I have one server but want to host several web domains (one HA, the others not being HA) on it. When HA is running, it hogs ports 80 & 443, but I would like NGINX to be my main webserver in control as I have experience with that. Is it possible at all to have NGINX send all traffic from " home-assistant.mydomain.xyz/* " to an end point within HA without having HA be the one listening? I don’t know if that makes much sense. Let me know if I can help explain better.
I use nginx in front of my HA installation exactly as you describe. I forward home.mydomain.com to my home assistant ip:8123. I have nginx installed on a separate virtual machine and opened port 80 and 443 to the ngnix vm in my router. I run certbot on this vm too.
server {
server_name home.xx.xxx;
location / {
proxy_pass http://192.168.0.104:8123/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/websocket {
proxy_pass http://192.168.0.104:8123/api/websocket;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
Thank you for this! I am getting a 502 error when trying this.
Error from nginx log:
2023/01/08 13:32:28 [error] 292807#292807: *12 upstream prematurely closed connection while reading response header from upstream, client: HOME_IP_ADDRESS, server: HA.MYLINK.BLAH, request: "GET /frontend_latest/c206843c.js.map HTTP/1.1", upstream: "http://HA_LOCAL_IP:8443/frontend_latest/c206843c.js.map", host: "HA.MYLINK.BLAH"
My config is:
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/HA.MYLINK.BLAH/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/HA.MYLINK.BLAH/privkey.pem;
server_name HA.MYLINK.BLAH;
location / {
proxy_pass http://HA_LOCAL_IP:8443/;
proxy_set_header Host $host;
}
location /api/websocket {
proxy_pass http://HA_LOCAL_IP:8443/api/websocket;
proxy_set_header Host $host;
}
}
When I copy your config over and change the relevant addresses, I get no errors in the log and the website hangs.
>>> curl https://HA.MYLINK.BLAH/
curl: (7) Failed to connect toHA.MYLINK.BLAH port 443 after 3 ms: Connection refused
And when copying your method, I can see there are no listeners on port 443, which is why nothing is going through. Not sure how my setup differs from yours. From mine, everything is run on the same server.
FYI: Navigating to https://HA.MYLINK.BLAH:8443/ in my browser gives an SSL error, but once you pass that it works fine.
No, it doesn’t…HA only uses port 8123, either http or https.
On my router, i forward port 443 to ha:8123
and port 80 is forwarded to apache:80
(then again, I am not running NGINX either…wouldn’t have a clue why i need it…)
Are you running ngnix as an addon in HA or outside?
My apologies here. I had port forwarding setup on my router so that 80 & 443 forwarded to 8443 (my HA port). Need my coffee this morning. Reset forwarding so 80 and 443 go straight through now without changing port.
Just got this working. Had to remove the old SSL settings in my configuration.yaml file and restart HA. Same config as I pasted above.
The usecase for running nginx is that you can run services other than HA through the reverse proxy. Different websites on different servers / containers for example. All traffic goes through the ngnix that proxies the traffic to the correct service with SSL and so on.
Nice! Be sure to set up certbot also.
Was running it outside. Installed through apt
I also had openvpn listening on 443 as their TCP fallback. Had to move that. My setup was a mess lmao
final tip, use uptimerobot to monitor your urls so you get notified if some of your services crash.
And that part I don’t get…
I have multiple servers on multiple hosts using multiple ports with NAT loopback and my own DNS using both http and https (as well as some more), all working nicely…all traffic going through router.
So why would I require an additional NGINX, i fail to see the added benefit 
You probably have a more fancy router then the rest of us 
HA does not use port 80 or port 443.