Hi folks, I decided it’s time to put nginx in front of my installation, specifically for https and basic auth. After fiddling with the nginx conf to ensure it works with WebSockets, I’ve got it 99% working!
Here are the relevant parts of my conf, located inside a 443 server block alongside all the ssl directives:
auth_basic "Authentication Required";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_http_version 1.1;
proxy_buffering off;
proxy_pass http://192.168.1.51:8123;
}
When I navigate to HA without the reverse proxy (that is, if I browse to http://192.168.1.51:8123 directly) everything works 100%.
But when I navigate via the reverse proxy (that is, if I browse to https://me.example.com which points at my nginx box) everything works except for a tiny handful of features:
- The “Integrations” page at
/config/integrationsspins forever with no content. All other config pages seem fine. - When opening any card on the dashboard, it has everything except for the timeline with words like “Ready” or “Idle” – instead it just says “Loading state history…” forever where the timeline should be.
- Perhaps other things, but I’ve poked around a lot.
EDIT: I’ve traced the problem to the basic auth. If I take that away, it works fine. Any ideas how to overcome this? I trust the HA auth system, but “defense in depth” makes me want to try and hide the fact that it’s HA in the first place, since I’ve got it exposed to the world.