I have successfully installed Home Asisstant on a location (farm) that is behind CGNAT. At my apartment, I have a machine running a Wireguard server, Nginx Proxy Manager and other apps. In order to get around CGNAT at the farm, the machine running HA is a Wireguard client that successfully connects to the Wireguard server at my apartment. In order to get access to the Home Asisstant app, I’ve set up a proxy host HA.mydomain.com in Nginx that points to the virtual IP (10.6.0.2) assigned by Wireguard to the client. Whenever I try to reach the Home Assistant app from my phone outside my networks with HA.mydomain.com, I get a 400 bad request error. What could I be doing wrong? Please find config data below:
Static public IP - Apartment:1.2.3.4 LAN IP - Apartment server:192.168.100.198 Home Assistant domain:HA.mydomain.com Points to 1.2.3.4
Right so - is Nginx Proxy Manager installed baremetal or in a docker container?
If it is a docker container, can you drop in to the container and verify if you can actually ping Home Assistant from INSIDE the docker container?
OK so the next thing to look at is what the logs for Nginx Proxy Manager are saying, and then the logs of Home Assistant. One of them will be indicating an error. 502 usually indicates that the proxy server was able to send the request to the remote server, but the remote server returned an error. So I’d expect to find a log in BOTH places.
@mobile.andrew.jones
I rebooted the Home Assistant machine and the Nginx docker container and tried to reach HA.mydomain.com afterwards and captured logs
Nginx error logs (no access logs present):
2021/12/25 01:21:23 [notice] 339#339: signal process started
2021/12/25 01:23:37 [notice] 348#348: signal process started
2021/12/25 01:23:48 [notice] 357#357: signal process started
Nginx container logs:
s6-svscanctl: fatal: unable to control /var/run/s6/services: supervisor not listening
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01_perms.sh: executing...
Changing ownership of /data/logs to 0:0
[cont-init.d] 01_perms.sh: exited 0.
[cont-init.d] 01_s6-secret-init.sh: executing...
[cont-init.d] 01_s6-secret-init.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
❯ Enabling IPV6 in hosts: /etc/nginx/conf.d
❯ /etc/nginx/conf.d/default.conf
❯ /etc/nginx/conf.d/include/ip_ranges.conf
❯ /etc/nginx/conf.d/include/proxy.conf
❯ /etc/nginx/conf.d/include/assets.conf
❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
❯ /etc/nginx/conf.d/include/ssl-ciphers.conf
❯ /etc/nginx/conf.d/include/block-exploits.conf
❯ /etc/nginx/conf.d/include/force-ssl.conf
❯ /etc/nginx/conf.d/include/resolvers.conf
❯ /etc/nginx/conf.d/production.conf
❯ Enabling IPV6 in hosts: /data/nginx
❯ /data/nginx/proxy_host/4.conf
❯ /data/nginx/proxy_host/1.conf
❯ /data/nginx/proxy_host/2.conf
[12/25/2021] [1:12:52 AM] [Global ] › ℹ info No valid environment variables for database provided, using default SQLite file '/data/database.sqlite'
[12/25/2021] [1:12:58 AM] [Migrate ] › ℹ info Current database version: none
[12/25/2021] [1:12:58 AM] [Setup ] › ℹ info Logrotate Timer initialized
[12/25/2021] [1:12:58 AM] [Setup ] › ℹ info Logrotate completed.
[12/25/2021] [1:12:58 AM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...
[12/25/2021] [1:12:58 AM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[12/25/2021] [1:12:59 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
[12/25/2021] [1:12:59 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
[12/25/2021] [1:12:59 AM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized
[12/25/2021] [1:12:59 AM] [SSL ] › ℹ info Renewing SSL certs close to expiry...
[12/25/2021] [1:12:59 AM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized
[12/25/2021] [1:12:59 AM] [Global ] › ℹ info Backend PID 249 listening on port 3000 ...
[12/25/2021] [1:13:03 AM] [Nginx ] › ℹ info Reloading Nginx
[12/25/2021] [1:13:04 AM] [SSL ] › ℹ info Renew Complete
Home Assistant logs:
2021-12-24 20:05:31 WARNING (Recorder) [homeassistant.components.recorder.util] The system could not validate that the sqlite3 database at //mnt/dietpi_userdata/homeassistant/home-assistant_v2.db was shutdown cleanly
2021-12-24 20:05:34 WARNING (Recorder) [homeassistant.components.recorder.util] Ended unfinished session (id=8 from 2021-12-25 01:02:24.765180)
2021-12-24 20:06:02 WARNING (MainThread) [homeassistant.setup] Setup of person is taking over 10 seconds.
2021-12-24 20:06:15 WARNING (MainThread) [homeassistant.setup] Setup of timer is taking over 10 seconds.
2021-12-24 20:06:15 WARNING (MainThread) [homeassistant.setup] Setup of input_text is taking over 10 seconds.
2021-12-24 20:06:17 WARNING (MainThread) [homeassistant.setup] Setup of media_source is taking over 10 seconds.
2021-12-24 20:06:17 WARNING (MainThread) [homeassistant.setup] Setup of system_health is taking over 10 seconds.
2021-12-24 20:06:17 WARNING (MainThread) [homeassistant.components.scene] Setup of scene platform homeassistant is taking over 10 seconds.
2021-12-24 20:06:17 WARNING (MainThread) [homeassistant.setup] Setup of input_datetime is taking over 10 seconds.
2021-12-24 20:06:18 WARNING (MainThread) [homeassistant.setup] Setup of input_boolean is taking over 10 seconds.
2021-12-24 20:06:18 WARNING (MainThread) [homeassistant.setup] Setup of input_number is taking over 10 seconds.
2021-12-24 20:06:29 WARNING (MainThread) [homeassistant.setup] Setup of zone is taking over 10 seconds.
2021-12-24 20:07:02 WARNING (MainThread) [homeassistant.components.cover] Updating rpi_gpio cover took longer than the scheduled update interval 0:00:15
To discard network problems in the remote machine location, I brought up a simple HTTPD container in the same machine running Home Assistant. I was able to access the HTTPD server at 10.147.17.175 using a proxy host test.mydomain.com. This leads me to believe that the 502 bad gateway error is entirely related to Home Assistant. Where do you suggest me to start? Below is my HA config file:
# Configure a default setup of Home Assistant (frontend, api, etc)
default_config:
# Text to speech
tts:
- platform: google_translate
group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
cover:
- platform: rpi_gpio
relay_time: 1.0
invert_state: true
covers:
- relay_pin: 17
state_pin: 10
name: "Main Gate"
http:
use_x_forwarded_for: true
trusted_proxies:
- 10.147.17.5 # Add the IP address of the proxy server
#- 172.30.33.0/24 # You may also provide the subnet mask
homeassistant:
external_url: "https://ha.mydomain.com"
However, I’m seeing that the issue has something to do with the connection (WiFi dongle) of the Raspberry that hosts Home Assistant. I’m looking that sometimes the machine doesn’t respond to ping requests (unreachable) but when it does I can reach Home Assistant at ha.mydomain.com. This isn’t the behavior when I link the Home Assistant machine to Nabu Casa. Also, I see a Starscream.HTTPUpgradeError 0 when I try to connect my iOS app to the Home Assistant machine at ha.mydomain.com. What comes to mind?
502 gateway error was solved by replacing Wi-Fi dongle but whenever I authenticate in Home Assistant at https://ha.mydomain.com i get stuck in the Loading Data screen and I get the Starscream.HTTPUpgradeError 0 when I try to authenticate in both the iOS and android apps.
Remote access at ha.mydomain.com - Stuck at loading data screen
Remote access at ha.mydomain.com via iOS and android apps - Starscream.HTTPUpgradeError 0
Local access at LAN IP 192.168.0.199:8123 - OK
Access at ZeroTier managed IP 10.147.17.175:8123 - OK
Ok. After enabling websocket support on Nginx I was able to finally access my Home Assistant machine behind CGNAT using ZeroTier and Nginx Proxy Manager. Since I had multiple issues, I will summarize the solutions below:
502 Bad Gatway Error:
My particular issue was that the WiFi dongle I was using to connect the Home Assistant machine to the internet was dropping the connection with the router. I replaced the dongle and the connection between the Home Assistant machine and the router stabilized.
Nginx Proxy Manager:
Enable Websockets support
Home Assistant’s configuration.yaml:
Whitelist the ZeroTier IP of Nginx Proxy Manager using the http integration
http:
use_x_forwarded_for: true
trusted_proxies:
- 10.147.17.5 # ZeroTier IP of the Nginx Proxy Manager Machine
Additionally, I found the following suggestions searching for additional support:
Enable the mobile_app integration
mobile_app:
Specify the external URL in the Home Assistant setup basic information