I didn’t realize that after I added the location code, that I couldn’t actually login after entering my my username/password. I had to add two more lines to get that working, so these are my final settings for the advanced tab:
One consequence of passing the authorization header seems to be that incorrect logins are shown and logged in HomeAssistant as the IP of Nginx Proxy Manager, rather than the origin IP address. This makes the banlist useless. Is there a way to get HomeAssistant to keep reporting the orgin IP and pass the authorization header?
Alright got remote IP logging and Alexa AWS token authentication working. This is my final advanced config if it helps anyone else:
location / {
proxy_pass http://192.168.0.x:8123; #local IP of my HA server
proxy_set_header Host $host;
proxy_pass_header Authorization; #needed to pass HA token from AWS Alexa to HA
proxy_set_header Upgrade $http_upgrade; #needed for HA user login
proxy_set_header Connection "upgrade"; #needed for HA user login
proxy_set_header X-Forwarded-For $remote_addr; #needed so that HA sees the remote IP making a connection rather that the IP for NGINX
}
HA configuration yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 127.0.0.1 #may not be required?
- 172.30.33.10 #just the IP of NginX Manager, different from HA IP
ip_ban_enabled: true
login_attempts_threshold: 5
You don’t need to add an entire block of IPs to trusted proxies. NginX Manager automatically selects one static IP for each proxy host (each URL source you add in the NginX add-on).
Mines stayed static for the last 3 weeks since I started using NginX Manager. I’ve probably reset my HA 20 times in that period playing with other things. Router a few times too.
I did notice that if you delete/add a new URL for NginX Manager to redirect, a new IP is used.
Covering the entire block of IPs (172.30.33.0/24) will of course work too, but it is also less secure.
If you are paranoid like me, try restricting it to just the one IP. Maybe NginX Manager changed IPs on a previous version.
Alongside /data and /etc/letsencrypt you also need the DB (which depends on your current installation as it might not use MariaDB) to be able to access the interface.
I haven’t looked at the official one in a long time…
The community one is easier as far as I recall. You only need the manager, no duckdns or let’s encrypt add-ons required, as let’s encrypt is rolled into the manager.
There is still abit of yaml needed for the trusted proxies part.
You also still need a domain from duckdns or similar.
It was mostly just an easier all in one GUI interface.
The official one is dead simple and only for you to connect to your HA.
The community one (this one) has GUI, can config more things, can let you connect to multiple services in your network from outside, and thus more complex and powerful.
Hey, i have some issues. The Plugin was working fine. But then it just stopped working and the only error i can see is that when i try to access HA i get the information that it can’t connect.
No other error in any logs i could find. checked my setting but this seems fine and i didn’t changed anything. I know thats not much. But don’t have more i removed the proxy and added a new one with new cert then it worked again for a few minutes till i couldn’t connect anymore…
Are there (advanced) settings for NPM that could make it equivalent to the setup created by the official addon (NGINX Home Assistant SSL proxy). Would the Websockets + Force SSL be enough to be identical to other option?
Would love to see this up w/my Google wifi router.
My home assistant instance is using a VM on my unRAID server. I utilize port 8123.
When I go to port management on my router setting internal port 80 to external port 80, doesn’t open the port. But when I set internal 8123 to external 80, the port is open. Same can be said for port 443.
I contacted my isp (FiOS) and they do not block opening ports.
When I follow the nginx add-on instructions and click on my duckdns subdomain I’m trying to link, I get a bad request error.
What am I doing wrong? Any and all help is much appreciated.