Disregard.
For proxying as subfolder you need to also add the overwritewebroot in Nextcloudâs config.php:
Even with this, I couldnât get the iOS client to connect all the time with subfolder, but works with subdomain:
'trusted_domains' =>
array (
0 => 'localhost',
1 => '192.168.0.100',
2 => 'nextcloud.xxx.duckdns.org',
),
'overwrite.cli.url' => 'https://nextcloud.xxx.duckdns.org',
'overwriteprotocol' => 'https',
The doc page for the addon is here https://github.com/home-assistant/hassio-addons/blob/7a63283562aae8f3bc7e92b9bbec271fbae26e9d/dnsmasq/DOCS.md
I think for what you are trying to do you want to change the hosts section. That looks like itâs working since ui.42o4 is resolving to 192.168.0.100.
In some places you mention ui,home but it seems you have configured ui.42o4. Is the proxy server also configured for ui.4204?
If you type http://192.168.0.100:8443 in the browser does it bring up the expected page?
What does âRunning this command in Ubuntu within windows 10 (not another VM)â mean? Are you running this under the windows subsystem for linux?
Thank you, this seems to have fixed my problem. I never would have found this answer on my own.
Again, I really want to thank you for your help,
Iâve been trying to use Nginx Proxy Manager but when I turn it on, my webhooks get broken. Hereâs the traceback
File "/usr/local/lib/python3.8/site-packages/aiohttp/web_protocol.py", line 275, in data_received messages, upgraded, tail = self._request_parser.feed_data(data)
File "aiohttp\_http_parser.pyx", line 523, in aiohttp._http_parser.HttpParser.feed_data aiohttp.http_exceptions.BadStatusLine: invalid HTTP method
When I try to run an IFTTT webhook, I get an EPROTO error, saying SSL23_GET_SERVER_HELLO:unknown protocol: âŚ/deps/openssl/openssl/ssl/s23_clnt.c:782
Any suggestions? Thanks!
Also, if I turn off Nginx Proxy Manager and use the following http: config section, the webhooks work fine, so I donât think itâs a router issue
http:
base_url: !secret http_base_url
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
Guys i have installed that and home assistant forwarding works like a charm.
I want to forward 443 also to my synology, but it didât work for me. Do i also create SSL letsencrypt certificat and forward to http instead of https port to synology?
Inside the Synology is already an another SSL certificat installed and working.
1 Like
Also is it possible to remove the âCongratulationsâ page of Nginx when you go to your https adres?
You can change it in Settings.
Iâm trying to renew my Letâs Encrypt Certificate through the proxy manager and I either get an âInternal Errorâ or timeout. Not sure where to look for logs to see whatâs going wrong. Deleting and creating a new one from scratch is also erring.
Any pointers?
Do you have port 80 forwarded to the ip of the machine where NPM is running?
Most of the times when I had issues with certificate renewal it was because I had done some bad stuff elsewhere (pointed port 80 to another ip, installed another docker running on port 80 so that the addon couldnât start, sent NPM traffic through VPN so that it didnât accept incoming traffic due to the firewall, etc).
Apparently I had removed port 80 from the Proxy Manager config. Re-added that. Still failed, got âAnother instance of Certbot is already runningâ error, so ran the commands above to delete the .certbot.lock file. Tried creating a certificate again and logs say Challenge failed (was 404ing on the challenge requests). Instead of adding the certificate from the host settings editor, I did it from the Certificates section and that seemed to work. Thanks!
If I do an SSL scan of my site when connected to this add-on, (https://www.ssllabs.com/ssltest/index.html), I get a âBâ grade, mostly because the add-on has TLS 1.0 and TLS 1.1 turned on. How can I disable this?
Second part - has anyone considered add mod_security to this add-on?
(Web Application Firewall)
Are you using your own certificate or Letâs Encrypt?
Without Block Common Exploits, HTTP/2 Support, HSTS Enabled and HSTS Subdomains ticked I still get an A (enabling those it goes to A+).
Cloudflare Origin Certificate. I have Block Common Exploits on, others unchecked.
Edit: It turns out I can restrict this via Cloudflare, which brings me to an A but Iâd still like to adjust the nginx settings and enable mod_security.
Might be wrong but I think you would need a vanilla Nginx install for that.
Does anyone have this working on a Unifi network, and could you share your settings? Mine doesnât want to forward port 80 and instead of seeing HASS, I get the Unifi configuration page.
Cheers, Richard
I donât have Unifi gear but, after correctly forwarding port 80, expectations are to be able to access Nginx greetings page (with the default NPM settings), not Home Assistant.
Basically, after forwarding ports 80 and 443 to the IP of the machine running NPM it should point as following:
- http://192.168.0.1 or http://192.168.0.1:80 (internal ip of the router) => routerâs configuration webpage;
- https://192.168.0.1:8443 more likely than https://192.168.0.1:443 (internal ip of the router) => routerâs configuration webpage (if enabled in the routerâs settings; usually only http access is configured);
- http://192.168.1.1 or http://192.168.1.1:80 (external ip of the router) => Nginx greetings page;
- https://192.168.1.1 or https://192.168.1.1:443 (external ip of the router) => should go to http://192.168.0.x:8123 and should result in an error as the certificate was issued to https://youraddress.duckdns.org (DuckDNS record of http://192.168.0.x:8123)
- http://192.168.0.x:8123 => Home Assistant
Thanks @Petrica
I fixed the problem. It was a Unifi configuration error that prevented it from forwarding port 80. I did a Factory reset and all is good.
Cheers, Richard
It should be http (unless you changed this in configuration.yaml).
What have you checked in SSL tab? Have you issued a new certificate or trying to use an existing one?
If youâre using an older certificate you might check in SSL Certificates page if it expired.
1 Like