Issues with Nginx Reverse Proxy

bzowk · February 19, 2021, 5:42pm

Hey Guys -

I’m trying to get HomeAssistant to work behind my nginx reverse proxy to go to https://mydomain.com/homeassistant as I’ve configured numerous other apps to, but cannot get it to work. I couldn’t find configs which weren’t only for the base domain online, so am sure that’s my issue. Below are the configs I’ve tried as well as a few other notes. Any help would be appreciated!

configuration.yaml (Appended everything below “scene:…” line - 192.168.0.35 is ip of nginx)

# Configure a default setup of Home Assistant (frontend, api, etc)
default_config:

# Text to speech
tts:
  - platform: google_translate

group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
http:
  # For extra security set this to only accept connections on localhost if NGINX is on the same machine
  # Uncommenting this will mean that you can only reach Home Assistant using the proxy, not directly via IP from other clients.
  # server_host: 127.0.0.1
  use_x_forwarded_for: true
  # You must set the trusted proxy IP address so that Home Assistant will properly accept connections
  # Set this to your NGINX machine IP, or localhost if hosted on the same machine.
  trusted_proxies: 192.168.0.35

nginx Config Attempt #1

location /homeassistant/ {
proxy_pass http://192.168.0.212:8123/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}

location /homeassistant/api/websocket/ {
proxy_pass http://192.168.0.212/api/websocket/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

nginx Config Attempt #2

	location /homeassistant/ {
		proxy_http_version 1.1;
		proxy_set_header Connection "";
		proxy_pass http://192.168.0.212:8123/;
	}
	location /homeassistant/api/websocket/ {
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_http_version 1.1;
		proxy_pass http://192.168.0.212:8123/api/websocket/;
	}

Notes

When browsing to either path above (https://mydomain.com/ha/), it only partially loads the interface showing a black page with a grey bar at the very top
All reverse proxy settings for my nginx server are within the nginx.conf file
nginx is running on Windows @ 192.168.0.35
nginx applies 3rd party signed SSL

Any suggestions? Thanks!

anon43302295 · February 19, 2021, 5:46pm

Can’t be done. There’s a long technical explanation on the forums somewhere as to why, but you need to do

https://xxxxxxxxx.yourdomain.com

This is not possible for homeassistant…

https://yourdomain.com/xxxxxxxxx

xman111 · February 19, 2021, 5:46pm

following as this is my next goal…

mikezwgr · February 20, 2021, 2:47pm

Is there any good documentation how to make this - I tried with the ngix proxy manger but faild now I wanted to try with the ngix reverse proxy but failing again

I want to have HA on https://mystuff.duckdns.org/HA and https://mystuff.duckdns.org/BW for Bitwarden … or I can do https://ha.mystuff.duckdns.org and https://bw.mystuff.duckdns.og
-> if I do https://ha.mystuff.duckdns.org to I have to register the “ha” with duckdns.org - or is it enough that I have mystuff.duckdns.org

anon43302295 · February 20, 2021, 2:52pm

As I said above, that can’t be done.

Just the mystuff.duckdns.org is all you need to register with duckdns, and if you’re using nginx proxy manager it will automatically generate a separate certificate for each of your subdomains. That’s how I currently have multiple services set up.

mikezwgr · February 20, 2021, 3:03pm

Thx for the repley - I tried this with the nginx proxy manager (npm) but I allway got errors creating the certificates -
I clould easily create the certificates for mystuff.duckdns.org -> but this was with the duckdns adon - any Ideas what I could try next ?
what is your http config in “configuration.yaml” ?

anon43302295 · February 20, 2021, 3:32pm

What’s the error in nginx proxy manager?

My http section is

http:
  ip_ban_enabled: true
  login_attempts_threshold: 3
  use_x_forwarded_for: true 
  trusted_proxies: !secret trusted_proxies

mikezwgr · February 20, 2021, 3:45pm

Hi!
I’am a studid f$%k! - I changed to router config - but forgot that I have a second rounter from the ISP!!! (I have 2 locations and made the first config at the other location) witch had no portforwarding I now configured the second router to the DMZ …
this has cost me hours!

I’m sorry that it now also cost you time too!

so what is my learning: Please check the ports - the error Messages are not very good!

samnewman86 · February 20, 2021, 3:51pm

Glad you have it sorted.
Once it’s working it’s great and simple.

mikezwgr · February 20, 2021, 4:06pm

Hi!

again, you said you have bitwarden also running -
how did you get the certificates to bitwarden config - cause the proxymanger made new certificates for bw.mystuff.duckdns.org
thx and cheers

anon43302295 · February 20, 2021, 4:37pm

I don’t understand the question. The reverse proxy manages the certificates, bitwarden never needs to know about them.

samnewman86 · February 20, 2021, 8:57pm

Make sure SSL is set to false in bitwarden config