Home Assistant and NGINX Reverse Proxy Help

elmago · March 29, 2025, 12:58pm

Hi there, I’ve been running an nginx proxy for a while now for easy hostnames internally accessing services. I’ve recently set up wildcard ssl certs for a domain I purchased and changed my nginx config to use SSL. However I can’t get home assistant to work, I was able to sign in but then it errors, unable to connect. I’ve added some proxy pass variables and http information from googling but now it just 404’s.
Home assistant isn’t configured for SSL, just the connection to nginx.

NGINX config:

server {
    listen 443 ssl;
    server_name hass.example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    location / {
      proxy_set_header Host $host;
      proxy_pass http://ha.local:8123 ;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto http;
   }
}

HASS configuration.yaml:

http:
    use_x_forwarded_for: true
    trusted_proxies:
      - 192.168.3.64

192.168.3.64 = nginx proxy IP.

Appreciate some help because I’m getting nowhere :).

DavesCodeMusings · March 29, 2025, 1:09pm

It might be because of web sockets. My working reverse proxy setup looks very much like yours, except:

I have my certificates referenced in a different file. Should not affect anything.
I have a section for location /api/websocket. Probably what you’re missing.

Here’s my config:

nginx

server {
    server_name homeassistant.myserver.home;
    listen 80;
    return 301 https://homeassistant.myserver.home;
}

server {
    server_name homeassistant.myserver.home;
    listen 443 ssl;
    location / {
        proxy_pass http://myserver.home:8123;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
    location /api/websocket {
        proxy_pass http://myserver.home:8123;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

home assistant

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.16.0.2

elmago · March 29, 2025, 1:21pm

Thank you @DavesCodeMusings, that worked!
I should probably learn about what a websocket is.
Appreciated :).

DavesCodeMusings · March 29, 2025, 1:48pm

Glad it worked!

In a nutshell, web sockets are a way to do communication in a way that stays connected. Regular HTTP is connectionless, meaning it finds the URL resource you asked for, sends it, and then disconnects.

A web socket will maintain the connection, with the understanding that more requests are coming. Kind of like SSH. You connect once, do multiple things, and disconnect only when you’re done.

elmago · March 29, 2025, 6:38pm

ah that makes sense, thank you!