So, I have running a Digital Ocean (DO) droplet running with Algo VPN and nginx. The droplet has a domain associated with it (xyz.com). Nginx setup uses letsencrypt certificate. Connections to xyz.com:80 are redirected to a VPN client (10.19.49.2) on which HA is running. I can successfully connect to lovelace by means of using xyz.com in the browser. But what I want to do is not consume the / namespace on the URI. In other words I’d like to use xyz.com/my_ha for example. But I cannot get it to work - I have to say I am new to reverse proxy so learning but just stuck now.
This is my setup
configuration.yaml
http:
base_url: https://xyz.com
use_x_forwarded_for: true
trusted_proxies: 10.19.49.1 #-- my DO droplet's VPN IP
/etc/nginx/sites-enabled/default
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name xyz.com;
listen [::]:80 default_server ipv6only=off;
return 301 https://$host$request_uri;
}
server {
server_name xyz.com;
ssl_certificate /etc/letsencrypt/live/xyz.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xyz.com/privkey.pem;
listen [::]:443 ssl default_server ipv6only=off;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
proxy_buffering off;
#
#-- here I tried changing location '/' to '/my_ha' but I get the 404: error if not set to just /
#
location / {
proxy_pass http://10.19.49.2:8123; #-- My VPN client running HA
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
As per comment above, I tried changing location / to /my_ha but when I do that I get the 404: error; set it back to / and all works again, i.e. I can use https://xyz.com and my ha instance on a VPN client is presented (lovelace). Great. But not quite what I want (which is https://xyz.com/my_ha
Is what I seek even possible, and how please - explanation would help tremendously; I’ve tried, but got as far as my tech head allows me.
TIA
(p.s. Sorry about the colour scheme of code above, it’s not me, it’s whatever HA forums is doing to it.)
Is your plane to use “/” to forward to different server or port and “/my_ha” to go to HA server?
this cannot be done with NGINX to my knowledge. only subdomain, like ha.xyz.com, can forward to new server or port
honestly I never go this to work for me but I decided to search again when you asked and saw the example at link so let me know if it work for you
I try that before and never work but maybe there was something I was missing. I used subdomains and just moved on but plan to work on this since we on lockdown anyway and i have time
I now have correct redirection by nginx, but for some reason HA isnt allowing the connection, and I’m not sure how to debug this.
if I enter https://xyz.com/ha then I correctly - now - am redirected to 10.19.49.2 port 8123 and the HA frontend is displayed but it looks like this …
So nginx seems to have done it’s job, but I’ve either got HA misconfigured or need to do something with maybe the header in nginx? I then changed my configuration.yaml to set base_url: to https://xyz.com/ha but that didnt make any difference, I left it at that and so what I’ve got in my /etc/nginx/sites-enabled/default
I thought there was something needed in Nginx to allow websocket. I check my config and edit this. Normally you get that screen if ha down, browser using old/bad login credentials/cookie or maybe other issue.
That IS the guide i used
as i said, it was all working but something is wrong now so i need to diagnose but don’t know what to do, that’s the help i need.
location /abc {
rewrite ^/abc / break;
proxy_pass http://10.19.49.2:8123; #-- my VPN client running HA server
...
The rewrite ^/abc / break; rewrites the request otherwise 404 error is returned because the request is trying to find the HA server at https://xyz.com:8123/abc: when it needs to be https://xyz.com:8123
Still does not work. Note the referrer in Request Header is now /abc and not /lovelace .
I do not know enough how websites/servers work but the problem is that need to remove /abc from the Request Header and ensure it is /lovelace ??
Does this help?
**EDIT: Found this:
Seems like HA has hardcoded references to /path-to-js-file , and that’s why it doesnt work, but I do not understand. If the homeassistant server is at abc.com and https://abc.com works, then why can’t nginx be configured to spoof/edit a request for https://abc.com/homeassistant to https://abc.com
?
I dont think anything can be done. It’s just the way HA has been coded. Not good, but, it’s been around a long time and evolved over time. If it were being devd today then I’m sure the team would take a different approach in the web architecture. Anyway, easy answer, I bought a domain from google, created a subdomain (or synthetic record to use Google vernacular) and all is well now. I just change the domain part of my google host to direct traffic to the correct web app on my servers. £10 a year. Less than £1 a month.