HA running in Docker and NGINX connection issues

ragnar · June 2, 2019, 3:17pm

Hello all

Again, a thread on using Nginx as a reverse proxy for HA.

What I want: use Nginx over SSL with authentication as a first line of auth and from there redirect to HA authentication. I already use a similar approach for my Motion webcam that’s running on a Raspberry PI and to front my pi-hole interface.

It’s been driving me crazy to get this working and after days of reading post after post I seem no closer to a resolution.

Maybe you can help?

Disclaimer: I am no expert at any of this so if the below seems like’s it’s written by an amateur…that’s because it is

Setup:

HA on docker running on Synology NAS918+
Nginx running on RPI, already used to front other servers. E.g. the webcam and pi-hole.
SSL is using self-signed certificates (for now, I intend to set up LetsEncrypt at some point)
Using no-ip.com for DDNS service
Router forwarding port 444 (provider blocks 443) to Nginx 443
nginx IP: 192.168.1.6
Home-assistant IP: 192.168.1.3:8123
Router IP: 192.168.1.1

The errors I see all look like this:

open() "/usr/share/nginx/html/frontend_es5/core.99aeb776.js" failed (2: No such file or directory), client: 192.168.1.1, server: MY.DDNS.HOSTNAME, request: "GET /frontend_es5/core.99aeb776.js HTTP/1.1", host: "MY.DDNS.HOSTNAME:444", referrer: "https://MY.DDNS.HOSTNAME:444/ha/"

Config bits:

NGINX.CONF

map $http_upgrade $connection_upgrade {
default upgrade;
''      close;
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name MY.DDNS.HOSTNAME;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name MY.DDNS.HOSTNAME;
    ssl on;
    ssl_certificate /home/user/certificates/MY.DDNS.HOSTNAME.crt;
    ssl_certificate_key /home/user/certificates/MY.DDNS.HOSTNAME.unsecure.key;

    proxy_buffering off;

    location /the_camera/ {
            proxy_pass http://192.168.1.x:yyyy;
            auth_basic "Show me the camera";
            auth_basic_user_file /etc/nginx/users;
    }

    location /pihole/ {
            proxy_pass http://192.168.1.6:8001/admin/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For
            $proxy_add_x_forwarded_for;
            proxy_read_timeout 90;
            auth_basic "Show me your pi-hole!";
            auth_basic_user_file /etc/nginx/users;
    }

    location /ha/ {
            proxy_pass http://192.168.1.3:8123/;
            proxy_set_header Host $host;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
           auth_basic "Home-assistant please!";
           auth_basic_user_file /etc/nginx/users;
    }
}

CONFIGURATION.YAML

http:
  base_url: https://MY.DDNS.HOSTNAME:444/ha/
  use_x_forwarded_for: true
  trusted_proxies: 192.168.1.6

tmjpugh · June 2, 2019, 10:13pm

Try setting up HA as subdomain in nginx

ha.server.com
NOT
server.com/ha

I had issues getting /ha to work. I believe it possible but forget how and unfortunately didn’t go back to look into changing something once it was working

flamingm0e · June 3, 2019, 3:22am

Correct.

You have to use subdomains, and cannot use paths.

ragnar · June 3, 2019, 8:57am

Thanks @tmjpugh @flamingm0e !

I’ll give that a go. It somehow strikes me as more elegant anyway.

Any idea what the technical restrictions are in using a path for this?

flamingm0e · June 3, 2019, 1:07pm

I assume it’s an issue with the routing functions of the built in HA web server