Home Assistant with NGINX Reverse Proxy

I have a bit different setup than others. I’m running HA in Docker and my NGINX Reverse Proxy also.

Currently I can’t get the Proxy to work properly, what do I have to adjust in order to get it working?

The HA needs to have access to my local network, to be able to discover devices, but also be in the NGINX Reverse Proxy, to tunnel my request from my domain to the HA instance.

I don’t know if it helps but i found out some information, but its advanced.
don’t now if it works, but looking at the tutorial and code it should work.

It’s important to configure your Home Assistant and NGINX Reverse Proxy properly to ensure they work together. Here’s how you can set up HA within a Docker container with an NGINX Reverse Proxy:

1. Configure Home Assistant Docker Container:

When you run Home Assistant in a Docker container, make sure it’s on the same Docker network as your NGINX container so that they can communicate effectively.

docker run -d --name homeassistant --network=your_network -v /path/to/your/config:/config homeassistant/home-assistant

In this command, replace your_network with the name of your Docker network, and /path/to/your/config with the actual path to your Home Assistant configuration.

2. Configure NGINX Reverse Proxy:

Your NGINX Reverse Proxy should be set up to route requests from your domain to your Home Assistant instance. You can use a configuration like this in your NGINX configuration:

server {
    listen 80;
    server_name yourdomain.com;

    location / {
        proxy_pass http://homeassistant:8123;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Here, yourdomain.com should be replaced with your actual domain, and the proxy_pass line should point to your Home Assistant container using its container name (in this case, homeassistant).

3. Network Access:

For Home Assistant to discover devices on your local network, ensure it’s on the same network as your local devices. When you run your Home Assistant container, use the --network=host option:

docker run -d --name homeassistant --network host -v /path/to/your/config:/config homeassistant/home-assistant

This will allow Home Assistant to communicate with devices on your local network.

By configuring Home Assistant to use the host network, it can access your local network. Simultaneously, using the NGINX Reverse Proxy with the same network ensures that you can access Home Assistant securely from your domain. Just ensure that your firewall settings permit the necessary communication.

With these settings, your Home Assistant instance should be accessible via your domain through NGINX Reverse Proxy while also having access to your local network for device discovery and control.

That looks promising, thanks! I’ll try it later that day or tomorrow

I made it working:

Following things Ive done:

In Cloudflare SSLs settings I’ve set it to Full instead of flexible (due to redirecting loop)

Followed: Reverse proxy using NGINX (but used certbot instead of the script)

But now nginx is running on system, maybe Im able to uplift it again, but for now i dont touch anything…

Setting it up with certbot forced HTTPS, some nginx configs did not cut it for me.
I searched around collecting different nginx options and put them all together and it finally worked for me.

server {
        server_name URL;
        location / {
                proxy_redirect http:// https://;
                proxy_pass http://127.0.0.1:8123/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                # Enabling this will make all requests give 400 error
                #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection “upgrade”;
        }

...
2 Likes

I set up an NGINX proxy and configured it to

in_ban_enabled: true
login_attempts_threshold: x

Now there is a small network issue around and after reloading and trying to login several times I got banned of my server…

Question is for how long this shit prevents me from logging in?

ok, I solved this on my own…

although ban is permanent, but there’s a way to remove:
look for ip_bans.yaml in configurations and either delete it, or comment out the rows containing your banned IPs

(my local IP was already set as trusted, so there was no problem to perform this)