Hi,
I’d like to ask you for help in configuring my HA setup with nginx and cloudflare. I have hassio on docker->nginx->cloudflare setup. I use Cloudflare with its origin CA, which supports end-to-end encryption (full strict). It’s working with HA. I can see encrypted site. The problem is only with the ESP-cam.
I tried to use a picture card in HA to expose my ESP32-cam to the internet. I added URL to the Picture Card and my problem is, that I can see the streaming video only if I’m connected to the local network, but if I try to connect to HA from outside the LAN, the picture doesn’t show up. If I go on the camera tab, the browser tells me that my connection is not fully secure, and as I mentioned, the camera image doesn’t appear.
So my assumption here is, that this might be a problem with SSL/TLS/nginx settings on my setup. The camera streams over HTTP. I’ve tried to somehow redirect HTTP to HTTPS but without success, as I’m not experienced in the nginx at all.
I have my home assistant exposed to the internet through a cheap LowEndSpirit NAT VPS. I set up a reverse ssh tunnel from my local RPI to the remote VPS server(HA is installed on the RPi).
On the VPS I have set up nginx which only redirects requests from mydomain.tk to the aprropriate port. SSL certs are also put there.
Nginx configuration on the VPS server:
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mydomain.tk www.mydomain.tk;
ssl_certificate /etc/ssl/certs/cloudflare_mydomain.tk.pem;
ssl_certificate_key /etc/ssl/private/cloudflare_mydomain.tk.pem;
ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem;
ssl_verify_client on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://localhost:24510/;
}
}
On the RPI (Home assistant) side, the nginx configuration is as below:
map $http_upgrade $connection_upgrade {
default upgrade;
‘’ close;
}
server {
server_name mydomain.tk www.mydomain.tk;
return 301 https://$host$request_uri;
}
server {
listen 24510;
server_name mydomain.tk www.mydomain.tk;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://rpi.local:8123/;
}
}
On my local network, ESP32-cam is accessible at: http://192.168.0.90:8997 or http://espcam01.local:8997 and as I mentioned above also in the HA’s picture card.
I’ve tried to add another configuration that redirects connections from the camera port to the HA port, but it didn’t work.
server {
server_name espcam01.local;
return 301 https://$host$request_uri;
}
server {
listen 8997;
server_name espcam01.local;
location / {
proxy_pass http://rpi.local:8123/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Any help will be appreciated here. I spent days on this setup without success…