Hi, I ended up running Tileboard on a completely seperate machine in the end, I didn’t use any extra additional NGINX configuration files with the official addon.
It’s a shame there isn’t a working example in the docs but I guess if someone was experienced with NGINX then they could pull if off. I’m not very experienced so went with another solution.
If you figure out how it works I’d be interested to know.
I have been struggling also with customizing the NGINX SSL PROXY. My motivation was to add zoneminder as a second server/subdomain. I tried unsuccessfully to use the customize option.
Initially I was not aware of the newer (and IMHO friendlier) NGINX PROXY MANAGER addon. Previous to trying to customize and add zoneminder I was quite happy with the SSL PROXY and
it’s integration with letsencrypt. IIRC, letsencrypt was brought in whenever I added the DUCKDNS addon.
The following is a bullet-ed list of the major pitfalls I encountered in trying to move over to the PROXY MANAGER and add zoneminder server as a second service/location. I hope someone finds this helpful as this is my attempt to give back to the Home Assistant Community.
Initially I simply stopped the SSL PROXY and proceeded to install the PROXY MANAGER.
While I suspect this was not an issue I did uninstall SSL PROXY to ensure there was
no interaction between the two. I will note this is not risky since PROXY MANAGER
is a direct replacement for SSL PROXY (based on my experience).
Initial attempts to start PROXY MANAGER failed silently. I would click start
and within 2-5 seconds I could tell it was not running. No logs were visible
in the homeassistant.log file?
I was only able to troubleshoot this issue by dropping into the docker
shell for the docker proxymanager container and reviewing the logs.
Here I was able to see there was a contention on port 80. With this info I
dropped back into the top level PROXY MANAGER pane under Hass.io dashboard
and disabled port 80. With this adjustment I was able to start PROXY MANAGER successfully.
After successfully starting PROXY MANAGER, I opened the WEB UI and was confronted
with a login. This was baffling given nowhere in the home assistant docs for
PROXY MANAGER could I find what the default login was. Attempts to use my home assistant
login failed. Only after searching for “NGINIX proxy manager login” did I discover
the github site for the real nginix proxy manager. Here the documentation was better
and provided the default login:
While I was pleased to get this far, I was immediately frustrated given it was not
intuitive to me how to proceed. Only after I watched the animated gif that was
provided in the nginx proxy manager doc was I able to stumble through it.
At this point I was able to use the form provided by PROXY MANAGER to configure my
homeassistant URL just like using the SSL PROXY. However, my attempt to create a
ssl certificate via the letsencrypt service failed with a popup ERROR window.
This did create a certificate however the expiration date was the creation date?
I was finally able to resolve this by enabling port 80 in the PROXY MANAGER config
panel AND adding a port forwarding rule for port 80 in my gateway router.
Note that prior to this, I had not opened port 80 in my home router/gateway
since with SSL PROXY I had no need for port 80. I was only port forwarding
port 443.
In order to open port 80, I was forced to drop back to the homeassistant
configuration.yaml and remove my config for the emulated_hue which I had
listening on port 80. I suspect most homeassistant users do not use this?
At this point I was now able to access my homeassistant server from the public
network/wan just as I had when running with SSL PROXY. A good test is accessing
via the Home Assistant Android App.
Now I was ready to bring in my zoneminder server. The desire here was to be able
to connect to it via https://mydomain.duckdns.org/zm. This took me to the Custom Locations form under the edit panel for my proxy host in PROXY MANAGER.
However, yet again, initial attempts at this failed and so I referred to the
github site for documentation but to no avail. Below are listed the steps and
hurdles I had to address before success.
The add location form only allowed specifying
- location
- scheme
- forward hostname
- port
Unfortunately, I am running zoneminder in a docker container on the same host
machine as homeassistant, nginxproxymanager, and others. The URL to connect
to the zoneminder server is https://192.168.1.7:8444/zm. The need to specify
both a new port and the location /zm in the URL was not something I could accomplish
via the add location form? At this point I was stuck.
Here is the hack/workaround I did to get going. I am pretty certain there is a
way to specify this through the user interface but I was not able to find any info.
Thus I directly edited the proxy configuration file in the docker container.
Bring up a bash shell inside the container using the command docker exec -ti addon_a0d7b954_nginxproxymanager bash
From the bash shell, edit the file at /data/nginx/proxy_host/2.conf
Change the proxy_pass line in the location block named “/zm” to https://192.168.1.7:8444/zm .
restart the nginx proxy manager container via the command docker restart addon_a0d7b954_nginxproxymanager
Sorry for the long drawn out post. That is all I have for now. I am not happy with this hack and will be looking for a more correct solution. But in the mean time, I hope this helps somebody. By all means, please comment or correct this as needed.
Thanks for this, I do need to create a special nginx server configuration file, for which I don’t think it’s possible through the webui of the interface. Will try your hack, hope will work
Can’t get to those files using the instructios in the docs: how did you do it? I ised a USB with a public key and uploaded from the HASSIO SYSTEM menu, but its not working, any hint?
I should have mentioned the environment I am running:
Ubuntu 18 Linux Server with hass.io installed per instructions here
These instructions had me install docker
I am running as root i.e. sudo su when I run the docker command (Docker version 19.03.5)
I am also running portainer which also allows me to drop into the nginx container at the bash shell.
If you are running hass.io on a raspberry pi xx, you can drop down to the hassos command line. Don’t know if that will allow you to run docker? I am curious so I will search around.
Otherwise, what compute enviornment are you running hass.io?
Thanks for the help.
Yes I can access HASSOS command line, but don’t know how to access the files used by addons as configuration files (I can access if course the directories CONFIG SHARE and so on)
Cool, so just to make sure we are on the same page, you got to the hassos command line by typing login at the hassio >?
I booted my old raspberry pi running hass.io. Once i type ‘login’ at the hassio > prompt (and login as root) I have the typical # prompt for root access. Now I can run the docker command.
IIRC, hassos is just another linux, maybe busybox?. If you ran the docker ‘exec’ command I suggested, you are running in the bash shell. A simple ‘ls’ should work for listing a directory? I used the ‘vi’ editor.
Sorry to bump in here, but I couldn’t find a better thread for my issue:
Until recently, I have had a a port forwarding configured on my internet router 443->443 to my homeassistant instance (running on an Raspberry Pi 4 on hassio) configured with ssl certificates from let’s encrypt. Everything was working fine and I was happy…
Now I want to expose a second server on the same port and I have installed the nginx addon. I reused the ssl certificates that I (manually) got from let’s encrypt. I configured everything to the best of my knowledge. And here is the problem:
When I configure nginx without ssl encryption, I can access my homeassistant instance from the internet
When I configure nginx to use ssl encryption (with the ssl certificates), I get an error when I try to load my homeassistant instance from the internet.
The weird thing is: If I force the browser to use http on port 443, I will get plain text. Basically, nginx does not encrypt and if my internet browser tries to decrypt plain text, it will obviously fail.
Does anyone know, what is going on?
I can provide config / logs, whatever is helpful …
For anyone that finds this post trying to work with the official NGINX addon and doesn’t want to just use the “Nginx Proxy Manager addon” then to use the customize server features you need to create a folder in /usr/share/hassio/share/nginx_proxy inside that folder create a file with any name but ending in .conf e.g. other_server.conf
So the way this works is the official nginx add on works based on the domain specified in the config settings and will only forward that domain on to the Home Assistant server. Then these extra server blocks will kick in based on the server_name matching so in the example above when requesting based on IP address it will hit these server blocks instead of the home assistant ones and will proxy to another server.
You could also do server_name: a.nother.domain.com then you can run two domains from the one nginx instance.
Note you may not need all the settings i’ve set above - you need to check the nginx docs / docs for the service you are proxying.
I’ve not done the defaults component so I can’t comment on that.
thanks. I did come across this searching for the same use case and willing to spend time getting this right, vs. jumping to a new addon (Proxy manager - though from what I read it’s a better option?!)
will report if this works
EDIT: crap, looks like I’m using the supervised hass.io install where all add-ons are running as separate containers :S
@foxy82 , you say:
"to use the customize server features you need to create a folder in /usr/share/hassio/share/nginx_proxy inside that folder create a file with any name but ending in .conf e.g. other_server.conf"
But the instructions say:
“…additional NGINX configuration files for the default server and additional servers are read from files in the /share directory specified by the default and servers variables.”
Which one is it?
On one of my installations (where the add-on works perfectly for the main site), I cannot get any other server configured through the Customize Section. On one other server I have, it works out of the ‘/share/’ folder.
I documented what I needed to do but that was over a year ago now so things may have moved on.
I don’t use that add on anymore and created my own due to a ‘feature’ of it that didn’t work for me details here in case you are hitting the same problem: