Hi, I’m using the official NGINX addon for Hassio to so an SSL proxy so I can access HA over the internet.
The docs are here:
Now I have basic functionality working, I can access HA over the internet, but I’m a little unsure about this:
customize
(boolean)(Optional)If true, additional NGINX configuration files for the default server and additional servers are read from files in the /share directory specified by the default and servers variables.
Default value: false
Are there any examples of these configuration files? How to I copy over these
configuration files to the addon?
For example I’m running the Tileboard frontend, and I’d like to have a seperate NGINX server just for Tileboard on a different port, would this be possible?
Did you figure this out? I just setup the NGINX reverse proxy and everything worked fine. I can access ha local and external.
I have never used NGINX before or set up a reverse proxy so this is totally new. I have zoneminder running on a separate server and I would like to access it through the reverse proxy but I am not sure how to do this. Do I follow the docs that describe setting up a subdomain https://www.home-assistant.io/docs/ecosystem/nginx_subdomain/, they state to create a file in /etc/nginx/sites-enabled/homeassistant or should I set customize to to true and add the files in the /share file?
Honestly, if you are running HassIO, I would recommend trying out the Nginx Proxy Manager addon. It gives you a pretty simple GUI to use to configure things.
I’m only using that addon, but have no experience with nginx outside of that addon, so I can’t really help guide you for your particular situation, but making a new subdomain is dead simple with the GUI.
Note, you can’t run both at the same time, so stop the main one before starting the manager one.
I tried the Nginx Proxy Manager addon yesterday and while agree it was simple with the GUI it would not work for me.
I stopped the official Nginx addon so it was not running
Installed the Nginx Proxy Manager: it seemed to start correctly
Opened the Web UI
My ports were already forwarded for 443
Created a Proxy Host
Source: xxxx.duckdns.org
Scheme: http
Forward Hostname/IP: my hassio IP address
Forward Port: 8123
Websockets Support Checked
I saved the Proxy Host; the status shows online. When I click on the host I get an error and I cannot access from outside my network.
I thought the problem was because it needed the SSl Certificate so I tried to add the Lets Encrypt Certificate using the SSL tab SSL Certificate:Request New Certificate. When I tired to saved I got this error:
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxxx.duckdns.org
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. xxxx.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://xxxxx.duckdns.org/.well-known/acme-challenge/Ne5btzccG6CuBnezRyQbsFyOKUnXd-U1xlH8w3Vcu9A: Timeout during connect (likely firewall problem)
I am not sure what I am doing wrong I went through the docs and thought I followed them correctly. If you see any thing I did wrong I would appreciate the help. Did you have to setup Lets Encrypt to use with this add on?
@pete99 I’m certainly no expert, but you should try using port 443 in the Nginx Proxy Manager instead of 8123. Here’s a snippet of my working config: I have forwarded ports 80:80 and 443:443 on my router.
@strikeir13 I have ports 80 and port 443 forwarded on my router. In the app I filled out “Forward Port” with 8123 same as yours.
I think my issue is with the Let’s Encrypt certificate.
Are you using the Duckdns addon with Let’s Encrypt handled by the addon?
Did add ssl in the proxy manager?
In your config.yaml did you include the port e.i https://xxxx.ducknds.org:8123 or just https://xxxx.ducknds.org
I have duckdns installed but I’m not sure it’s necessary, I just haven’t uninstalled it from previous configurations. I did request a new cert via the Nginx Proxy Manager addon, just like the guidance gif shows. My URL in configuration.yaml does include 8123 but I’m not sure that’s necessary either.
I think NPM requests and renews certs so you probably don’t need Duckdns at all except for forwarding your IP to a domain (what I use it for).
Thanks for the information, it seems like I have it configured correctly but the pi gives an error when I try to request a new cert and I cannot access homeassistant. For now I am using the standard Nginx addon it works fine I just need to figure out how to use the customize option.
Hi, I ended up running Tileboard on a completely seperate machine in the end, I didn’t use any extra additional NGINX configuration files with the official addon.
It’s a shame there isn’t a working example in the docs but I guess if someone was experienced with NGINX then they could pull if off. I’m not very experienced so went with another solution.
If you figure out how it works I’d be interested to know.
I have been struggling also with customizing the NGINX SSL PROXY. My motivation was to add zoneminder as a second server/subdomain. I tried unsuccessfully to use the customize option.
Initially I was not aware of the newer (and IMHO friendlier) NGINX PROXY MANAGER addon. Previous to trying to customize and add zoneminder I was quite happy with the SSL PROXY and
it’s integration with letsencrypt. IIRC, letsencrypt was brought in whenever I added the DUCKDNS addon.
The following is a bullet-ed list of the major pitfalls I encountered in trying to move over to the PROXY MANAGER and add zoneminder server as a second service/location. I hope someone finds this helpful as this is my attempt to give back to the Home Assistant Community.
Initially I simply stopped the SSL PROXY and proceeded to install the PROXY MANAGER.
While I suspect this was not an issue I did uninstall SSL PROXY to ensure there was
no interaction between the two. I will note this is not risky since PROXY MANAGER
is a direct replacement for SSL PROXY (based on my experience).
Initial attempts to start PROXY MANAGER failed silently. I would click start
and within 2-5 seconds I could tell it was not running. No logs were visible
in the homeassistant.log file?
I was only able to troubleshoot this issue by dropping into the docker
shell for the docker proxymanager container and reviewing the logs.
Here I was able to see there was a contention on port 80. With this info I
dropped back into the top level PROXY MANAGER pane under Hass.io dashboard
and disabled port 80. With this adjustment I was able to start PROXY MANAGER successfully.
After successfully starting PROXY MANAGER, I opened the WEB UI and was confronted
with a login. This was baffling given nowhere in the home assistant docs for
PROXY MANAGER could I find what the default login was. Attempts to use my home assistant
login failed. Only after searching for “NGINIX proxy manager login” did I discover
the github site for the real nginix proxy manager. Here the documentation was better
and provided the default login:
While I was pleased to get this far, I was immediately frustrated given it was not
intuitive to me how to proceed. Only after I watched the animated gif that was
provided in the nginx proxy manager doc was I able to stumble through it.
At this point I was able to use the form provided by PROXY MANAGER to configure my
homeassistant URL just like using the SSL PROXY. However, my attempt to create a
ssl certificate via the letsencrypt service failed with a popup ERROR window.
This did create a certificate however the expiration date was the creation date?
I was finally able to resolve this by enabling port 80 in the PROXY MANAGER config
panel AND adding a port forwarding rule for port 80 in my gateway router.
Note that prior to this, I had not opened port 80 in my home router/gateway
since with SSL PROXY I had no need for port 80. I was only port forwarding
port 443.
In order to open port 80, I was forced to drop back to the homeassistant
configuration.yaml and remove my config for the emulated_hue which I had
listening on port 80. I suspect most homeassistant users do not use this?
At this point I was now able to access my homeassistant server from the public
network/wan just as I had when running with SSL PROXY. A good test is accessing
via the Home Assistant Android App.
Now I was ready to bring in my zoneminder server. The desire here was to be able
to connect to it via https://mydomain.duckdns.org/zm. This took me to the Custom Locations form under the edit panel for my proxy host in PROXY MANAGER.
However, yet again, initial attempts at this failed and so I referred to the
github site for documentation but to no avail. Below are listed the steps and
hurdles I had to address before success.
The add location form only allowed specifying
- location
- scheme
- forward hostname
- port
Unfortunately, I am running zoneminder in a docker container on the same host
machine as homeassistant, nginxproxymanager, and others. The URL to connect
to the zoneminder server is https://192.168.1.7:8444/zm. The need to specify
both a new port and the location /zm in the URL was not something I could accomplish
via the add location form? At this point I was stuck.
Here is the hack/workaround I did to get going. I am pretty certain there is a
way to specify this through the user interface but I was not able to find any info.
Thus I directly edited the proxy configuration file in the docker container.
Bring up a bash shell inside the container using the command docker exec -ti addon_a0d7b954_nginxproxymanager bash
From the bash shell, edit the file at /data/nginx/proxy_host/2.conf
Change the proxy_pass line in the location block named “/zm” to https://192.168.1.7:8444/zm .
restart the nginx proxy manager container via the command docker restart addon_a0d7b954_nginxproxymanager
Sorry for the long drawn out post. That is all I have for now. I am not happy with this hack and will be looking for a more correct solution. But in the mean time, I hope this helps somebody. By all means, please comment or correct this as needed.
Thanks for this, I do need to create a special nginx server configuration file, for which I don’t think it’s possible through the webui of the interface. Will try your hack, hope will work
Can’t get to those files using the instructios in the docs: how did you do it? I ised a USB with a public key and uploaded from the HASSIO SYSTEM menu, but its not working, any hint?
I should have mentioned the environment I am running:
Ubuntu 18 Linux Server with hass.io installed per instructions here
These instructions had me install docker
I am running as root i.e. sudo su when I run the docker command (Docker version 19.03.5)
I am also running portainer which also allows me to drop into the nginx container at the bash shell.
If you are running hass.io on a raspberry pi xx, you can drop down to the hassos command line. Don’t know if that will allow you to run docker? I am curious so I will search around.
Otherwise, what compute enviornment are you running hass.io?
Thanks for the help.
Yes I can access HASSOS command line, but don’t know how to access the files used by addons as configuration files (I can access if course the directories CONFIG SHARE and so on)
warning Command failed: /usr/bin/certbot certonly --cert-name “npm-10” --agree-tos --email “xxxxxx” --preferred-challenges “dns,http” -n -a webroot -d “
I have forwarded ports 80:80 and 443:443 on my router.