Home Assistant Community Add-on: Nginx Proxy Manager

Installation Home Assistant OS
,
123

I experience the same error. After login I get “Unable to connect to Home Assistant.”. What should be the correct http: setup in configuration.yaml?

I completely started over with hassio yesterday, so my versions are:


-----------------------------------------------------------
 Hass.io Add-on: Nginx Proxy Manager
 Manage Nginx proxy hosts with a simple, powerful interface
-----------------------------------------------------------
 Add-on version: 0.2.1
 You are running the latest version of this add-on.
 System: Ubuntu 18.04.3 LTS  (armv7 / odroid-xu)
 Home Assistant version: 0.99.3
 Supervisor version: 189
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
124

I solved the problem on my system. When I initially setup Nginx proxy manager, I did forget to turn on “Websockets Support” in the proxy host configuration. After turning it on, everything is now working as expected.

3 Likes
126

Hello everyone,
I can’t find a way to make it work with my setup …

Here’s what I want/need to do:

Hassio is running on 192.168.1.1

www.mydomain.com:12345/hassio/ brings me to 192.168.1.1:8123 (hassio login)
www.mydomain.com:12345/webserver/ brings me to 192.168.1.2:80 (web server on my lan)

I have a translation on my router my.public.ip:12345 -> 192.168.1.1:80

Note: I can’t open my public ip on port 80. I can’t use subdomain (like hassio. mydomain. com).

Thanks for your help.
Aymeric

127

Well, I think it won’t work me …

First there are a few issues opened here https://github.com/jc21/nginx-proxy-manager concerning subfolder in URL.
Moreover, all the Letsencrypt SSL generation process needs the port 80 to be opened.

Aymeric

128

Hi,
Im trying to set the security headers such as x-frame-options and x-content-type-options etc. However, this code under advanced doesn’t seem to work.

add header X-Frame-Options "SAMEORIGIN";

Any ideas?
Thanks

129

Hi,

I’ve got the add-on running fine but when I try logging in with Trusted Locations from clients that are on the allowed subnet it doesn’t work. I get the following error:

image
image751×681 31.9 KB

I’ve tried adding X-Forward-For config in the proxy config to no avail.

configuration.yaml

http:
  # server_port: 8123
  # base_url: !secret http_baseurl
  # ssl_certificate: /ssl/fullchain.pem
  # ssl_key: /ssl/privkey.pem
  cors_allowed_origins:
    - https://google.com
    - https://home-assistant.io
  ip_ban_enabled: true
  login_attempts_threshold: 3
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1
    - 10.10.1.11

homeassistant:
  name: Home
  latitude: !secret home_lat
  longitude: !secret home_long
  elevation: 43
  unit_system: metric
  time_zone: Europe/Stockholm
  customize: !include includes/customize.yaml
  auth_providers:
    - type: homeassistant
    - type: trusted_networks
      trusted_networks:
        #- 127.0.0.1
        #- ::1
        - 10.10.1.0/24
        - 172.16.1.0/24

Custom config on proxy host advanced setting to enable X-forward:

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
real_ip_header X-Real-IP;
real_ip_recursive on;

Host settings

image
image868×943 37.1 KB

To clarify, logging in with username / password works fine but i would like login via Trusted Networks to work when at home.

Any ideas on what I can do?

Thanks in advance!

130

Hi @RobotGib, I’m experiencing similar issues to yours and @b.maia81. I have an TG-789 Broadband Gateway in bridge mode connected to my cable modem followed by an Apple TimeCapsule router. I’m just about to resort to replacing the TimeCapsule with an Ubiquiti EdgeRouter X apropos the pointers above.

Any additional hints you could give me on how you overcame the blockage would be gratefully received.

131

Hi,

great add-on. thanks.

I do need help to be able to load my router page from my phone though. It always shows the desktop site, is there a way to deliver the mobile page? maybe by adding in a mobile user agent or something? I’ve tried the mobile address but it reverts back.

132

:tada: Release v0.3.0

Full Changelog

Massive maintenance release!

:hammer: Changes

  • :pencil2: Maintaince -> Maintenance
  • :arrow_up: Upgrades git to 2.22.0-r0
  • :arrow_up: Upgrades yarn to 1.16.0-r0
  • :arrow_up: Upgrades certbot to 0.35.1-r0
  • :arrow_up: Upgrades libcap to 2.27-r0
  • :sparkles: Adds FUNDING.yml
  • :fire: Removes DNSMasq in favor of Hass.io DNS
  • :arrow_up: Upgrades patch to 2.7.6-r6
  • :arrow_up: Upgrades apache2-utils to 2.4.41-r0
  • :ambulance:Fix typo in sed command (#34)
  • :arrow_up:Update node/npm to 10.16.3-r0 (#39)
  • :arrow_up:Update Openssl to 1.1.1d-r0
  • :arrow_up: Upgrades nginx to 1.16.1-r1
  • :arrow_up: Upgrades nginx-proxy-manager to 1.0.14
  • :hammer: Replace all log files to point to /proc/1/fd/1, remove unneeded s… (#43)
  • :arrow_up: Upgrades add-on base image to v5.0.3
  • :arrow_up: Upgrades mariadb to 10.3.20-r0
  • :books: Update add-on installation instructions
  • :sparkles: Adds checks for mysql data integrity and fixes corruptions
  • :pencil2: Minor tweaks

Questions? Join our Discord server! https://discord.me/hassioaddons
Enjoying my add-ons? Consider supporting my work: https://patreon.com/frenck

133

:tada: Release v0.3.1

Full Changelog

This is a general maintenance release.

:hammer: Changes

  • :ambulance: Fix name resolution via hassio dns (#54)

Questions? Join our Discord server! https://discord.me/hassioaddons
Enjoying my add-ons? Consider supporting my work: https://patreon.com/frenck

134

@frenck You are a beast!

I just installed Hassio so I have a dumb question. If I use this addon, does this mean I don’t need the LetsEncrypt one?

I just point my subdomains at the ports in NPM, tick SSL and that’s it? How does the cert refresh work?

Thanks!

135

You don’t need the letsencrypt one, this addon handles all of that, just tick the appropriate boxes.

1 Like
137

When I try the new proxied URL I’m just getting “unexpectedly dropped connection” on a vanilla Hassio install. Any ideas? From the slick video I expected this to “just work” :frowning:

I’m using an existing DNS A record that I have pointed to my external IP for a while now.

Edit: Disregard this, @frenck rocks, my LAN sucks for not doing NAT loopback.

138

just posting here for visibility if someone else have this issue with the error Bad magic header in tc log. the add-on itself is working but I can’t access to web ui. here is the log:

[10:14:38] INFO: Starting MySQL database server...
2019-12-18 10:14:38 0 [Note] /usr/bin/mysqld (mysqld 10.3.20-MariaDB) starting as process 21762 ...
2019-12-18 10:14:38 0 [Note] InnoDB: Using Linux native AIO
2019-12-18 10:14:38 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2019-12-18 10:14:38 0 [Note] InnoDB: Uses event mutexes
2019-12-18 10:14:38 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2019-12-18 10:14:38 0 [Note] InnoDB: Number of pools: 1
2019-12-18 10:14:38 0 [Note] InnoDB: Using SSE2 crc32 instructions
2019-12-18 10:14:38 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2019-12-18 10:14:38 0 [Note] InnoDB: Completed initialization of buffer pool
2019-12-18 10:14:38 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2019-12-18 10:14:38 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
2019-12-18 10:14:38 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2019-12-18 10:14:38 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2019-12-18 10:14:38 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2019-12-18 10:14:38 0 [Note] InnoDB: Waiting for purge to start
2019-12-18 10:14:38 0 [Note] InnoDB: 10.3.20 started; log sequence number 7674851; transaction id 18193
2019-12-18 10:14:38 0 [Note] InnoDB: Loading buffer pool(s) from /data/mysql/ib_buffer_pool
2019-12-18 10:14:38 0 [Note] InnoDB: Buffer pool(s) load completed at 191218 10:14:38
2019-12-18 10:14:38 0 [Note] Plugin 'FEEDBACK' is disabled.
2019-12-18 10:14:38 0 [Note] Recovering after a crash using tc.log
2019-12-18 10:14:38 0 [ERROR] Bad magic header in tc log
2019-12-18 10:14:38 0 [ERROR] Crash recovery failed. Either correct the problem (if it's, for example, out of memory error) and restart, or delete tc log and start mysqld with --tc-heuristic-recover={commit|rollback}
2019-12-18 10:14:38 0 [ERROR] Can't init tc log
2019-12-18 10:14:38 0 [ERROR] Aborting

I don’t know if it is a final solution but deleting tc.log in /data/mysql folder worked so far

rm /data/mysql/tc.log

139

Hello, am soory but how can I setup ip address forwarding like:
image
if i wrote ipv4 address it is ok, but not ipv6

image
image976×528 25.4 KB

140

Hi,

I have setup the addon and I can access it outside my local network using duckdns link but inside my local network I need to use the IP address to access it. Using duckdns link inside my local network doesn’t work.

Where should I look for a solution?

141

Your router. It needs to support hairpin NAT or NAT Loopback.

1 Like
142

It looks like it doesn’t support none :frowning: So to use the android application I need to use one link outside and another inside :s

143

Can I use port 444 instead of 443 for https?

144

Yes you can, it will only give you the annoyance of adding the port to the URL, but besides that, sure, that will work.