I’m trying to get Nginx Proxy Manager working with HA so I can have SSL from outside my network and inside. I couldn’t get the app to connect locally so was forced to use the outside address before. That’s the goal anyway.
Successfully installed Nginx Proxy Manager. I have ports 80 and 443 forwarded in my unifi to 80 and 443 on my HA internal IP address as the documentation of the Nginx says to do.
I’ve commented my http settings in my config.yaml so there is nothing relevant under the “http” heading.
Nginx Proxy Manager config so far:
Domain Names: mydomain.duckdns.org
Scheme: http
Forward Hostname/IP: internal ip address of HA
Forward Port: 8123
Websockets Support is enabled
Publicly Accessible
Under SSL mydomain.duckdns.org is in the SSL Certificate area and I have Force SSL checked.
Any ideas as to what I’m doing wrong? I’m a little out of my depth as the certificate setup process is pretty new to me and i’m just trying to follow directions.
I’m assuming you mean in the Supervisor Log, right? I see this in red…
21-07-14 21:09:42 ERROR (SyncWorker_3) [supervisor.docker] Can’t start addon_core_letsencrypt: 500 Server Error for http+docker://localhost/v1.41/containers/b0ec0302371318f340526c03ac91c4d31982e25026de2246ed4ed5439e042283/start: Internal Server Error (“driver failed programming external connectivity on endpoint addon_core_letsencrypt (7869c7448b0cb3aec295e2f35f00f6dde392d51d4ad5ad0523434faa05b7dc15): Bind for 0.0.0.0:80 failed: port is already allocated”)
i also have these:
21-07-14 22:40:53 WARNING (MainThread) [supervisor.api.ingress] No valid ingress session None
21-07-14 22:41:06 WARNING (MainThread) [supervisor.api.ingress] No valid ingress session None
21-07-14 22:41:07 WARNING (MainThread) [supervisor.api.ingress] No valid ingress session None
21-07-14 22:41:13 WARNING (MainThread) [supervisor.api.ingress] No valid ingress session None
21-07-14 22:51:11 WARNING (MainThread) [supervisor.api.ingress] No valid ingress session None
021-07-14 23:08:06 ERROR (MainThread) [homeassistant.components.http.forwarded] A request from a reverse proxy was received from 172.30.33.8, but your HTTP integration is not set-up for reverse proxies
2021-07-14 23:08:08 ERROR (MainThread) [homeassistant.components.http.forwarded] A request from a reverse proxy was received from 172.30.33.8, but your HTTP integration is not set-up for reverse proxies
2021-07-14 23:08:10 ERROR (MainThread) [aiohttp.server] Error handling request
currently, letsencrypt addon is not running on my HA. is this right? i thought that the nginx was supposed to be handling all the certs now. like i said, i’m confused…
that works of course. is there a way to get ssl to work from a local ip address? i thought that was one of the features of nginx? before when i had letsencrypt on the HA itself i would get a warning when connecting locally but it would connect.
You should use this network rather than the specific IP that you see in the log. Since you’re using the proxy addon, the IP address can change periodically within that Docker network.
It should still work with https if you add the certificates under the http section in configuration. Is it really that important to you that you use ssl and https on your local network?
I’m having trouble with my local login, that’s why i’m asking. It works fine from the public duckdns address but i’m having trouble with the localip:8123. it brings up the login page but when i enter my user/pass and hit enter it gives me an error (see below).
@DavidFW1960 how would I put the secret in the http config? where do i get this from? what’s the process? Thanks.
Not to get sidetracked but I’m wondering if my certificate issues could also be causing an issue I’m having when i try to tie the Google Assistant integration to my home assistant. After setting it up and going in my google home app to add the device i get the 404: Not Found error.
assume you mean certificate not secret? the docs for the http integration show you the syntax. But why not just use your duckdns address? Your router will be doing NAT loopback so it’s the same thing with none of the grief.
where??
Probably not. You are entering the public IP address into the google console I assume? I also have problems with this at the moment after using it for 3 years with no issues and I don’t understand why. I subscribed to NabuCasa to fix it. Mine does not get the 404 error and a token is created but no devices are added. I have been meaning to have another crack as I am sure I can make it work… but it’s very unlikely ssl is the issue here… 404 means it’s not getting to HA externally.
okay. i’ll start another thread to see if maybe i can get to the bottom of the google assistant integration. i’m also using nabu casa right now as the alternative…
and that makes sense on the duckdns address using NAT loopback. i’ll just do that. is there a way to double check that it’s not going out and coming back in just kinda curious.
Yeah there is I’m embarassed to admin… Turn off port forwarding in your router. It will still work because it’s not routing in externally. It won’t work from outside of course… Yeah I had the same thing with a dev instance - I didn’t have any port forward for the HA port but had enabled independent port sharing for the device which I had assumed was why I still had connectivity and it wasn’t till I turned everything off for that device and it still worked that I realised what was happening as the domain had been added to the DNS rebind list in my router. You could also add the domain and internal IP address to the Windows Hosts file… I wouldn’t bother with any of that myself - I just use the domain.