Home Assistant through nginx proxy route w/ cloudflared tunnel to public domain

I have a proxmox server with the following VMs on it.

  • ubuntu server vm running cloudflare tunnel and nginx w/ landing page
  • ubuntu server vm running vaultwarden on docker
  • home assistant vm

The landing page is meant to route requests to the other VMs on my proxmox server. I’m running the proxies out of /etc/nginx/sites-available/default with the following blocks.

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        location /vaultwarden/ {
                rewrite ^/vaultwarden(/.*)$ $1 break;
                proxy_pass http://192.168.0.xxx:80;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;

                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }

        location /home-assistant/ {
                rewrite ^/home-assistant(/.*)$ $1 break;
                proxy_pass http://192.168.0.138:8123;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                sub_filter '"/frontend_latest/' '"/home-assistant/frontend_latest/';
                sub_filter '"/static/' '"/home-assistant/static/';
                sub_filter 'href="/auth/providers"' 'href="/home-assistant/auth/providers"';
                sub_filter_once off;

                proxy_http_version 1.1;
        }
}

Finally… I have the following configuration.yaml in my home assistant server

# Loads default set of integrations. Do not remove.
default_config:

homeassistant:
  external_url: "https://bitnite.net/home-assistant"

# Load frontend themes from the themes folder
frontend:
  themes: !include_dir_merge_named themes

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.0.169

automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

With this setup I get the following:

The 404 errors of the rest of the web assets is why some part of this configuration is wrong but I cannot figure it out to get this proxy to work.

One thing that I noticed is if I add the /home-assistant/ prefix to any of these requests, the asset loads which is some sort of indication, but I don’t know what to change to get this to work.

Any help is greatly…incredibly appreciated