HA running in Docker and NGINX connection issues

Hello all

Again, a thread on using Nginx as a reverse proxy for HA.

What I want: use Nginx over SSL with authentication as a first line of auth and from there redirect to HA authentication. I already use a similar approach for my Motion webcam that’s running on a Raspberry PI and to front my pi-hole interface.

It’s been driving me crazy to get this working and after days of reading post after post I seem no closer to a resolution.

Maybe you can help?

Disclaimer: I am no expert at any of this so if the below seems like’s it’s written by an amateur…that’s because it is :wink:

Setup:

  1. HA on docker running on Synology NAS918+
  2. Nginx running on RPI, already used to front other servers. E.g. the webcam and pi-hole.
  3. SSL is using self-signed certificates (for now, I intend to set up LetsEncrypt at some point)
  4. Using no-ip.com for DDNS service
  5. Router forwarding port 444 (provider blocks 443) to Nginx 443
  6. nginx IP: 192.168.1.6
  7. Home-assistant IP: 192.168.1.3:8123
  8. Router IP: 192.168.1.1

The errors I see all look like this:

open() "/usr/share/nginx/html/frontend_es5/core.99aeb776.js" failed (2: No such file or directory), client: 192.168.1.1, server: MY.DDNS.HOSTNAME, request: "GET /frontend_es5/core.99aeb776.js HTTP/1.1", host: "MY.DDNS.HOSTNAME:444", referrer: "https://MY.DDNS.HOSTNAME:444/ha/"

Config bits:

NGINX.CONF

map $http_upgrade $connection_upgrade {
default upgrade;
''      close;
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name MY.DDNS.HOSTNAME;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name MY.DDNS.HOSTNAME;
    ssl on;
    ssl_certificate /home/user/certificates/MY.DDNS.HOSTNAME.crt;
    ssl_certificate_key /home/user/certificates/MY.DDNS.HOSTNAME.unsecure.key;

    proxy_buffering off;

    location /the_camera/ {
            proxy_pass http://192.168.1.x:yyyy;
            auth_basic "Show me the camera";
            auth_basic_user_file /etc/nginx/users;
    }

    location /pihole/ {
            proxy_pass http://192.168.1.6:8001/admin/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For
            $proxy_add_x_forwarded_for;
            proxy_read_timeout 90;
            auth_basic "Show me your pi-hole!";
            auth_basic_user_file /etc/nginx/users;
    }

    location /ha/ {
            proxy_pass http://192.168.1.3:8123/;
            proxy_set_header Host $host;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
           auth_basic "Home-assistant please!";
           auth_basic_user_file /etc/nginx/users;
    }
}

CONFIGURATION.YAML

http:
  base_url: https://MY.DDNS.HOSTNAME:444/ha/
  use_x_forwarded_for: true
  trusted_proxies: 192.168.1.6

Try setting up HA as subdomain in nginx

ha.server.com
NOT
server.com/ha

I had issues getting /ha to work. I believe it possible but forget how and unfortunately didn’t go back to look into changing something once it was working

Correct.

You have to use subdomains, and cannot use paths.

Thanks @tmjpugh @flamingm0e !

I’ll give that a go. It somehow strikes me as more elegant anyway.

Any idea what the technical restrictions are in using a path for this?

I assume it’s an issue with the routing functions of the built in HA web server