Hello all.
I was running HAss through a dedicated port for a while. Now I’ve pulled my finger out and connected “hass” through nginx. It’s all resolving and accessible. However, I’m getting the “Connection lost. Reconnecting…” message permanently and not receiving updates without refreshing the page.
Any ideas on what might be causing this issue?
Could anyone share their nginx config to see if there’s anything missing?
It would probably be more help for you to share your Nginx config, and if you are trying to do SSL, your configuration.yaml entry for HTTP, etc. My setup will probably be very different from yours.
What is likely happening is that your page is cached in your browser. Try clearing your cache. You probably don’t have any traffic going through Nginx. Double check that your site is enabled (symlink from sites available), and that Nginx is actually running (on debian/rasbian that would be ‘systemctl status nginx’). If those are both good, check your /var/logs/daemon.log for Nginx Errors.
Did you follow the instructions here?
https://home-assistant.io/ecosystem/nginx/
As rbray89 mentioned, your config would help a lot, version of HASS, etc…
Proxy buffering may be your issue.
worker_processes 2;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
#pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
# Update this line to be your domain
server_name REDACTED;
# These shouldn't need to be changed
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
server {
# Update this line to be your domain
server_name REDACTED;
# Ensure these lines point to your SSL certificate and key
ssl_certificate /etc/letsencrypt/live/REDACTED/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/REDACTED/privkey.pem;
# These shouldn't need to be changed
listen 443 default_server;
listen [::]:443 default_server;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
proxy_buffering off;
location / {
proxy_pass http://localhost:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
}The only change I’ve made is adding and connection through nginx.
Everything else is unchanged and was working perfectly beforehand.
Connecting directly whilst on the LAN doesn’t present the same issue.
nginx site config is as follows:
server {
listen 80;
server_name hass.mydomain.com;
proxy_buffering off;
location / {
proxy_buffering off;
proxy_pass http://192.168.1.125:8123/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I’ve added this as a conf which is included from “include /etc/nginx/sites-enabled/*”
I’m not using ssl yet so I don’t believe I need any of the “upgrade” lines
The upgrade line takes care of the websocket connection (which is responsible for the live update of the UI). So yes you need it. But the way it’s documented it didn’t work for me as well, so i just added another location for the socket path. ATM I’m on mobile so i can’t look it up, but press F12 in Cjrome or Firefox and have a look at the log 
I’ll try to post my config when I’m home.
Cheers Hannes
And Nginix is running? The daemon is up?
I’m Assuming your Nginx instance is on another box from your HASS instance? Otherwise you should be using localhost instead of the full IP.
You don’t need the second "proxy_buffering off;’ line.
I assume your “hass.mydomain.com” is a substitute for a real domain that exists and you have something on your network registering with DNS? This could be your issue likely.
tracert (windows) (traceroute for linux) your domain to see if packets are making it where you expect them to.
Connection upgrade can’t hurt:
proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade';
Do you have a mobile phone with data? Try accessing it from your phone with wifi turned off. If it works, you have to setup local DNS redirection on your router.
Ahah. Perfect!
Adding this section into the “http” object in nginx.conf
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
And then this to my site.conf has done the trick
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;I have the same issue but only with Safari on iOS and Mac. I have the connection upgrade lines in my configuration.
I also have nginx authentication turned on instead of the built in HASS auth.
Hi guys,
I’m having a similar problem here with safari on an iphone6 having a “Connection error. Reconnecting…”
The frontend is not updating on “Safari”. It does how ever work for my Android and Windows devices.
Could you please take a look at my nginx.conf and point out any issues. Note I’m using client certificate authentication.
I have checked it against the guide in the HomeAssistant documentation.
Thanks in advance!
nginx.conf below
#user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
map $http_upgrade $connection_upgrade {
default upgrade;
‘’ close;
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
server {
# Update this line to be your domain
server_name example.com; #changed for security :)
# These shouldn't need to be changed
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
server {
listen 443;
ssl on;
server_name example.com; # changed for security :)
ssl_certificate /home/pi/server.crt;
ssl_certificate_key /home/pi/server.key;
ssl_client_certificate /home/pi/ca.crt;
ssl_verify_client on;
# Things for better security
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# For quicker streaming updates in HA. Thanks @stephenmg12
proxy_buffering off;
location / {
proxy_pass http://127.0.0.1:8123/; # The server you want to redirect to
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
#proxy_set_header Connection 'upgrade';
#proxy_set_header X-Real-IP $remote_addr;
}
}
}
apologies for the messy code sample not being in one code box…played around for 20mins and couldn’t get it formatted properly!
I also have nginx authentication turned on instead of the built in HASS auth.
Unfortunately this is the issue. This is a long term bug that no one seems to be getting fixed in WebKit where web sockets don’t respond correctly to the need to authenticate, thus the issue would be present on iOS and macOS Safari both. I think it’s nuts it hasn’t been addressed by now…
If your nginx configs work with other browsers, then, your config is good. It’s your browser’s fault 