I’m new to hass and have configured a subdomain to access it. At home I have a static IP with all my http/https traffic routed to my windows web server. Here I host various apps and services and I also proxy out to various bits of hardware that I want to access via a sub domain.
From what I can see hass is using web sockets for the login, currently I can get to the login page but I get a number of ws failures when I try to login.
I’ve tried various rewrites with my current being:
Previously I was getting some errors on my network tab related to web sockets, but I’ve been through various tutorials and have all the related features enable in windows/IIS.
Currently I get this when I go to the sub.domain, opposed to the login and WS errors I saw previously.
Home Assistant had trouble
connecting to the server.
The IIS site for hass is running with no managed code and I’ve add both http and https bindings and am using Certify the web to provide a lets encrypt certificate. The cert if obviously on IIS opposed to directly being on hass and I have no config on hass relating to the cert.
Any help would be much appreciated, ps I’ve seen a few things about some issue with NGINX, but I have little to no experience with NGINX, I’m a dotnet developer by day so my experience is mainly around the microsoft stack.#
Did you resolve your problems? I think I have a similar setup. I am running IIS and all my normal traffic is on HTTPS but I cannot get hassio routed correctly.
If you have resolve this issue and can share it that would be great.
I haven’t had much time to play with this, but I would be interested to know what version of IIS and windows server you are running?
Basically I think there is an issue with the ARR module on IIS 8.5 that is fixed in IIS 10. You need to have the websockets module and ARR module installed, latest versions of each. It should just work then…
Essentially in 8.5 it’s not handling a header that gets added, I think some people have resolved it with rewrites but I am just in the process of updating some of my VMs to Server 2016.
I’ve finally found some time to get this to work, in the end I found the solution on the forums already…
Basically you need to start by creating two empty websites in IIS, one for Home Assistant and one for the Hass Configurator if you want to be able to make changes remotely.
Make sure you run the app pools as “No Managed Code”
Create two folders in your inetpub folder one for Home Assistant and for the Hass Configurator:
C:\inetpub\wwwroot\HomeAssistant
C:\inetpub\wwwroot\HassConfigurator
In each folder create a “web.config” file and a “.well-known” folder, make sure the folder name beings with a “.”.
In the web.config file in the Home Assistant folder add the following:
Back in IIS for both of the sites click on the Url Rewite module and select “View Server Variables”. Then add the following server variable: “HTTP_SEC_WEBSOCKET_EXTENSIONS”
The following will allow you to secure your site with SSL
For both sites in the IIS section, select Authentication and ensure you only have Anonymous enabled.
Then click edit on the anonymous option and ensure you select Application pool Identity.
Then install certify the web https://certifytheweb.com/ on your server, follow the instructions and when you get the option to automatically configure your site, select yes. This will create a file and some folders to validate your domain and add a web.config to allow static files to be served.
The web.config it create will be in the acme-challenge folder and should look like this:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Example web.config to allow access to extensionless json text files under <website>/.well-known/acme-challenge folder
* map extensionless files (. wildcard) to json
* allow all users
* does not attempt to override static file handler from parent config
-->
<configuration>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<staticContent>
<mimeMap fileExtension=".*" mimeType="text/json" />
</staticContent>
</system.webServer>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</configuration>
You may need to reorder the modules:
Goto Site/Server->Handler Mappings->View Ordered List
Move the StaticFile mapping above the ExtensionlessUrlHandler mappings.
Hopefully that should do you and you should have a fully working sub domain with SSL.
Also don’t forget to add host entries on your web server.
Finally I would recommend you add another rewrite to force all http request through to https.
Just and this in each web.config under the rule mentioned in step 5 and 6:
I’ve just run through this setup on my Server 2016, but I’m still seeing a “Unable to connect to Home Assistant.” after login, and the HA log says "Login attempt or request with invalid authentication from ".
I tried a few configurations within the configuration.yaml:
Example
Ideas on what needs to be tweaked would be appreciated!
setup notes:
HA is on centos 7 vm running on python virtual env.
reverse proxy is on a separate vlan running server 2016
I can login to HA O.K from the RP server, and local vlan.