I have configured home assistant on Windows Server 2012 R2. I have it sitting behind IIS Reverse Proxy using ARR. The home assistant site works perfectly fine inside and outside of my network. I have IIS setup with a valid Let’s Encrypt cert and it converts to http communication with home assistant. I have been wiring up google assistant and to the best of my knowledge it is configured correctly including verifying my domain. I also have an api_password set. When i try to link it up in google assistant on my cell phone, i always get a 404. I see in the console an auth come through and a handshake being sent, but it’s still a 404 on my phone. It is also using some weird url that looks like https://[MY DOMAIN]/r/[client id]#access_token=[access_token]&token_type=bearer&state=[long encoded string]
In an attempt to solve this, I put a pattern match on the inbound reverse proxy to only match the domain name for my home assistant but this didn’t appear to make any difference… I have been trying to turn on debug logging on my home assistant google_assistant.auth to inspect the authentication flow to see what message iis is rewriting but for some reason it only logs info. Will probably have to crawl through the iis logs for that one and will let you know if I find anything!
I’ll dig out my config today and send it over. i ran into similar issues, but mine was fully working. I ran into a different issue though where Home Assistant was pinning my cpu usage and i have not got back to figuring that out yet.
How is your IIS setup? Do you have everything running through one site and proxying from there?
For plex, I use different plex ports for remote access so I didn’t need to funnel anything through IIS for plex. Then I just connect via plex.tv. In the case of other URLs. I actually had multiple Dynamic DNS based URLs pointing to my server. If you do that, you can create multiple sites and bind them to a port and URL. This would allow you to separate rules that way. Also, if you are using the default site, that has a bunch of bindings to combine everything together. So you might need to remove that site first.
To help more, I would probably need to know more about your setup. Pretty much what’s running, what needs to proxy, and what is unique on each (port, URL, etc…). From there I could most likely give more guidance.
Been trying to work out a whole heap of other stuff with HA lol
So yes, I have Plex and Outlook and a few other things going though the default site. Its just an inbound rule for each that then points it to wherever it needs to go.
I don’t really want to move away from that TBH. websites are not my forte so id like to keep it as simple as possible.
It’s a bit weird though, so as I said, enabled those rules and broke all the other sites, but HA started working. Turned them off and HA kept working with all the other sites. Thought it would be some kind of cache thing, but it seems to be still working even with new devices. So it might be ok actually.
Any ideas on that behavior? or too hard without looking at it (dont worry not going to ask you to look at it HAHA)?
It is a bit tricky to tell without looking at your setup, but I’ll do what I can to help.
Most likely the reason it is still working is most likely because your authentication is cached from when it did work. I bet if you opened an incognito tab in your browser and tried it, it would not work.
The big thing I would ask is how are you determining currently to filter your requests to the different services? I would assume your HA rules would route to a different place than your Outlook rules. If we can figure out what is unique, we can apply that to the HA rules you need to add.
I don’t know too much about IIS so I drew on your web config and tried to adapt it to my situation.
Initially I set up a new web application to respond on https://meow.mycat.it/ha, but once activated the “js” files were being requested with https://meow.mycat.it without “has” and therefore were not reachable.
Then in the various researches I read that Home Asistant doesn’t support a web application, but only a whole domain. It is true?
So I tried to make HA answer on the request https://meow.mycat.it/ and in fact the Login mask appears, but when I login HA remains in loading data…
Do you have any suggestion?
This is my web config:
I think the “GoogleVerification” rule doesn’t actually serve me, can I delete it?
You’ll also find the “ResponseIsHtml1” rule commented out, I don’t know if I did this right, is this a HA specific setting? preCondition=“ResponseIsHtml1”
Sorry, I didn’t see a reply to this thread originally. The issue you are running into is that you are trying to make your HomeAssistant a sub-application instead of the root application which is what my original config was set as. This makes sense since you have other applications running through that server, but it will most likely require you to tweak this a bit. You’ll have to update your rules to only look for the sub-application URLs and follow them.
Unfortunately, I’m in a network upgrade at home and cannot test this, but here is what I think your redirect rules should be:
You only need the google verification if you are integrating with Google Assitant directly (not using the paid integration)
I think you still need the is HTML
The outbound rule should handle the mapping of images and whatnot to the sub application path (/ha)
There still could be some issues if HA is trying to force a rediect to the root of the URL ( https://meow.mycat.it instead of https://meow.mycat.it/ha ), I think this will handle it, but without being able to properly test it I cannot be sure.
Give this a try and let me know how that works for you.