Nginx redirects to router's webpage

Hi,

I had been running HA with basic auth in the config yaml (ver 0.4 on a RPi3 with Raspnian) using SSL with let’sencrypt and duckdns without any problems for a long time (but as my router doesn’t allow loopback/hairpinning I needed to use https://192.168.xx.xxx:8123 to access HA from inside and https://xxx.duckdns.org to access from outside since ever).

Today I decided to set up nginx as I think I’m not able to succesfully run Appdeamon without it.

The thing is that after successfully install nginx and configure it exactly as the docs, the following is happening;

_ The strangest thing to me; If I use http://xx.duckdns.org (without the S) from inside my network, it now shows the routers config webpage (the one that I should acess with 192.168.1.1_*

  • If I use httpS://xx.duxkdns.org (using the S) from inside my network it says that the webpage it’s not accessible (the same message as ever)

  • If I try to acces the duckdns URL (with http:// or with https://) from the outside it’s impossible access to HA

So can someone please help me to know what am I doing wrong? (My nginx config file it’s posted at the end)

Thanks

server {
    # Update this line to be your domain
    server_name xxx.duckdns.org;
    # These shouldn't need to be changed
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    return 301 https://$host$request_uri;
}
server {
    # Update this line to be your domain
    server_name xxx.duckdns.org;
    # Ensure these lines point to your SSL certificate and key
    ssl_certificate /etc/letsencrypt/live/xxx.duckdns.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxx.duckdns.org/privkey.pem;
    # Use these lines instead if you created a self-signed certificate
    # ssl_certificate /etc/nginx/ssl/cert.pem;
    # ssl_certificate_key /etc/nginx/ssl/key.pem;
    # Ensure this line points to your dhparams file
    ssl_dhparam /etc/nginx/ssl/dhparams.pem;
    # These shouldn't need to be changed
    listen 443 default_server;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    ssl on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    proxy_buffering off;
    location / {
        proxy_pass http://localhost:8123;
        proxy_set_header Host $host;
        proxy_redirect http:// https://;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}

Did you do any port forwarding in your router?

~Cheers

Yes, I followed all the instructions on the NGINX docs page. so regarding port fowarding I redirect 443 and 80 to my RPi and eliminate the 8123 rule

If you use the https (defaults to port 443) URL and land on your router config portforwarding does not work. Maybe your router does not allow forwarding of 80/443?

~Cheers

Actually it only lands on my router’s page when I use the http (http://xxx.duckdns.org) (which previously to nginx doesn’t lead to somewhere.
Because when I use the https://xxx.duckdns.org, as usual it returns “connection refused”

And the port fowarding on my router do work, because before nginx I was able to access HA form the outside with port fowarding seted up on 443 and also for set up letsencrypt/duckdns this was necessary and worked ok

Sorry I am unable to help you out here. If you did everything like you said it should work. I have this setup myself and this works perfectly. Your mentioned behaviour does not fit your nginx config whatsoever. Would you mind sharing you HA http config? Maybe this would bring some light. But from my perspective it looks like your port forwarding does not work correctly.

~Cheers

Did you removed the certificat’s rows in you config.yaml ?

1 Like

:scream: No I hadn’t removed the certificates rows because it doesn’t say that in the docs :angry:
After doing that (remove the 2 cert rows in the http section of my config.yaml I’m able to access internally with the IP of the RPi3 witout using any port or the “s” in http, so I can use 192.168.xx.xx and works

From the outside I’m able to use http://xxx.duckdns.org or httpS://xxx.duckdns.org and both ways works

The only really strange thing and wich actually is preventing me to use AppDeamon is;
if I use http://xxx.duckdns.org internally sends me directly to my router’s webpage
And if I use httpS://xxx.duckdns.org it doesn’t work as always

Do you know why this could be and how to fix it? (Just as a reminder my router don’t support loopback)

@PhyberApex below you can find the thhp part of my config.yaml file with the certs nad base_url commented. with this is everything ok? (By the way now the “trusted network” line doesn’t work, is that normal?)

http:
api_password: xxx
#ssl_certificate: ‘/etc/letsencrypt/live/xxx.duckdns.org/fullchain.pem’
#ssl_key: ‘/etc/letsencrypt/live/xxx.duckdns.org/privkey.pem’
#base_url: xxx.duckdns.org:8213
trusted_networks:
- 192.168.x.x/24

1 Like

Mine looks like this:

http:
  api_password: !secret http_api_pwd
  server_port: 8001
  base_url: DOMAIN.TLD
  trusted_networks:
    - 192.168.137.0/24

I don’t know what you mean by “Just as a reminder my router don’t support loopback”. But if you get different results from within your network then outside of your network with a domain you have a problem with the DNS-Server. Did you by chance configure a DNS server? Or what is the router model that you are using?

~Cheers

Sounds like your router is occupying ports 80 and 443
You can disable router external access(best) or move router external access port to a different port(good). Basically what @PhyberApex is saying.

I do not use duckdns but forwarding external port 8181(or any port) to nginx Server 443 should get around router issue.
You would need to point duckdns to https://<your_external>_ip:8181 for example

You really need to disable http access to your router(and likely https)!!

EDIT: nginx logs will show if there was an attempt to access site and where request was forwarded.

1 Like