Hey folks,
I tried to move to nginx for SSL from having it on HA. I already have my SSL certificate files generated from let’s encrypt, so I thought the migration would be simple as I switched to nginx, however, that wasn’t the case.
FYI, I am having HAOS on top of an rpi4.
I am having a pretty standard configuration:
Home Assistant configuration.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 127.0.0.0/24
- 172.20.0.0/24
- 192.168.0.0/16
(Tried all possible local addresses on trusted_proxies in case that was the issue)
nginx HA Addon config
domain: mydomain.com
hsts: max-age=31536000; includeSubDomains
certfile: fullchain.pem
keyfile: privkey.pem
cloudflare: false
customize:
active: false
default: nginx_proxy_default*.conf
servers: nginx_proxy/*.conf
The issue is, that I simply cannot connect to HA using the “mydomain.com” which points to the local IP of my HA:
When I try to connect from the CLI using curl, I get this response:
$ curl https://mydomain.com:8123
curl: (35) error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version
Googling for this type of error on generic nginx advice, I read that I have to explicitly declare on the nginx configuration the supported TLS versions:
proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_ciphers DEFAULT;
(source).
So, before I go into a custom nginx configuration and open that can of worms, I wanted to ask for help in the HA community in case there’s a more straightforward solution.