Need help getting Swag to work

robl45 · May 17, 2025, 10:20pm

Hope I’m in the right place. Have swag working for Jellyfin, but with homeassistant I’m getting bad gateway 400 error. I have it setup exactly the same just not sure if something is messed up in the configuration yaml. I am running this on docker. Once I add the nginx file, I go from getting the swag page to bad gateway but everything is the same as for jellyfin, I put in the ipaddress of the server. Not sure what is wrong.

Loads default set of integrations. Do not remove.

default_config:

Load frontend themes from the themes folder

frontend:
themes: !include_dir_merge_named themes

automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.68.XXX

172.19.0.0/12

Version 2023/02/05

make sure that your homeassistant container is named homeassistant

make sure that your dns has a cname set for homeassistant

As of homeassistant 2021.7.0, it is now required to define the network range your proxy resides in, this is done in Homeassitants configuration.yaml

HTTP - Home Assistant

Example below uses the default dockernetwork ranges, you may need to update this if you dont use defaults.

http:

use_x_forwarded_for: true

trusted_proxies:

- 172.16.0.0/12

server {
listen 443 ssl;
listen [::]:443 ssl;

server_name ha.*;

include /config/nginx/ssl.conf;

client_max_body_size 0;

# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;

# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;

# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;

location / {
    # enable the next two lines for http auth
    #auth_basic "Restricted";
    #auth_basic_user_file /config/nginx/.htpasswd;

    # enable for ldap auth (requires ldap-server.conf in the server block)
    #include /config/nginx/ldap-location.conf;

    # enable for Authelia (requires authelia-server.conf in the server block)
    #include /config/nginx/authelia-location.conf;

    # enable for Authentik (requires authentik-server.conf in the server block)
    #include /config/nginx/authentik-location.conf;

    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_app 192.168.68.XXX;
    set $upstream_port 8123;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

}

location ~ ^/(api|local|media)/ {
    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_app 192.168.68.XXX;
    set $upstream_port 8123;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}

}

robl45 · May 18, 2025, 1:35am

so I read another thread on here and it said to check the logs and I did. I get this

2025-05-17 21:24:31.281 WARNING (SyncWorker_0) [homeassistant.loader] We found a custom integration hacs which has not been tested by Home Assistant. This component might cause stability problems, be sure to disable it if you experience issues with Home Assistant
2025-05-17 21:25:49.549 ERROR (MainThread) [homeassistant.components.http.forwarded] A request from a reverse proxy was received from 172.19.0.2, but your HTTP integration is not set-up for reverse proxies

so I added the below, but then the local home assistant goes into recovery mode and I have to comment out the below to get it to restart. does anyone know what is going on? The other thread said if I put in the info as below it would fix the bad gateway 400 error.

#http:
#use_x_forwarded_for: true
#trusted_proxies:

- 172.19.0.0/16

#-   172.17.0.0/16

#- 192.168.68.157

stevemann · May 18, 2025, 3:28am

There are probably a lot of people here that would like to help, but you have to post your YAML code in code tags. The forum editor fracks up the formatting to unreadable gibberish.
How to help us help you - or How to ask a good question - Configuration - Home Assistant Community
You can edit your original post to add the code tags.

francisp · May 18, 2025, 3:36am

This is my swag config

# make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name home.mydomain.com;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app homeassistant;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass http://10.0.0.66:8123;

    }

    location /api/websocket {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app homeassistant;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass http://10.0.0.66:8123;

        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

and matching entry in configuration.yaml

http:
  ip_ban_enabled: true
  login_attempts_threshold: 5
  cors_allowed_origins:
    - https://google.com
    - https://www.home-assistant.io
  use_x_forwarded_for: true    
  trusted_proxies:
    - 10.0.0.63
    - 10.0.0.67
    - 172.18.0.2