Home Assistant Community Add-on: Nginx Proxy Manager

Jelte · May 24, 2019, 7:26pm

I’m having the same issues with Grocy. Seems that grocy has something strange. Tried it with a subdomain, but doesn’t work. Also not with a folder /grocy and the by @kirpat suggested rewrite /grocy/(.*) /$1 break;

Does anyone has another suggestion to get this to work?

edit: I got it to work with a subdomain. Localhost insn’t the way to go

But to get a subfolder working (as in domain.org/folder) isn’t working for me. Also not for pihole. And to get everything in a subdomain is a bit much to ask.
Does anyone have a working reverse proxy for a subfolder?

apmillen · May 24, 2019, 9:22pm

Kodi has a web server built in (which is enabled in the settings) which allows you to control that instance as well as watch content on the browser etc.

strikeir13 · May 24, 2019, 10:37pm

I also managed to get grocy available via remote access by using a subdomain. I gave up on the mydomain.duckdns.org/grocy URL and instead used grocy.mydomain.duckdns.org, per @apmillen’s notes. This worked with the following settings:
33%20PM
I requested a new SSL cert for the above domain and it worked first try. From there, it was straightforward to add an iframe panel and make it accessible from within Home Assistant.

I also made NPM available in a similar manner (nginx.mydomain.duckdns.org) though it’s not working in the HA iframe for some reason. NPM has its own authentication, so I’m mostly ok with make it remotely available, though ideally I could keep it behind the HA authentication since I have multi-factor enabled there. Has anyone else done this? Or am I really just setting myself up for trouble by making NPM available outside my home network at all?

strikeir13 · May 25, 2019, 1:30pm

For anyone else looking for this solution, I edited the NPM proxy host by adding the following code in the advanced configuration section:
proxy_hide_header X-Frame-Options;
By default, x-frame-options are set to deny all connections. Once I removed that header, the NPM iframe works correctly.

serkank · May 28, 2019, 7:42pm

NPM automatically renews the certificate? I had an automation for let’s encrypt addon but I assume if I renew the cert woth LE addon, it will not work here, right?

frenck · May 29, 2019, 7:39am

Yep

imval · June 5, 2019, 7:26am

Hi, I have the DuckDNS addon taking care of my wildcard SSL certificate in /ssl.
Is it possible to use this certificate with the Nginx Proxy Manager ?

frenck · June 5, 2019, 7:36pm

That is not recommended. The way to solve this, is disable Lets Encrypt in the DuckDNS add-on and let the Nginx Proxy Manager handle this.

imval · June 5, 2019, 10:24pm

Yeah but the nginx proxy manager doesn’t handle wildcards …

Marius_Karlsen · June 7, 2019, 6:37am

I just made an account to thank you. I could not figure this out. the part that helped me was to comment out the http: in configuration.yaml. All other guides say to add alot of stuff here.

Klagio · June 7, 2019, 9:42am

Hi, I do not understand well. You have

xxx.duckdns.org as Domain NAme
192.168.0.201 as Forward Hostname/IP (or whatever your internal IP)
8123 as Forward Port

and then in menu Define location your above example?

So when form outside your LAN you want to access your pihole you do

xxx.dickdns.org/pihole

?

Klagio · June 7, 2019, 9:45am

Same error, and I have same request

talondnb · June 7, 2019, 9:55am

All correct except I don’t forward 8123, I forward 80 and 443 to that internal host from outside.

80 redirects to 443.

Klagio · June 7, 2019, 9:58am

mmhhh, I have forwarded in router 80:80 and 443:443 to 192.168.1.xxx where is HASSIO

If I do
http://xxx.duckdns.org/pihole I get 502 bad gateway
https://xxx.duckdns.org/pihole I get 502 bad gateway

If I do
http://xxx.duckdns.org it goes correctly to HASS
https://xxx.duckdns.org it goes correctly to HASS

So now I wish to reach other servers (on same IP for some services, and on different IP for other services), using xxx.duckdns.org/whatever

but get error

talondnb · June 7, 2019, 10:15am

01%20pm

15%20pm

Hope this helps.

Klagio · June 7, 2019, 10:41am

and then you access your pihole from outside your lan with

https://xxx.duckdns.org/pihole

?

p.s. I see in my mobile browser, in address it changes itself to

http://xxx.duckdns.org:4865/admin/

something is doing, but not working

Klagio · June 7, 2019, 1:43pm

I think I am near, but can’t figure iot out yet.

Seems that my system cannot translate
http://xxx.ducxkdns.org into http://192.168.1.10 (my HASSIO internal IP)

On another thread a user used DNSMasq addon and put the below config

{
  "defaults": [
    "208.67.222.222",
    "208.67.220.220"
  ],
  "forwards": [],
  "hosts": [
    {
      "host": "xxx.duckdns.org",
      "ip": "192.168.1.10"
    }
  ]
}

Now externally I still can’t reach poihole (https://xxx.duckdns.org/pihole) and when I try from within my LAN

http://xxx.duckdns.org/pihole I receive

# 400 Bad Request

The plain HTTP request was sent to HTTPS port

with
http://xxx.duckdns.org:4865

ERR_CONNECTION_REFUSED

I got confused

so3n · June 10, 2019, 11:30pm

Thanks for the awesome plugin.

I’m a bit of a noob with reverse proxies, can anyone tell me what “block common exploits” option does and if there is any undesired effects of having this option enabled?

jerxjac · June 12, 2019, 5:16pm

Just did a fresh install of Hass.io 0.94.1. and installed the plugins Mosquitto broker, Samba share AND Ngnix Proxy Manager.

I have setup Nginx like this, I can connect by entering xyz.duckdns.org without SSL activated in Nginx. But the moment I select ‘ Force SSL’ I get ERR_CONNECTION_REFUSED!