Just did a fresh install of Hass.io 0.94.1. and installed the plugins Mosquitto broker, Samba share AND Ngnix Proxy Manager.
I have setup Nginx like this, I can connect by entering xyz.duckdns.org without SSL activated in Nginx. But the moment I select ‘ Force SSL’ I get ERR_CONNECTION_REFUSED!
Ports forwarded 80>80, 443>443.
No Idea what is going wrong here…
Is it possible the the problem is that my port 443 not open is on my router?
I use this as a docker in Ubuntu and just wanted to say a big thank you for developing this!
Thanks for your writeup. I just spent several hours tryping to setup Nginx Proxy Manager addon but could not understand why HA is not accessible while other sites work fine.
This did the trick:
In Configuration.yaml, comment out the HTTP section if not already done
#http:
# base_url: http://mydomain.com:8123
# ssl_certificate: /ssl/fullchain.pem
# ssl_key: /ssl/privkey.pem
In add-on configs, confirm: “ssl”: false,
I’m trying get my head around this.
Can I use this addon to reverseproxy an internal webserver to be shown inside HA, without giving direct access to it from the outside?
I have a PI with FlightRadar24 running, and I would like to display the map in a card.
I don’t want the FR24 exposed to the world, as it’s not secure.
So what do I do, I have an internal DNS of course (pihole), so I can create whatever local dns names that is required.
The Forward Hostname I guess is the fr24 server, right? And I can make it go to a subfolder as well with the ‘location’.
I’ve set up reverse proxies before, but I don’t get what I’m supposed to enter in ‘Domain name’.
running hassio 95.4 in ubuntu docker container.
I have being using duckdns addon with SSL successfully, now trying to migrate to
Nginx proxy manager.
As of now I am able to reach hassio using http
http:\\\XXXX.duckdns.org
But when I go ahead and enable HTTPS, I get an error “Internal Error”
And this what I see in the logs
Failed authorization procedure. XXX.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://XXX.duckdns.org/.well-known/acme-challenge/aUZkXX9e1pUwJP7XXXXXXXXqgSOl0RszR0: Timeout during connect (likely firewall problem)
below is my configuration.yaml
#http:
# Secrets are defined in the file secrets.yaml
# api_password: !secret http_password
# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
# base_url: !secret baseurl
# ssl_certificate: /ssl/fullchain.pem
# ssl_key: /ssl/privkey.pem
Port forwarded 80>80 & 443>443 to ubuntu IP
Can someone point me out what I am missing here, I would realy like to get the addon working 
For a single proxy host, how can I use this to 1) forward all non-www to www while also 2) forward all http to https?
all of my addresses just take me to my gateway? aka my usg
I’m in the same boat as Mr. Sharp. I feel like there are some steps missing in the installation instructions…or perhaps something I should have installed prior to this add-on to make it work? I’m a complete noob with HA, so forgive my ignorance.
Router is Unifi USG. Ports 80 and 443 inbound forwarded to hassio IP address ports 80 & 443. No other forwarded ports.
Fresh install of hassio on rpi3, installed configurator, node-red, and now Nginx Proxy Manager add-ons.
Created a duckdns domain, and pointed it at my home network’s public IP. started proxy manager, and get the “listening on port 81 message” in the log.
Open web UI, and set up new host with ha.domain.duckdns.org, scheme: https, forward address/IP: hassio IP address, forward port: 8123, block common exploits & websockets support both enabled, Access List: publicly accessible. On SSL tab: Requested new cert, force SSL enabled, agreement accepted, email address entered, Saved.
New host shows:
ha.mydomain.duckdns.org under source
https://(home assistant IP):8123 under destination
Let’s Encrypt under SSL
Public under Access
Online under Status.
Everything looks good.
Restart Nginx Proxy Manager add-on, wait for “listening on port 81”
Attempting to access https://ha.mydomain.duckdns.org from inside my network yields a page in my browser warning me that the site isn’t secure. If I allow the exception, it takes me to my router’s login page (although I very briefly see the hassio page loading for a split second before the apparent redirect.
using http:// or nothing at all in front of the subdomain yields the same result.
Outside of my network, I get a timeout…regardless of http://, https://, etc.
Any kind soul care to tell me where I’m obviously screwing things up?
Edit: I ended up getting all of this to work. NPM is quite excellent, once it’s actually working. I’m not 100% positive on what I did that actually fixed the issue, as I eventually just reinstalled hassio (I only had a few things in my setup thus far, so this wasn’t as big a deal as it might be for most people), and started off installing the configurator add-on and NginX Proxy Manager add-on only. But…I think I may have previously had the http: component enabled inside my config.yaml file. If you had previously been using DuckDNS add-on or some other choice for handling your certs, the instructions for that add-on may have instructed you to do so. I left the http: component commented out (and never added the SSL key stuff like the DuckDNS instructions tell you to) on the fresh install, and was able to get everything working fine without it. If you’re new, like me…and getting stuck with this after previously using DuckDNS/Let’s Encrypt…comment out the http: stuff in your config.yaml before starting the NPM setup. It might be your issue.
Does this add-on support WSS websockets via a custom config? I have a program running locally that I’d like to access remotely via NPM but it would require WSS. Here’s a sample Nginx config, I’m just wondering if this would be fully supported in the add-on: https://github.com/nicokaiser/nginx-websocket-proxy/blob/911db2f242dae32aa767ea034d06a09b454f955d/simple-wss.conf
Hello, ive my hassio work fine in ssl, now id like to build a personal cloud and it’s in listening on 443 as hassio. With this ngix can forward the traffic on 443 from specified domain to specified ipaddress? (my router permit portforwarding only for one ip)
Thanks in advance
Time for a new router 
but yea it should work - nginx reads the adress you enterd,
for example https://community.home-assistant.io and redirects the request to 192.167.8.12:8123
https://demo.home-assistant.io goes to 192.167.8.242:8123 and so on
Ahahahah You’re right! I need a new router but ngix is cheapee 
Howeve, tthank’s for answer, ill try.
if install ngix i don’t have problem with my actual ssl configuration right?
Stuck on same step.
I even tried to follow this:
I shot a PM your way, Bruno. If you’re still having issues, I can tell you what I ran into with my particular setup that might have been causing the problem. Just let me know.
I get this error in the log:
[8/17/2019] [3:35:40 PM] [Global ] › 
info PID 1435 listening on port 81 …
[8/17/2019] [3:37:24 PM] [SSL ] › info Renewing Let’sEncrypt certificates for Cert #6: mysite.duckdns.org
[8/17/2019] [3:37:29 PM] [Express ] › 
warning Command failed: /usr/bin/certbot renew -n --force-renewal --disable-hook-validation --cert-name “npm-6”
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
No certificate found with name npm-6 (expected /etc/letsencrypt/renewal/npm-6.conf).
Maybe something to do with certificates?
So far the duckdns domain just forward me to router.
One thin funny is that I manually changed the host file to force mysite.duckdns.org to go to hassio IP and bum ERR_connection closed. Deleting this entry and I’m always routed to router IP address.
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. mysite.duckdns.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: unknownHost :: No valid IP addresses found for mysite.duckdns.org
Hey Guys,
I’m convinced my problem is firewall (not sure how, because i deleted all rules and still didn’t work) or something with the router it self.
I get all the errors above using any of these addons (Nginx, cerbot or Let’s encrypt). All fail in getting a certificate.
Did anyone got similar problems with edgerouter?
Would this be a solution?
Thanks!
I have an Ubiquiti USG, I only set the port redirection HTTP (80) and HTTPS (443) to my Hassio NGINX Proxy Manager on it’s respective ports 80 and 443 (default ports for the add-on). Make sure you forward both ports correctly, I think both ports are used for the SSL certificate challenge.
Then on the hosts page I just set for HomeAssistant redirect my domain i.e. ha.whatever.com to my internal IP 192.168.0.XXX on port 8123. After that I just click create, and then I edit it and I enabled the SSL, let it create the SSL certificate.
Once it creates the certificate successfully then I click on edit again and I enable the “Force SSL” option. Sometimes if I tried to do the whole thing in one step it would fail.
Also I removed the “Base URL” from my configuration.yaml otherwise it would create conflicts when calling internally or externally, so I just commented that line.
It might be. The hass.io core duckdns addon also does DNS challenge and doesn’t require port 80 to be open. Also, with a bit of help, I just cracked using the Caddy addon with DNS challenge as well so now on my router, only port 443 is open. (Note the LetsEncrypt addon and probably NGINX here require port 80 for the certificates)
