Home Assistant (http) behind HTTPS nginx reverse proxy guide?

Hello!

I am wondering what is the current way of adding https to Home Assistant by nginx reverse proxy, and if such a config is even supposed to work…

Because recently I brought online a Home Assistant VM, that I run on a VMware ESXi host (way more powerfull machine that a RPi), and I needed to be able to go through HTTPS to talk to it from outside my home network.

Found a couple of good resources here, in the forums, but I can’t make it work, for some reason.

Anyone with a recent enough install of HA and nginx as reverse SSL proxy?

I see that nginx gets mentioned here:


but following its link goes nowhere…

Any help will be greatly appreciated!

1 Like

To add a little more details here:

I am running the nginx reverse proxy on another VM, but when I try to log in I get to type my credentials, but then an error appears, saying that something went wrong, and I can hit retry.

I watched to logs of nginx and I could see the requests going through, but HA did not like something about the fact that the communication was not direct, or so it seems…

I am using Home Assistant 0.113.1:

arch x86_64
chassis vm
dev false
docker true
docker_version 19.03.8
hassio true
host_os HassOS 4.11
installation_type Home Assistant OS
os_name Linux
os_version 5.4.50
python_version 3.8.3
supervisor 229

I got the above from https://www.home-assistant.io/hassio/installation/ using the OVA virtual appliance download link.

I use my HA via an SSH tunnel to a remote server which is running a Nginx reverse proxy, my method should work without an issue in VMs.

You can read all about my setup here:

As in @pjcarly setup you would need:

            proxy_set_header    Upgrade     $http_upgrade;
            proxy_set_header    Connection  "upgrade";

as part of the proxy configuration.
Otherwise authentication will not work. Or at least this is what I needed. Not sure exactly why, though :slight_smile:

GV

2 Likes

This is a good guide

Thanks for your replies!

It turns out that @greengolfer showed what was incorrect/missing from my nginx config - now all is fine, and I can access my Home Assistant setup from outside using secure connection.

Much appreciated, @greengolfer!

As a bonus from the whole thing - I am about to automate my home server certificate issuance as I got introduced to LetsEncrypt. Nice!

I also need a little help here. I have Hassio OS in my local network, and on the same network I have a machine, which is connected to VPN network. This machine is accessible through VPN and my idea is to also use it as Nginx reverse proxy. So, my Hassio OS will be accessible through that VPN network.

So, to clarify:

  • my LAN is 192.168.178.0/24
  • Hassio OS machine has IP: 192.168.178.200
  • VPN machine has LAN IP: 192.168.178.150, VPN IP: 10.10.8.2

I would like to access my Hassio through http://10.10.8.2/ha when I am on VPN.

In my sites-enabled/default I have:

         location /ha {
                proxy_pass http://192.178.168.200:8123;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }

Unfortunately browser says only “404: Not Found”.

Any idea?

The above does not work for you because you have a typo in there.

I beleive your line

proxy_pass http://192.178.168.200:8123;

should be

proxy_pass http://192.168.178.200:8123;
         location /ha {
                proxy_pass http://192.168.178.200:8123;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }

No, no, I had it correct on a server, just made a typo when pasting it here.

So yes, I have as you suggested, but it is still not working.

However, it is working if I am listening on port 8123 and forwarding directly to port 8123.

I am also having the same issue. Running nginx on my router trying to proxy to HA. I am able to proxy to other servers on my network but I believe HA is blocking access due to the reverse proxy.