Nginx --> internal network for a subdomain. Do get hassio homescreen, login failing

IoTPlay · March 15, 2021, 9:00pm

Hi, I am following a different approach to getting external access to my internal home assistant RPi.

I use a proxy_pass directive on nginx - routing the “https://sub.domain.com” to the internal server’s IP-address:8123.

I am able to get to the Home Assistant login screen. But, when I log in with my credentials - both from a web page, and from the app, I get the home assistant logo, and the message below it:

Unable to connect to Home Assistant.
RETRY

So - from external to my network I do get to the home page, but cannot log in.

Some settings:

On the Internet facing RPi - which I get to with port forwarding - I only enabled ports 80 and 443.
I have successfully installed LetsEncrypt on nginx for sub.domain.com
I have ufw firewall running - between the nginx server and the internal home assistant server, and enabled a rule to pass traffic from nginx to homeasst-ipaddess and port 8123.
I have checked and double checked - and tried with a different user’s uid/pwd as well.

The Log file states:

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:116
Integration: HTTP (documentation, issues)
First occurred: 23:01:04 (2 occurrences)
Last logged: 23:01:07

Login attempt or request with invalid authentication from nginx.domain (xxx.xxx.xx.x). (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15)

Where else should I look - for home page coming up, but logging in not working?

Burningstone · March 15, 2021, 9:07pm

Don’t know if it helps, but I have a similar setup to yours and here’s my working nginx config:

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

# redirect all traffic to https
server {
	listen 80;
	server_name *.yourdomain.com;
	return 301 https://$host$request_uri;
}

############### Home Assistant ####################
server {
	listen 443 ssl default_server;

	server_name ha.yourdomain.com;

	# enable subfolder method reverse proxy confs
	include /config/nginx/proxy-confs/*.subfolder.conf;

	# all ssl related config moved to ssl.conf
	include /config/nginx/ssl.conf;

	proxy_buffering off;

	location / {
		proxy_set_header Host $host;
		proxy_redirect http:// https://;
		proxy_http_version 1.1;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_pass http://ip-of-ha-instance:8123;
	}
}

IoTPlay · March 15, 2021, 9:10pm

I do not have the map directive in - will try that quick.

Tx for suggestion - did add that - and restarted nginx - no luck yet…