Nginx and 404 error

Hi guys

I have had my setup working over SSL and port 8123 for months now without issue on a Rpi. I have just installed nginx for access to all my other services like sonarr, radarr etc and it works great with the built in authentication. However, I am trying to get it to work with HassIO and failing miserably. I just keep getting either 404 or bad gateway errors.

I have rebuilt HassIO on Ubuntu 18.04 without SSL and it works fine internally through http://192.168.10.60:8123. Nginx & Tautulli runs on 192.168.10.31. Sonarr/Radarr/NZBGet runs on 192.168.10.30.

I now want to access HA through my nginx at https://home.mydomain.com/ha. After trying all sorts of config I either get a bad gateway or 404 error. Here is my config, can anyone help?

server {

        listen 80 default_server;
        listen [::]:80 default_server;
    
        server_name <redacted> 192.168.10.31;
        return 301 https://$server_name$request_uri;
}

server {

 # SSL configuration

 listen 443 ssl http2 default_server;
 listen [::]:443 ssl http2 default_server;
 include /etc/nginx/snippets/strong-ssl.conf;
 ssl_certificate /etc/letsencrypt/live/<redacted>/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/<redacted>/privkey.pem;

 # Root location
 root /var/www/html;
 
 # Add index.php to the list if you are using PHP
 index index.html index.htm index.nginx-debian.html;
 
 # Basic Auth to protect the site
 auth_basic "Restricted";
 auth_basic_user_file /etc/nginx/.htpasswd;

 # Change the client side error pages (4xx) to prevent some information disclosure
 error_page 401 403 404 /404.html;

 # First attempt to serve request as file, then as directory,
 # then fall back to displaying a 404.
 
 location / {
          try_files $uri $uri/ =404;
 }
 
 # Deny access to .htaccess files, if Apache's document
 # root concurs with nginx's one
 
 location ~ /\.ht {
          deny all;
 }

# Let's Encrypt Webroot plugin location -- allow access

 location ^~ /.well-known/acme-challenge/ {
          auth_basic off;
          autoindex on;
       }

# Location settings for reverse proxy; enable those you wish to use
# by removing the # from the section between the location line and the last }
#

# NZBGet
 location /nzbget {
   proxy_pass http://192.168.10.30:6789;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 }

# Sonarr
 location /sonarr {
    proxy_pass http://192.168.10.30:8989;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

# Radarr
 location /radarr {
   proxy_pass http://192.168.10.30:7878;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 }

# Tautulli
# Turn off auth for Tautulli remote
location /tautulli {
    auth_basic "off";
        include /etc/nginx/uwsgi_params;
        uwsgi_pass unix:/tmp/app.sock;
    proxy_pass http://127.0.0.1:8181;
    proxy_set_header    Host                $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header    X-Forwarded-Host    $server_name;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header    X-Forwarded-Ssl     on;
}
location /api {
    auth_basic "off";
        include /etc/nginx/uwsgi_params;
        uwsgi_pass unix:/tmp/app.sock;
}

# HA
 location /ha {
   proxy_pass http://192.168.10.60:8123;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 }

}

I don’t have anything set in my configuration.yaml apart from my password.

Look at http component

I think you must set use_x_forward_for: true and set trusted_proxies

Don’t know if you saw NGINX stuff in docs

Thanks for this info, I hadn’t spotted this :slight_smile:

After a bit of trial and error, I am now accessing my HA instance using a domain name https://ha.home.mydomain.com. It does not prompt me to login to the NGINX but does when I log into HA.

Am I assuming that HA does not support using subfolders on a reverse proxy? So I cannot use https://home.mydomain.com/ha ?

Thanks

Am I assuming that HA does not support using subfolders on a reverse proxy? So I cannot use https://home.mydomain.com/ha ?

I would actually like to know this as well. I’m unable to make it work with a different root folder.

Is that a function of HA or your nginx setup?

I think nginx determines this and HA don’t care.
So if you use https://mydomain/ha, as long as /ha is properly forwarded it should work and HA should just see request

I was success /ha I think but at time could not forward /ha and /Plex and make work so I use separate subdomain ultimately. I am sure subfolder was possible but moved on cuz didn’t care at time

So you already solved all your issues?In this post I shared the config I use: External access for Hassio behind CG-NAT?