NGINX on a separate VM

Hi, for another server that gives me problem I do need to change my working CADDY configuration and setup (I am using HASSIO CADDY ADDON) , and install NGINX, but not with the HASSIO addon, because I do have to modify the NGINX file.

So I think my solution will be

Internet ===> Router forward port 443 (80?) ====> VM with only NGINX

and the VM with NGINX should forward all information to various internal servers (one of which is HASSIO).

Can you please help me in how to do this VM and structure the NGINX configuration file for HASSIO (so that it works with Google Home and all)

I do use duckdns.org subdomains for all my servers and letsencrypt

Make a VM. Install NGINX. Configure.

Something wrong with the official docs?

well I can’t make it work, tried 20 combinations got tired of it.

I will try with using NGINX Proxy Manager HASSIO addon. Now I do need to change the NGINX configuration file manually, but how to access it …, how to access hassio addon configuration file?

I do not understand how to do the “import from usb”?

Use a USB drive formatted with FAT, ext4, or NTFS and name it CONFIG (case sensitive). Create an authorized_keys file containing your public key, and place it in the root of the USB drive. From the UI, navigate to the hass.io system page and choose “Import from USB”. You can now access your device as root over SSH on port 22222. Alternatively, the file will be imported from the USB when the hass.io device is rebooted.

Ok I managed to import from USB, in the HASSIO log I have

0-02-01 01:19:01 INFO (MainThread) [hassio.hassos] Syncing configuration from USB with HassOS.
20-02-01 01:19:01 INFO (MainThread) [hassio.host.services] Restart local service hassos-config.service
20-02-01 01:19:01 INFO (MainThread) [hassio.utils.gdbus] Call org.freedesktop.systemd1.Manager.RestartUnit on /org/freedesktop/systemd1

but I still get connection refused

For what?

Pretty sure the add-on has a config file you can access over the SMB share.

Its a menu inside HASSIO wubUI, basically you upload the public key. I did that but is not working, clearly I am doing something wrong, but not know what

seems not, you can access its container, not its root

But I’m asking you why you think you need to do that for nginx to be configured.

But that’s all you need to access. You don’t need access to /

I need to change the configuration file of the HASSIO ADDON NGINX PROXY MANAGER, can you tell me how to access that?

In the config of the nginx add-on…

But I’m really curious as to why you say you couldn’t use a separate VM and what you think failed there.

Literally right there in the documentation.

For the power users, you can customize the behavior of each host in the Nginx proxy manager by providing additional Nginx directives.

no, it does not allow the customization I need, need to access the original configuration file (nginx server block)

they forgot to mention how …

I need to do this on the NGINX configuration. How to from the WEBUI? In case is not possible, how to access directly the files of the Nginx Proxy Addon, to modify them manually?


server {
    server_name scry.mydomain.com;  
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/scry.mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/scry.mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
        ssi on;
        proxy_pass https://10.254.0.104/;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }
    # BOSH
    location /http-bind {
        proxy_pass http://10.254.0.104:5280/http-bind;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }

    # xmpp websockets
    location /xmpp-websocket {
        proxy_pass              http://10.254.0.104:5280/xmpp-websocket;
        proxy_http_version      1.1;
        proxy_set_header        Upgrade $http_upgrade;
        proxy_set_header        Connection "upgrade";
        proxy_set_header        Host $host;
        tcp_nodelay             on;
    }
}

For what?

It’s extremely rare to ever need to modify the original conf. You add directives to files that get included, and in this case, the add-on config has a section that handles this.

So let’s start with why you couldn’t get it to work in a separate VM. There is nothing in HA that prevents it from working this way (I ran nginx reverse proxy for over a year on my HA before switching to traefik). I’ve been running nginx reverse proxies for over 8 years. It’s a pretty simple config.

You don’t modify the add-on files inside the container. That’s not how you docker, and they will be removed on the next update.

This line is suspect. Does the web service running on that IP use https? If you don’t have a proper cert there, your config for that directive will be broken. Normally you would use SSL on the reverse proxy and pass that through to a non-ssl site.

yes it has been tested by another user for that type of server.

I guess if you’re going to continue to ignore my questions I’m out of this conversation. These little one liners that don’t have any information in them are worthless for troubleshooting