Hi guys
I’ve always had it take forever to come up, but this time it does not want to…
Was updated earlier tonight to newest stack…
opening the observer url comes back with positive screen.
Don’t have a die how to diagnose or what to check/restart.
Assistance will be appreciated.
G
ye… but still can’t get to web interface, neither can the mac app connect to the unit.
I’m looking at the docker logs for the container running, having some errors around connecting to my plex server etc, but not seeing anything that raises alarms, even the mqtt container is running.
G
have a idea… i added the following 2 lines to the http section:
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
an dit just happens to be http that having a problem, commented it out and restarting stack.
added that as it’s part of Dynu DNS add on configuration, as per:
G
Now you can’t connect anymore using http://x.x.x.x.x:8123, you have to use https://x.x.x.x:8123 (where x.x.x.x is the ip-address of your ha instance)
thanks, let me try that then.
Got it back up once i removed those lines. so let me put them back and try this alternate path.
G
ok, I got back to local access via https://<hostname:8123, but external access via the https://dynu dns hostname:8124 (I use nGinx to reroute host:8124 → container:443) with lets encrypt enabled is not working.
G
typo ?
Did you forward the port on your router ?
homeassistant:
external_url: "https://<dynadns hostname>.ddnsfree.com:8124"
internal_url: "https://192.168.0.110:8123"
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.0.110 # Add the IP address of the proxy server
- 172.30.33.0/24 # You may also provide the subnet mask
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
I’m then using nGinx home ssl proxy add on to reroute Host (external):8124 → container 443 (as lets encrypt is configured), only way I could get this working, if you have suggestion how to change this, I’m all ears.
G
I think you have it backwards.
external_url: “https://<dynadns hostname>.ddnsfree.com”
forward external 443 to 8123
my nginx config :
# make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name home.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /login;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app homeassistant;
set $upstream_port 8123;
set $upstream_proto http;
proxy_pass http://10.0.0.66:8123;
}
location /api/websocket {
resolver 127.0.0.11 valid=30s;
set $upstream_app homeassistant;
set $upstream_port 8123;
set $upstream_proto http;
proxy_pass http://10.0.0.66:8123;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
this is not a full nginx install, its just the ssl proxy add on.
of course the domain name is a line above this diagram.
Thinking, looking above it might mean removing the nines proxy add on and doing a full nginx ?
comment.
I still think your host must be 8123 (that is the port of HA), and you should use “https://<dynadns hostname>.ddnsfree.com” and not ```
“https://<dynadns hostname>.ddnsfree.com:8124”
and forward in your router 443 to 443I’m using 443 on router for my vpn access. so will forward 8124 on router to 443 on host.
Now what do I sent my external url to though, https://:8124 or https://
and oh i will disable the nginx ssl proxy add on.
G
SWEEEET… got it working, like this now…
Disabled the nginx ssl proxy add on, configured a port forward on my edge router of any:8124 → 292.168.0.11:443
and
in configuration.yml
homeassistant:
external_url: "https://<dynu dns name>.ddnsfree.com:8124"
internal_url: "https://192.168.0.110:8123"
customize: !include customize.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.0.110 # Add the IP address of the proxy server
- 172.30.33.0/24 # You may also provide the subnet mask
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
it seems all not 100%, with this configuration. I can access the portal using my laptop, as I can tell laptop to accepts the less than secure certificate. remember the certificate is associated with the fqdn, when internal I use a internal IP…
So the iPhones simply refuse to open site due to the discrepancy…
this does include commenting out the ssl_* from http section, would be great if I can tell it to only use ssl for external and non ssl for internal. ?
PS: I did change the internal url to he http://<ip address:8123
G
Ok… got both worked, but had to go back to some old settings…
commented out the ssl_* from configuration.yaml.
changed internal back to https::8123 and external to https://:8124
configured nginx ssl proxy to forward container host:8124 to container:443
configured edge router to forward any:8124 to container host:8124.
working for internal and external.
Might not be perfect, but it’s working.
G