Hi
I’m running Home Assistant in docker on my QNAP NAS.
This is my setup:
- NGINX reverse proxy in docker (ip address 192.168.1.50)
- Home Assistant Core in docker (ip address 192.168.1.60)
- DDNS provided by QNAP:
[name].myqnapcloud.com
- SSL certificate from Let’s Encrypt (I’m reusing the SSL certificate provided by myqnapcloud on my NAS)
- Port forwarding set-up in my router (port 22662 forwarded to NGINX (192.168.1.50) and NGINX then proxies to Home Assistant at 192.168.1.60 on port 8123)
This setup is working fine for me: externally, I can connect to my Home Assistant over HTTPS and on the local network, I can connect over HTTP. This is all working without a glitch.
But, when I try to connect Google Home to Home Assistant, it just does not work. No error shown in Google Home nor Home Assistant.
To link Google Home to Home Assistant, I followed the steps as defined Google Assistant - Home Assistant. I’m sure I did everything as it is supposed to (see below why).
I’m getting blocked in the step where I add the service in Google Home app. When I add my service [test] <Action Name>
, I get prompted with a Home Assistant login screen. I provide my credentials. After that, the login screen closes, a Google spinner is shown for about 10s and that is it. Nothing is linked.
I can fix this issue by bypassing NGINX: when I set up my port forwarding to forward [name].myqnapcloud.com:22662
directly to my Home Assistant instance on 192.168.1.60:8123
(and configure Home Assistant to use HTTPS), I have no problem with linking Google Home to Home Assistant. Home Assistant is still functional, but only over HTTPS, but this prevents me from using Home Assistant over HTTP on my local network.
So, I’m pretty sure I’m missing something in my NGINX configuration, but I just can’t figure out what. I used the NGINX add-on as the basis for my NGINX configuration: https://github.com/home-assistant/addons/blob/e933cba5a457a492fec458dcb2629e9dbadeb569/nginx_proxy/data/nginx.conf )
This is my configuration:
configuration.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.1.50
nginx.conf
error_log stderr;
events {
worker_connections 1024;
}
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server_names_hash_bucket_size 64;
server {
server_name [name].myqnapcloud.com;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_certificate /etc/ssl/private/fullchain.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
ssl_dhparam /etc/ssl/private/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
listen 22662 ssl;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
proxy_buffering off;
location / {
proxy_pass http://192.168.1.15:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
}
Can anyone spot what I’m missing?
Thanks in advance for suggestions!
Hans