I'm having problems getting hass to work with nginx as a reverse proxy

dualarrow · January 15, 2018, 1:57pm

I’ve been trying for a few hours now to get homeassistant (not hass.io) to work behind an nginx reverse proxy using http (not https).

In my configuration.yaml I have

http:
   base_url: website.com:8123

I have tried with/without the port specified

In nginx I have

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
  listen 80;
  server_name website.com;
  access_log  /var/log/hass.log main;

  location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_pass http://localhost:8123;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}

I’m on ver 0.60.1 of hass
nginx is 1.12.2 running on centos 7

Any help would be appreciated.

flamingm0e · January 15, 2018, 2:02pm

get rid of that line. If you are using NGINX as a reverse proxy, you don’t need it.

dualarrow · January 15, 2018, 2:22pm

I removed that line but it didnt help. I’m still getting “502 Bad Gateway”

flamingm0e · January 15, 2018, 2:28pm

Here is my complete NGINX config for my working reverse proxy.

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    # Update this line to be your domain
    server_name domain.com;

    # These shouldn't need to be changed
    listen 80 ipv6only=off;
    return 301 https://$host$request_uri;
}

server {
    # Update this line to be your domain
    server_name domain.com;

    # Ensure these lines point to your SSL certificate and key
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
    # Use these lines instead if you created a self-signed certificate
    # ssl_certificate /etc/nginx/ssl/cert.pem;
    # ssl_certificate_key /etc/nginx/ssl/key.pem;

    # Ensure this line points to your dhparams file
    ssl_dhparam /etc/nginx/ssl/dhparams.pem;


    # These shouldn't need to be changed
    listen 443 ipv6only=off http2; # if your nginx version is >= 1.9.5 you can a                                                                                                                                                             lso add the "http2" flag here
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    ssl on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!                                                                                                                                                             EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    access_log /var/log/nginx/hass.access.log;
    error_log /var/log/nginx/hass.error.log;

    proxy_buffering off;

    location / {
        proxy_pass http://IPOFHASS:8123;
        proxy_set_header Host $host;
        proxy_redirect http:// https://;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}

UhtredtheBold · January 15, 2018, 3:02pm

I’m not sure what this line does?

Also have you verified that port 8123 is reachable locally? eg iptables blocking it perhaps…

dualarrow · January 15, 2018, 10:10pm

Yes, it’s accessable locally on port 8123. I’ll have a shot with setting up an ssl connection later today and see how I go

j1234 · October 10, 2019, 8:45pm

Did you ever get this working? What was the fix?

j1234 · October 10, 2019, 9:03pm

I see this in the log file after the redirect from the login page:

Log Details (ERROR)
Thu Oct 10 2019 22:02:56 GMT+0100 (British Summer Time)
Error handling request
Traceback (most recent call last):
File “/usr/local/lib/python3.7/site-packages/aiohttp/web_protocol.py”, line 275, in data_received
messages, upgraded, tail = self._request_parser.feed_data(data)
File “aiohttp_http_parser.pyx”, line 523, in aiohttp._http_parser.HttpParser.feed_data
aiohttp.http_exceptions.BadStatusLine: invalid HTTP method