Home Assistant Community Add-on: Nginx Proxy Manager

It really was really easy.
I just followed the gif on the addon config page (and at the top of this thread)

  • Add Proxy Host
    • Enter DuckDNS address (yourdomain.duckdns.org)
    • Scheme is HTTP
    • IP Address of your HA instance
    • Enter port for HA (8123)
    • Turn on Web Sockets
  • Go to SSL Tab
    • Select ‘Request a new SSL certificate’
    • Turn on Force SSL
    • Enter email address for Lets Encrypt
    • Accept Terms and your done!

I did the same to add subdomains for other systems like Kodi (kodi.yourdomain.duckdns.org).

Hope that helps!

5 Likes

Thanks a lot, that will help me.

May I know why/how you use kodi in your case?

I’m having the same issues with Grocy. Seems that grocy has something strange. Tried it with a subdomain, but doesn’t work. Also not with a folder /grocy and the by @kirpat suggested rewrite /grocy/(.*) /$1 break;

Does anyone has another suggestion to get this to work?

edit: I got it to work with a subdomain. Localhost insn’t the way to go :slight_smile:

But to get a subfolder working (as in domain.org/folder) isn’t working for me. Also not for pihole. And to get everything in a subdomain is a bit much to ask.
Does anyone have a working reverse proxy for a subfolder?

Kodi has a web server built in (which is enabled in the settings) which allows you to control that instance as well as watch content on the browser etc.

I also managed to get grocy available via remote access by using a subdomain. I gave up on the mydomain.duckdns.org/grocy URL and instead used grocy.mydomain.duckdns.org, per @apmillen’s notes. This worked with the following settings:
33%20PM
I requested a new SSL cert for the above domain and it worked first try. From there, it was straightforward to add an iframe panel and make it accessible from within Home Assistant.

I also made NPM available in a similar manner (nginx.mydomain.duckdns.org) though it’s not working in the HA iframe for some reason. NPM has its own authentication, so I’m mostly ok with make it remotely available, though ideally I could keep it behind the HA authentication since I have multi-factor enabled there. Has anyone else done this? Or am I really just setting myself up for trouble by making NPM available outside my home network at all?

1 Like

For anyone else looking for this solution, I edited the NPM proxy host by adding the following code in the advanced configuration section:
proxy_hide_header X-Frame-Options;
By default, x-frame-options are set to deny all connections. Once I removed that header, the NPM iframe works correctly.

1 Like

NPM automatically renews the certificate? I had an automation for let’s encrypt addon but I assume if I renew the cert woth LE addon, it will not work here, right?

Yep :slight_smile:

1 Like

Hi, I have the DuckDNS addon taking care of my wildcard SSL certificate in /ssl.
Is it possible to use this certificate with the Nginx Proxy Manager ?

That is not recommended. The way to solve this, is disable Lets Encrypt in the DuckDNS add-on and let the Nginx Proxy Manager handle this.

1 Like

Yeah but the nginx proxy manager doesn’t handle wildcards …

1 Like

I just made an account to thank you. I could not figure this out. the part that helped me was to comment out the http: in configuration.yaml. All other guides say to add alot of stuff here.

1 Like

Hi, I do not understand well. You have

xxx.duckdns.org as Domain NAme
192.168.0.201 as Forward Hostname/IP (or whatever your internal IP)
8123 as Forward Port

and then in menu Define location your above example?

So when form outside your LAN you want to access your pihole you do

xxx.dickdns.org/pihole

?

Same error, and I have same request

1 Like

All correct except I don’t forward 8123, I forward 80 and 443 to that internal host from outside.

80 redirects to 443.

mmhhh, I have forwarded in router 80:80 and 443:443 to 192.168.1.xxx where is HASSIO

If I do
http://xxx.duckdns.org/pihole I get 502 bad gateway
https://xxx.duckdns.org/pihole I get 502 bad gateway

If I do
http://xxx.duckdns.org it goes correctly to HASS
https://xxx.duckdns.org it goes correctly to HASS

So now I wish to reach other servers (on same IP for some services, and on different IP for other services), using xxx.duckdns.org/whatever

but get error

01%20pm

15%20pm

Hope this helps.

and then you access your pihole from outside your lan with

https://xxx.duckdns.org/pihole

?

p.s. I see in my mobile browser, in address it changes itself to

http://xxx.duckdns.org:4865/admin/

something is doing, but not working

I think I am near, but can’t figure iot out yet.

Seems that my system cannot translate
http://xxx.ducxkdns.org into http://192.168.1.10 (my HASSIO internal IP)

On another thread a user used DNSMasq addon and put the below config

{
  "defaults": [
    "208.67.222.222",
    "208.67.220.220"
  ],
  "forwards": [],
  "hosts": [
    {
      "host": "xxx.duckdns.org",
      "ip": "192.168.1.10"
    }
  ]
}

Now externally I still can’t reach poihole (https://xxx.duckdns.org/pihole) and when I try from within my LAN

http://xxx.duckdns.org/pihole I receive

# 400 Bad Request

The plain HTTP request was sent to HTTPS port

with
http://xxx.duckdns.org:4865

ERR_CONNECTION_REFUSED

I got confused :smiley:

Thanks for the awesome plugin.

I’m a bit of a noob with reverse proxies, can anyone tell me what “block common exploits” option does and if there is any undesired effects of having this option enabled?