NGINX + HTTPS - how to revert to only HTTPS

Hello! as per title, I have my nice HASS green almost working perfectly. I have NGINX proxy manager and DUCKDNS for the HTTPS certificate when I’m outside the local network.

The problem is that the application (both android and iOS) is very slow\bad on GPS and my wifey app (on iOS) has always problem on opening the app, needing to refresh, or close and reopen to make the app use the correct URL (internal or external url). I already set up GPS on full\always, etc but still it’s not reliable. My wife get mad on this, and we don’t want unhappy wife!

With this, I have also Galaxy Watch APP that still it’s working ONLY if you configured internal or external url, it can’t switch.

So I can think to avoid the internal URL in local, and switch to External URL with https certificate also in internal wifi.

→ How can I do it?

is it just simple to unistall NGINX? now https is not working, if i’m connected with WIFI, I did 1 year ago the installation of https, SSL certificate and trusted proxies etc, to enable local access into HASS with wifi, and I don’t know how to revert back, without loosing everything.

The objective is to have only https external URL access, both in wifi and external internet. At the end I don’t care if it can be faster in lan than external, it’s just switching on lights, open outside door and some automations with notification

thanks for suggestions

HA APP >> setting >> companion app

Select your server on this page and you will see option for external And internal URL.

Delete internal URL or set internal URL to https address.

the problem is this. I can’t use External url when I’m connected to WIFI=local network. It’s about reverse proxy or similar that I set up in the past with NGINX, to avouid going into internet to switch ON a light in my home. At the end, this mechanism is creaing more side effects that oher, because the switch between ext and int is not working well

Look at HTTP section of HA config.
Do you have nginx IP setup as “trusted_Proxies

If not, this is issue with connected to external address from internal network.

Are you using this Nginx Proxy Manager? If so there’s no reason why the external URL won’t work on the local network at all - assuming you have set it up correctly.

If reverse NAT – I think thats what its called – is not working or blocked you may not be able to connect into router from internal LAN. This will cause this issue. I forgot to mention this.

nope, it’s not the same, I have this installed: addons/nginx_proxy at master · home-assistant/addons · GitHub

I’d try the other one :slight_smile:

I have the section in the configuration.yaml as trusted proxies. I think it’s to have internal url avoiding use https

With the other add-on you can get your https and local http without issue. No need for any extra config. It just works.

No. It tells HA to expect requests to come from an unexpected source – nginx or other proxy – so that it does not think someone is hijacking your traffic

Therefore in a reverse proxy scenario, this option should be set with extreme care. If the immediate upstream proxy is not in the list, the request will be rejected. If any other intermediate proxy is not in the list, the first untrusted proxy will be considered the client.

You also should set use_x_forwarded_fort so HA can know the IP of the connecting device

This may not be a concern now. I just tell you for understanding of the purpose. Need to determine what is happening to internal >> external.

Really you can look at logs from HA or nginx and see exactly what is happening with request but this can be difficult and unfortunately I dont know your setup well enough to instruct how to retreive them. This would be clearest method to determine issue before just guessing. Guessing is easier if you cannot determine how to check in logs. If you have logs I can help determine their meaning.

So, If I install this Proxy Manger, that is different than the add-on that I have instlaled right now, I can have both internal URL and External URL working together?
this will solve all my issue with maybe no big modification.

The objective should be “enable the external url https to work also in local lan” actually it’s not, and I think it’s becuase this proxy manager.

do you have some guide to advice? or some steps? many thanks

I’m not near my HA at the moment but it’s fairly self explanatory with a nice GUI.

There’s an animation on the add-on if you add it - watch that before you start :slight_smile:

It even handles your SSL certs without the need of any other add-ons.

yes I checked and seems too easy to be true! in your opinion, is this something that can works for my situation? checking that short gif\guide, seems that I can force the SSL and redirect the domain url to the internal ip.
in your opinion, I should just remove the previous add-on of NGINX, and install this one? DUCKDNS I think must remain because it’s about domain and exposure in internet

Yep, years ago I did the same. Went from the nginx you are using to this one. Haven’t looked back :slight_smile:

DuckDNS needs to remain, I have a fixed IP so don’t have that issue any more (I did use DuckDNS for 12 months though)