Nginx setup help needed

StimpyMGS · April 1, 2025, 1:36pm

Hi,
Recently I somehow lost access to all my Nginx hosts. Nothing in the configuration has changed. Now I would like to set it up again.
I’m running a Nginx proxy server in proxmox. I can access the web UI fine.
In Nginx, I add a proxy host:
domain name: www.domainname.nl
scheme: http
IP: 192.168.1.131
port: 8123
block common exploits enabled
websockets support enabled

then I add my custom SSL certificate which is valid till august this year by uploading the 3 certificate files that my domain provider has provided (cabundle.crt, certificate.crt, certificate.key)

In the proxy host I just created, I then select this certificate and enable “force SSL” and click save.

When I visit www.domainname.nl, I receive a “secure connection failed” error (Firefox). When I use Edge, I can continue. I then see the Nginx “congratulations!” page. For some reason it is not forwarding me to the internal IP that I have set.

I have forwarded both port 80 and 443 to the IP where Nginx is running.

How do I troubleshoot this issue from here? Thanks in advance!

belastingvormulier · April 1, 2025, 1:44pm

Can you post your NGINX config in a code block ?

StimpyMGS · April 1, 2025, 5:55pm

edit: When I disable “force SSL”, it works! I do want a secure connection of course, so this is not really a solution…

configuration.yaml:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.104 # IP of Nginx LXC container
#  ip_ban_enabled: true
#  login_attempts_threshold: 5
  
homeassistant:
  external_url: https://www.mydomain.nl
  internal_url: http://192.168.1.131:8123

I have changed the domain name in this code for privacy reasons. Other than that, here’s the content of the Nginx conf file
I also double checked that the certificate files are in the specified location.

# ------------------------------------------------------------
# www.mydomain.nl
# ------------------------------------------------------------



map $scheme $hsts_header {
    https   "max-age=63072000; preload";
}

server {
  set $forward_scheme http;
  set $server         "192.168.1.131";
  set $port           8123;

  listen 80;
listen [::]:80;

listen 443 ssl;
listen [::]:443 ssl;


  server_name www.mydomain.nl;
http2 off;


  # Custom SSL
  ssl_certificate /data/custom_ssl/npm-16/fullchain.pem;
  ssl_certificate_key /data/custom_ssl/npm-16/privkey.pem;






  # Block Exploits
  include /etc/nginx/conf.d/include/block-exploits.conf;







    # Force SSL
    include /etc/nginx/conf.d/include/force-ssl.conf;




proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;


  access_log /data/logs/proxy-host-3_access.log proxy;
  error_log /data/logs/proxy-host-3_error.log warn;







  location / {









    
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;
    

    # Proxy!
    include /etc/nginx/conf.d/include/proxy.conf;
  }


  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

belastingvormulier · April 2, 2025, 5:47am

OK, but then what is in:
include /etc/nginx/conf.d/include/force-ssl.conf; ?