Hello all
Again, a thread on using Nginx as a reverse proxy for HA.
What I want: use Nginx over SSL with authentication as a first line of auth and from there redirect to HA authentication. I already use a similar approach for my Motion webcam that’s running on a Raspberry PI and to front my pi-hole interface.
It’s been driving me crazy to get this working and after days of reading post after post I seem no closer to a resolution.
Maybe you can help?
Disclaimer: I am no expert at any of this so if the below seems like’s it’s written by an amateur…that’s because it is
Setup:
- HA on docker running on Synology NAS918+
- Nginx running on RPI, already used to front other servers. E.g. the webcam and pi-hole.
- SSL is using self-signed certificates (for now, I intend to set up LetsEncrypt at some point)
- Using no-ip.com for DDNS service
- Router forwarding port 444 (provider blocks 443) to Nginx 443
- nginx IP: 192.168.1.6
- Home-assistant IP: 192.168.1.3:8123
- Router IP: 192.168.1.1
The errors I see all look like this:
open() "/usr/share/nginx/html/frontend_es5/core.99aeb776.js" failed (2: No such file or directory), client: 192.168.1.1, server: MY.DDNS.HOSTNAME, request: "GET /frontend_es5/core.99aeb776.js HTTP/1.1", host: "MY.DDNS.HOSTNAME:444", referrer: "https://MY.DDNS.HOSTNAME:444/ha/"
Config bits:
NGINX.CONF
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name MY.DDNS.HOSTNAME;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name MY.DDNS.HOSTNAME;
ssl on;
ssl_certificate /home/user/certificates/MY.DDNS.HOSTNAME.crt;
ssl_certificate_key /home/user/certificates/MY.DDNS.HOSTNAME.unsecure.key;
proxy_buffering off;
location /the_camera/ {
proxy_pass http://192.168.1.x:yyyy;
auth_basic "Show me the camera";
auth_basic_user_file /etc/nginx/users;
}
location /pihole/ {
proxy_pass http://192.168.1.6:8001/admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_read_timeout 90;
auth_basic "Show me your pi-hole!";
auth_basic_user_file /etc/nginx/users;
}
location /ha/ {
proxy_pass http://192.168.1.3:8123/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
auth_basic "Home-assistant please!";
auth_basic_user_file /etc/nginx/users;
}
}
CONFIGURATION.YAML
http:
base_url: https://MY.DDNS.HOSTNAME:444/ha/
use_x_forwarded_for: true
trusted_proxies: 192.168.1.6