HAOS nginx addon TLSv1 Error

Hey folks,

I tried to move to nginx for SSL from having it on HA. I already have my SSL certificate files generated from let’s encrypt, so I thought the migration would be simple as I switched to nginx, however, that wasn’t the case.

FYI, I am having HAOS on top of an rpi4.

I am having a pretty standard configuration:

Home Assistant configuration.yaml

  use_x_forwarded_for: true

(Tried all possible local addresses on trusted_proxies in case that was the issue)

nginx HA Addon config

domain: mydomain.com
hsts: max-age=31536000; includeSubDomains
certfile: fullchain.pem
keyfile: privkey.pem
cloudflare: false
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf

The issue is, that I simply cannot connect to HA using the “mydomain.com” which points to the local IP of my HA:

When I try to connect from the CLI using curl, I get this response:

$ curl https://mydomain.com:8123
curl: (35) error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version

Googling for this type of error on generic nginx advice, I read that I have to explicitly declare on the nginx configuration the supported TLS versions:

proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_ciphers DEFAULT;


So, before I go into a custom nginx configuration and open that can of worms, I wanted to ask for help in the HA community in case there’s a more straightforward solution.

ok, I figured it out, first mistake I did was that i was trying to access “https://mydomain.com:8123” when I should be trying to access “https://mydomain.com” - without the HA specific port, as nginx SSL is configured on 443, the default port…

I then saw on the HA logs that:

Received X-Forwarded-For header from an untrusted proxy

Which I then added as an IP to the trusted proxies and it worked.