Nginx redirect only for specific URI

ninjadog · March 28, 2020, 9:03pm

So, I have running a Digital Ocean (DO) droplet running with Algo VPN and nginx. The droplet has a domain associated with it (xyz.com). Nginx setup uses letsencrypt certificate. Connections to xyz.com:80 are redirected to a VPN client (10.19.49.2) on which HA is running. I can successfully connect to lovelace by means of using xyz.com in the browser. But what I want to do is not consume the / namespace on the URI. In other words I’d like to use xyz.com/my_ha for example. But I cannot get it to work - I have to say I am new to reverse proxy so learning but just stuck now.

This is my setup

configuration.yaml

http:
  base_url: https://xyz.com
  use_x_forwarded_for: true
  trusted_proxies: 10.19.49.1 #-- my DO droplet's VPN IP

/etc/nginx/sites-enabled/default

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    server_name xyz.com;
    listen [::]:80 default_server ipv6only=off;
    return 301 https://$host$request_uri;
}

server {
    server_name xyz.com;
    ssl_certificate /etc/letsencrypt/live/xyz.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xyz.com/privkey.pem;

    listen [::]:443 ssl default_server ipv6only=off;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    ssl on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    proxy_buffering off;

#
#-- here I tried changing location '/' to '/my_ha' but I get the 404: error if not set to just /
#
    location / {
        proxy_pass http://10.19.49.2:8123;  #-- My VPN client running HA
        proxy_set_header Host $host;
        proxy_redirect http:// https://;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}

As per comment above, I tried changing location / to /my_ha but when I do that I get the 404: error; set it back to / and all works again, i.e. I can use https://xyz.com and my ha instance on a VPN client is presented (lovelace). Great. But not quite what I want (which is https://xyz.com/my_ha

Is what I seek even possible, and how please - explanation would help tremendously; I’ve tried, but got as far as my tech head allows me.

TIA

(p.s. Sorry about the colour scheme of code above, it’s not me, it’s whatever HA forums is doing to it.)

tmjpugh · March 28, 2020, 9:59pm

Is your plane to use “/” to forward to different server or port and “/my_ha” to go to HA server?
this cannot be done with NGINX to my knowledge. only subdomain, like ha.xyz.com, can forward to new server or port

EDIT
Maybe nevermind.

see example at link. maybe it help

gist.github.com

https://gist.github.com/soheilhy/8b94347ff8336d971ad0

nginxproxy.md

# Virtual Hosts on nginx (CSC309)

When hosting our web applications, we often have one public IP
address (_i.e.,_ an IP address visible to the outside world)
using which we want to host multiple web apps. For example, one
may wants to host three different web apps respectively for
`example1.com`, `example2.com`, and `example1.com/images` on
the same machine using a single IP address.

**How can we do that?** Well, the good news is Internet browsers

This file has been truncated. show original

ninjadog · March 28, 2020, 10:36pm

thanks. I’ll read that link
fyi, i wanted xyz.com/ha to go to one client with port 8123, and xyz.com/other to go to a different client with port 4000

tmjpugh · March 28, 2020, 10:47pm

honestly I never go this to work for me but I decided to search again when you asked and saw the example at link so let me know if it work for you

I try that before and never work but maybe there was something I was missing. I used subdomains and just moved on but plan to work on this since we on lockdown anyway and i have time

ninjadog · March 28, 2020, 11:36pm

Thanks, yes that link helped. Almost!

I now have correct redirection by nginx, but for some reason HA isnt allowing the connection, and I’m not sure how to debug this.

if I enter https://xyz.com/ha then I correctly - now - am redirected to 10.19.49.2 port 8123 and the HA frontend is displayed but it looks like this …
Capture

So nginx seems to have done it’s job, but I’ve either got HA misconfigured or need to do something with maybe the header in nginx? I then changed my configuration.yaml to set base_url: to https://xyz.com/ha but that didnt make any difference, I left it at that and so what I’ve got in my /etc/nginx/sites-enabled/default

    location /ha {
        rewrite ^/ha / break;
        proxy_pass http://10.19.49.2:8123;
        proxy_set_header Host $host;
        proxy_redirect http:// https://;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }

and I just get that screen above.

any ideas? It’s almost there

tmjpugh · March 29, 2020, 2:44am

Use docs as guide.

I thought there was something needed in Nginx to allow websocket. I check my config and edit this. Normally you get that screen if ha down, browser using old/bad login credentials/cookie or maybe other issue.

ninjadog · March 29, 2020, 10:04am

That IS the guide i used
as i said, it was all working but something is wrong now so i need to diagnose but don’t know what to do, that’s the help i need.

tmjpugh · March 29, 2020, 3:48pm

Honestly o don’t think it accessing correct path on ha server.

I test again yesterday and got same result as you. I try before and believe I have same issue and ultimately just used subdomain since no issue.

I research this later and reply if I get good results

ninjadog · March 29, 2020, 8:33pm

Ive noticed , in chrome debug (F12) that the errors start at manifest

WORKS when using (in the /etc/nginx/sites-enabled/default file)

    location / {
        proxy_pass http://10.19.49.2:8123; #-- my VPN client running HA server
        ...

Note the referrer in Request Header is lovelace)*

BUT

DOES NOT work when using

    location /abc {
        rewrite ^/abc / break;
        proxy_pass http://10.19.49.2:8123; #-- my VPN client running HA server
        ...

The rewrite ^/abc / break; rewrites the request otherwise 404 error is returned because the request is trying to find the HA server at https://xyz.com:8123/abc: when it needs to be https://xyz.com:8123

Still does not work. Note the referrer in Request Header is now /abc and not /lovelace .

So in other words, the actual URL for a HA front end is https://xyz.com:8123/lovelace - and that works.

I do not know enough how websites/servers work but the problem is that need to remove /abc from the Request Header and ensure it is /lovelace ??
Does this help?

**EDIT: Found this:

Seems like HA has hardcoded references to /path-to-js-file , and that’s why it doesnt work, but I do not understand. If the homeassistant server is at abc.com and https://abc.com works, then why can’t nginx be configured to spoof/edit a request for https://abc.com/homeassistant to https://abc.com
?

ninjadog · March 30, 2020, 10:39am

I dont think anything can be done. It’s just the way HA has been coded. Not good, but, it’s been around a long time and evolved over time. If it were being devd today then I’m sure the team would take a different approach in the web architecture. Anyway, easy answer, I bought a domain from google, created a subdomain (or synthetic record to use Google vernacular) and all is well now. I just change the domain part of my google host to direct traffic to the correct web app on my servers. £10 a year. Less than £1 a month.