e...7

Do you have ideas to solve my problem with HA?

Just asking questions, not sure what the problem is.

• It’s all ‘no response’. Can you ping ha.xxx.dev from the rpi (any container)?

• Try clearing the chrome cache (ctrl + f5)…but you say all devices, so probably not.

• Can you ping 192.168.178.34 from the nginx container?

• I’m assuming you still have port 443 forwarded in your router to your rpi?

• You aren’t listening to ipv6 on port 80…but that would only affect things using ipv6 trying to access port 80, so not the problem here. (listen [::]:80). Also missing the prefix ‘ha.xxx.dev’ up there. Again, these probably wont fix anything unless you aren’t typing “https” specifically in the browser.

• You don’t have a websocket config in your nginx, so those websocket lines might not work. I have this in my server config after the first location / { }.

      location /api/websocket {
          proxy_pass http://localhost:8123/api/websocket;
          proxy_set_header Host $host;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection $connection_upgrade;
      }

• Is your site enabled in nginx? Im guessing since you say you followed the docs, it is. But in /etc/nginx/sites-enabled, you only have your one single config? (You can have multiple if you know what you’re doing…just making sure youve checked this).

You shouldn’t need to add anything to the http section (other than base_url). I wouldn’t require SSL on home assistant with NGINX since it’s just adding extra overhead, cpu, and requiring all of your IP devices to be able to support it (not all do).

Hi jocnnor,

THANKS for your first hint.
I am an idiot!

Wasnt able to ping my subdomain ha.xxx.dev.
Just forgot to set up dyndns for my subdomain.