Having problems setting up NGINX Home Assistant SSL proxy add-on

riddledaxis · March 13, 2019, 8:27pm

Hi,

I really hope thaqt you guys can help.

I have been following these guides to configure the NGINX SSL proxy add-on.

home-assistant/hassio-addons/blob/master/nginx_proxy/README.md

# Home Assistant Add-on: NGINX Home Assistant SSL proxy

Sets up an SSL proxy with NGINX and redirects traffic from port 80 to 443.

![Supports aarch64 Architecture][aarch64-shield] ![Supports amd64 Architecture][amd64-shield] ![Supports armhf Architecture][armhf-shield] ![Supports armv7 Architecture][armv7-shield] ![Supports i386 Architecture][i386-shield]

## About

Sets up an SSL proxy with NGINX web server. It is typically used to forward SSL internet traffic while allowing unencrypted local traffic to/from a Home Assistant instance.

Make sure you have generated a certificate before you start this add-on. The [Duck DNS](https://github.com/home-assistant/hassio-addons/tree/master/duckdns) add-on can generate a Let's Encrypt certificate that can be used by this add-on.

[aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
[amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
[armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg
[armv7-shield]: https://img.shields.io/badge/armv7-yes-green.svg
[i386-shield]: https://img.shields.io/badge/i386-yes-green.svg
[discord]: https://discord.gg/c5DvZ4e

and I have even tried using this one

I have a new installation (doesn’t have the latest update) running on a Ubuntu 18.10 Server and the add-on is v2.1.

The error I am getting is shown in the add-in’s log as
INFO] Running nginx… nginx: [emerg] BIKO_new_file("/ssl/cert.pem") failed (SSL: error02001002:system library:fopen:No such file or directory:fopen(’/ssl/cert.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)

I have followed the guides and it is really frustrating that it is not working.

I have attached screenshots of my config files and of the error in the add-in’s log.

Any help would be gratefully received.

Thanks Paul

juan11perez · March 14, 2019, 6:09am

I wrote this guide and it works. Take a look in shared projects

Nginx Reverse Proxy Set Up Guide – Docker

riddledaxis · March 14, 2019, 8:59am

Hi Juan,

I will take a look at your guide tonight.

Thank you

Paul

riddledaxis · March 14, 2019, 9:10pm

Hi @juan11perez

I have been following your guide and ran into a problem. I am sure it is something I have done wrong and would really appreciate your help to fix it.

I used your updated docker-compose file for the wildcard subdomains and the docker-compose seems to work, but the server runs is running in the terminal window. If I close the terminal it shuts letsencrypt down.

Also the folder home/user/docker-projects/letsencrypt/config/nginx/site-confs/default folder is empty, in your guide NGINX should be in there ?

If I run docker ps it doesn’t show letsencrypt so I have definitely done something wrong.

I have attached my docker compose file and a screenshot of the terminal.

juan11perez · March 15, 2019, 6:20am

That’s definitely incorrect. If you’re running a docker via docker-compose it will not shut down when you leave the terminal.

I presume it has to do with your next comment about the folder.

You must definitely have a folder where letsencrypt stores its configuration.

you mention /home/user/docker-projects/letsencrypt/config. I presume you have changed the “user” part to your actual ubuntu user?

riddledaxis · March 15, 2019, 8:49am

@juan11perez school boy error, missed that. Thank you.

I changed it from user to pj (which is my user) and it has now created the folders and files.

I should be able to close the terminal window without it terminating letsencrypt, as it does now show a running container when I type docker ps?

juan11perez · March 15, 2019, 9:28am

yes, no terminal required

riddledaxis · March 16, 2019, 7:43pm

I used your default configuration file, and changed the bits you advised. But what is the purpose of the fastcgi_pass hostip:9000 line? I have portainer running on port 9000, so should I change this and if so what to?

Should I also configure one of the subdomains to point to portainer?

Also, I use configurator, so I used subdomain 1 and changed the server_name to conf.***.duckdns.org and then proxy_pass to 127.0.0.1:3218 is that right?

Sorry for all the questions, learning as I go.

juan11perez · March 17, 2019, 8:28am

dont know what fastcgi_pass hostip exactly does. but leave it as is.

Change portainer ports to something else i.e. 9100:9000

you should configure the domains you want to expose externally, as per my write up.

for the proxy pass the ip needs to be your server ip with the correct port. xxxx:3218 I pressume you’re example should work. I just use the ip i see on my router for the server.

riddledaxis · March 25, 2019, 8:52am

@juan11perez as far as I can tell I have followed your guide to the letter and used your configs to ensure it is right substituting my details for yours. But it refuses to work.

If I type https://hass.*****.duckdns.org on the local server, I get a time out error and if I try it from the local network or externally I also get a time out issue.

I am forwarding ports 80 & 443 from my router to my server.

Also, I can still connect to my local server by its IP and port (8123, 3128, 9001) the letsencrypt container is running, and I don’t know how to troubleshoot it further. I have rebooted the server several times and also restarted the letsencrypt container after every config change.

I would really appreciate any help you could offer.

Paul

juan11perez · March 25, 2019, 1:13pm

Is the letsencrypt docker running?
Have you got the right image for your system?
On a Pi it should be arm32v7-latest

Check the docs, recheck your compose

https://hub.docker.com/r/linuxserver/letsencrypt/

riddledaxis · March 25, 2019, 2:20pm

@juan11perez

I am running my Ubuntuserver in Hyper-V on a Windows 10 Pro x64 PC.
What version should letsencrypt be for that? All of the important containers seem to be running (see attached)

I will check my compose again when I get home tonight.

Thank you.

juan11perez · March 25, 2019, 6:37pm

I thought it was a RPI. Portainer says is running. You need to check your logs. See if you spot something.
Also seems you’ve got another nginx add on running.

riddledaxis · March 28, 2019, 8:26pm

@juan11perez

I tided up my portainer and removed the other nginx from my home assistant setup.

I have checked my docker-compose file and also my site-confs default file and I cannot find a difference from your files. I also rechecked my gid and uid and it is right.

I also checked my portainer logs for the letsencrypt container, and again it all seems to be working (see attached logs, I edited my email address) but I still cannot access https://hass..duckdns.org, or https://conf..duckdns.org even from the server.

Any ideas on why it is being such a problem??

Portainer letsencrypt log.yaml (1.3 KB)

juan11perez · March 28, 2019, 11:37pm

Logs look normal. I’m afraid I can’t offer more advice.