NGINX: API errors?

Configuration
1

Hi guys, I just installed the official NGNIX addon and configured it following the guide described in Documentation. It works, but in the report log there’s a lot of errors related to API:

2024/01/22 02:45:18 [error] 152#152: *72 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "GET /api/websocket HTTP/1.1", upstream: "http://172.30.32.1:8123/api/websocket", host: "my.duckdns.org"

and a lot of this:

2024/01/22 02:48:11 [error] 142#142: *48 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "GET /api/websocket HTTP/1.1", upstream: "http://172.30.32.1:8123/api/websocket", host: "my.duckdns.org"

Also, Google TTS not works anymore:
* Failed to cast media https://192.168.1.25:8123/api/tts_proxy/71a4976caa58fae5586e8cee9e09a13ade31700e_it_-_tts.google_it_it.mp3 from internal_url (https://192.168.1.25:8123). Please make sure the URL is: Reachable from the cast device and either a publicly resolvable hostname or an IP address

and also all REST command doesn’t connect.

So, I think that I need some kind of API configuration for NGINX, but I don’t know how to do it (I never used a reverse proxy in my life). I’m tried this file in /share/nginx_proxy_default_fix_ingress.conf but it didn’t solve the issue:

location /api {
    proxy_connect_timeout 60;
    proxy_read_timeout 60;
    proxy_send_timeout 60;
    proxy_intercept_errors off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Host $host:8126;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://homeassistant.local:8123/api;
}

Please, could you help me?
Thanks to all

2

After some test, seems that I solved the API errors, but non the ones related to api/websocket.

For example, now I can connect to HA for example with: curl -X GET -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI...." -H "Content-Type: application/json" http://192.168.1.25:8123/api/states but still remains the issues with api/websocket call as reported in Nginx Report:


2024/01/23 18:31:28 [error] 152#152: *34 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "GET /api/websocket HTTP/1.1", upstream: "http://192.168.1.25:8123/api/websocket", host: "my.duckdns.org"
2024/01/23 18:31:29 [error] 152#152: *36 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "GET /api/websocket HTTP/1.1", upstream: "http://192.168.1.25:8123/api/websocket", host: "my.duckdns.org"
2024/01/23 18:31:31 [error] 152#152: *38 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "GET /api/websocket HTTP/1.1", upstream: "http://192.168.1.25:8123/api/websocket", host: "my.duckdns.org"
2024/01/23 18:31:34 [error] 152#152: *40 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "GET /api/websocket HTTP/1.1", upstream: "http://192.168.1.25:8123/api/websocket", host: "my.duckdns.org"
2024/01/23 18:31:38 [error] 152#152: *42 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "GET /api/websocket HTTP/1.1", upstream: "http://192.168.1.25:8123/api/websocket", host: "my.duckdns.org"
2024/01/23 18:31:43 [error] 152#152: *44 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "GET /api/websocket HTTP/1.1", upstream: "http://192.168.1.25:8123/api/websocket", host: "my.duckdns.org"
2024/01/23 18:31:48 [error] 152#152: *46 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "GET /api/websocket HTTP/1.1", upstream: "http://192.168.1.25:8123/api/websocket", host: "my.duckdns.org"
2024/01/23 18:31:54 [error] 152#152: *48 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "GET /api/websocket HTTP/1.1", upstream: "http://192.168.1.25:8123/api/websocket", host: "my.duckdns.org"
2024/01/23 18:31:59 [error] 152#152: *50 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "GET /api/websocket HTTP/1.1", upstream: "http://192.168.1.25:8123/api/websocket", host: "my.duckdns.org"
2024/01/23 18:32:04 [error] 152#152: *52 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "GET /api/websocket HTTP/1.1", upstream: "http://192.168.1.25:8123/api/websocket", host: "my.duckdns.org"
2024/01/23 18:32:09 [error] 152#152: *54 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "GET /api/websocket HTTP/1.1", upstream: "http://192.168.1.25:8123/api/websocket", host: "my.duckdns.org"

My actual config is:

location /api {
    proxy_pass http://192.168.1.25:8123;
    proxy_set_header Host $host;
    proxy_redirect http:// https://;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
}

location /api/websocket {
    proxy_pass http://192.168.1.25:8123/api/websocket;
    proxy_set_header Host $host;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
}

In this scenario Google TTS cache the audio files in /tts folder but doesn’t cast to the media player:

Failed to cast media https://192.168.1.25:8123/api/tts_proxy/ade1bdbf603d24c75cc63914aafcff899f705859_it_-_tts.google_it_it.mp3 from internal_url (https://192.168.1.25:8123). Please make sure the URL is: Reachable from the cast device and either a publicly resolvable hostname or an IP address
3

Yeah - so - did you go in to the settings > system > network and entered your DuckDNS domain in there? Because obviously https://192.168.1.25:8123 will not work, because HA is not configured to serve https, it’s nginx doing that. Additionally the cert will not be valid when accessed by the IP address.

You need to tell HomeAssistant what the external domain is so that devices like Google Hub / Google Mini will try and access it by the right URL.

4

Hi, thanks for your reply.
My DuckDNS domain appears in system/network.
The strange behaviour is that I can’t change this two forms: they are greyed out. Also if I set Automatic the Save button Is still disabled.
I have nothing about internal or external URL defined in my configuration.yaml

IMG_20240124_000353
IMG_20240124_0003532400×1080 180 KB

IMG_20240124_000307
IMG_20240124_0003072400×1080 191 KB

5

That suggests that you set those values in YAML in configuration.yaml.
That doesn’t look correct though.

The internal address is incorrect because you can’t / should not access the https via IP address, or you will get certificate errors. As for your external address is that correct? have you really port forwarded 8123? Because nginx usually is port 443, so you normally forward 80 and 443 to the Home Assistant IP address.

I’d expect your setup to be:

Internal: http://192.168.1.25:8123 (and I can see from nginx configuration, that this is in fact what it is HTTP, not HTTPS )
External: https://domain.duckdns.org (no :8123 on the end).

6

So, I have to add again internal and external URL inside the configuratiom.yaml? There’s no way to “unlock” the gui and modify It from there?

This Is my config about nginx Port and Router portforward:

IMG_20240124_002205
IMG_20240124_0022051057×865 124 KB

Screenshot_2024-01-24-00-20-06-884_io.homeassistant.companion.android
Screenshot_2024-01-24-00-20-06-884_io.homeassistant.companion.android1080×2400 184 KB

7

Nginx is trying to connect to HA over http://192.168.1.25:8123. Is that where HA is listening, including port and protocol?

8

No, if you have it in configuration.yaml you should remove it from there and restart Home Assistant to make it editble in the GUI.

You router is port forwarding port 443 to Home Assistant which is correct, though you should also be forwarding port 80 as well, otherwise it won’t be able to renew the certificate in a few months.

As you can see you are forwarding 443 to Home Assistant - so you should NOT be trying to use port 8123 when you are accessing the https address. It should just me https://mydomain.duckdns.org

EDIT:
I’ve just done a quick Google and people are saying that the GUI is locked if you have certain entries under

homeassistant:

in the configuration.yaml. Can you paste that block of your config here?

9

As you can see, I deleted internal and external URL. I don’t remember when but a lot of time ago and rebooted a lot of time from there.

Screenshot_2024-01-24-00-51-13-915-edit_io.homeassistant.companion.android
Screenshot_2024-01-24-00-51-13-915-edit_io.homeassistant.companion.android1069×1039 137 KB

10

192.168.1.25 is the IP address of my Rpi that runs Home Assistant OS

11

Right so I would remove

  country: IT

Because that is the sort of thing that should be set in the GUI, not YAML.

You will not be able to edit anything in Settings > System > General in the UI if you are using YAML configuration for any of the following: name, latitude, longitude, elevation, unit_system, temperature_unit, time_zone, external_url, internal_url, country, currency.

from Setup basic information - Home Assistant

1 Like
12

Yeah! Great. Just removed the country and the gui Is unlocked. Now, lease, just a quick recap before doing the mods.

External:
https://my.duckdns.org
(without 8123)

Internal:
http://192.168.1.25:8123
(Or Automatic)

Right?

1 Like
13

Yup, that is correct.
That should fix everything.

14

Google TTS works fine, but i see always the websocket errors in nginx report generated for my router (192.168.1.1)

Now seems that they are a Little different :

2024/01/24 01:38:22 [error] 152#152: *18 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: my.duckdns.org, request: "POST /api/webhook/3cdf218bbcecf99dd44296e2395c0784d193a832a55bbfxyz HTTP/2.0", upstream: "http://192.168.1.25:8123/api/webhook/3cdf218bbcecf99dd44296e2395c0784d193a832a55bbxyz", host: "my.duckdns.org"

The address 192.168.1.25:8123/api/webhook
and http 2.0 and not 1.1

I have to change Nginx config adding " local /ali/webhook?

15

Doesn’t Nginx need a config entry to pass websockets? I’ve seem other people setting it for the protocol to work properly.

16

I using this:

Maybe I have to try adding

location /api/webhook {
    proxy_pass http://192.168.1.25:8123/api/webhook;
    proxy_set_header Host $host;
    proxy_http_version 2.0;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
}

What do you think about?

17

Just did a search on the forum and couldn’t find it. I may be confused. There are entries for the nginx config regarding websockets but there are no close matches for them.

18

I tried this and nginx stopped (https down) with this error:

nginx: [emerg] invalid value "2.0" in /share/nginx_proxy_default_fix_ingress.conf:22