Nginx Proxy Manager Issues

Configuration
,
1

Hi All,

Im try again the “Nginx Proxy Manager” but it won’t work.

1 RPi with Debian, HA, and the Nginx Proxy Manager Add on (192.168.100.24)

1 RPi with Debian, Nextcloud (192.168.100.25)

Both now accessible using https://hassio.my_domain.com:443 and https://nextcloud.my_domain.com:4443
Nextcloud on 4443 because it will conflict with HA now with port forwarding in router.

My idea was to test something with https://test.my_domain.com:443 and config the Nginx Proxy like this:

Schermafbeelding 2020-11-09 om 12.45.26
Schermafbeelding 2020-11-09 om 12.45.26721×268 25.3 KB

But this is not working. Because both domains now point still to Hassio login screen

Can someone help me how to let this work?

2

The whole point of using nginx is that it directs the traffic when it comes in, so you shouldn’t be adding port numbers to the end of the urls.

The system should be set up like this

Internet > Router > Port forward 80 and 443 to your nginx > correct url and port of final destination

So when you go to homeassistant.mydomain.com your router forwards it to nginx, which in turn forwards it to 192.x.x.200:8123

But when you do to nextcloud.mydomain.org your router forwards it to nginx, and it forwards that request to 192.x.x.100:443

Hopefully if this post has made any sense to you at all you can see where you need to reconfigure.

3

Have you setup the SSL on nginx proxy manager?
I noticed it says “HTTP Only”, so I think you may need to enable them.

The way you have it setup now looks like your homassistant and nextclould are dealing with they own SSL. The way I achieved this, nginx proxy manager deals with the SSL and other services like homeassistant or whatever else runs within the LAN using http only

1 Like
4

But my Nginx is on same RPi as HA, its a AddOn. So the correct url is same IP as my HA or same IP with port 443?

5

Your port 80 and 443 should resolve your nginx service. Your HA should not be responding on your port 80 or 443

1 Like
6

Thanks. that redirect will be done by Nginx with a forwarding as shown in my screenshot?

What to do with the SSL Cert that now is running on HA itself?
Revert back to http and create a SSL on Nginx for HA ?

7

Yes. Redirect is handled by nginx proxy manager for all your services you configure in it.

I did revert my homeassistant back to http and had nginx generate a new cert for it because it also handles the automatic renewal and all.

I’m sure there is ways to migrate that, but it’s probably more work than I wanted, so I went for the easy option.

8

First part was working. HA was loading correct. But then the whole homekit integration was so slow… and miss some things in develop tool to reset entities, or restart.

Nextcloud was not able to run on proxy… inside netwerk at home no problem. Point to IP itself.
Outside… didn’t work… to many http redirects…

So sadly revert back and keep it as it is…

9

Hi All,
I’ve starting having issues after I needed to reset my modem, prior to that I did not notice any issues connecting from remote, certainly my nginx configuration hasn’t changed.

So, currently I’m getting a screen as per below when I try to connect using https://homeassistanturl

Unable to connect to Home Assistant.
Retrying in 53 seconds…

I’m running HA on a RPi with nginx proxy manager configured.

I’m forwarding port 443 from the modem to the HA ip address port 443.
The configuration.yaml has the following config

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
  ip_ban_enabled: true
  login_attempts_threshold: 5

and nginx proxy is configured as below

image

I’m not sure if the configuration is exactly correct, but as I noted previously, the only thing that has changed recently is that I have factory reset the modem. Don’t even ask where the modem backup is :slight_smile:

If anyone has more experience setting this up then I’d love to hear from them.

Cheers,
Paul

10

OK, user error. Basically I added the port forwarding rule on the incorrect router interface, all up and running again as per “almost” the above description if anyone else is stuck.

In addition to the above, I use a custom wildcard cert rather than one of these instant short lived ones.

Cheers,
Paul