NGINX Subdomains in the Hassio addon

Looking at the config options for this addon it seems subdomains should be supported via the customize variable, but I don’t see any examples of what to put in those files.

I’ve tried many variations so far in the /share/nginx_proxy_default*.conf and /share/nginx_proxy/*.conf files.
I get various error messages from 502 bad gateway, unauthorized, 404, and the most common, chrome’s generic domain server could not be found

  "customize": {
    "active": true,
    "default": "nginx_proxy_default*.conf",
    "servers": "nginx_proxy/*.conf"
  }

one of my recent attempts via the *.conf file:

server {
	listen [::]:443 ssl;
	server_name motion.hass.tld;
	
	location / {
		proxy_pass http://192.168.x.x:8765;
	}
}

If you have a working subdomain through the hassio addon or know someone who does, I’d love to see it.

I’m in the same boat. Documentation is really poor. Is anyone actually using this add-on?

Couldn’t make it work, though I found another nginx proxy addon that did


paired with his other addon certbot:

with these two together, I was able to get working subdomains

1 Like

you mind sharing the details of your configuration? Thanks in advance…

I’m using the NGINX addon atm (seems nice that it’s ‘official’), however only as a simple SSL encryption with instructions from this page https://help.konnected.io/support/solutions/articles/32000023964-set-up-hass-io-with-secure-remote-access-using-duckdns-and-nginx-proxy

I’d love to be able to do subdomain routing and even sub-subdomains

@2carlos & @bestlibre, I’m able to get the NGINX addon working and can confirm that it routes my subdomains on port 80 correctly to the below duckdns subdomains, but I can’t get the Certbot addon working to get SSL going. What am I doing wrong???

My Hassio Certbot config is as below:

{
  "debug": false,
  "email": "[email protected]",
  "certificats": [
    {
      "name": "hass",
      "domains": "vm-XXX.duckdns.org,XXX.duckdns.org,bi-XXX.duckdns.org"
    }
  ],
  "ssl_only": false
}

Certbot Addon Log:

starting version 3.2.2
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vm-XXX.duckdns.org
http-01 challenge for XXX.duckdns.org
http-01 challenge for bi-XXX.duckdns.org
Using the webroot path /ssl/wk for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. bi-XXX.duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://bi-XXX.duckdns.org/.well-known/acme-challenge/Hh_4iB8Bwc2fvco2P8jNRSitUUCDDo1t6ZfZ1vnN4UU: Error getting validation data, XXX.duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://XXX.duckdns.org/.well-known/acme-challenge/l93aleOZrpn5_AxnnDf4KZy0XviYjrcr7KeCAOazFo8: Error getting validation data
IMPORTANT NOTES:
 - The following errors were reported by the server:
   Domain: bi-XXX.duckdns.org
   Type:   connection
   Detail: Fetching
   http://bi-XXX.duckdns.org/.well-known/acme-challenge/Hh_4iB8Bwc2fvco2P8jNRSitUUCDDo1t6ZfZ1vnN4UU:
   Error getting validation data
   Domain: XXX.duckdns.org
   Type:   connection
   Detail: Fetching
   http://XXX.duckdns.org/.well-known/acme-challenge/l93aleOZrpn5_AxnnDf4KZy0XviYjrcr7KeCAOazFo8:
   Error getting validation data
   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

Hi
Same problem here, did you find a solution?

hmm, Did you make sure to disable NGINX addon while you’re running the certbot addon? On my machine they’re both grabbing port 80, so I have to make sure NGINX is stopped before running certbot

I did find a solution in the “caddy Web service” addon. I detail the steps I used to resolve it in walkthrough section #3 here My migration to improve Hassio performance and increase security

Let me know if it works for you.

Mind sharing how did you configure nginx? I wanna give it a try, I tried caddy and no luck for me. NGINX seems to be working fine however I can get it to work with subdomains.
The official NGINX addon uses the /share/ nginx_proxy folder, there I should just drop the .config files for each subdomain, is that correct?

Just move to this addon, so much easier.

2 Likes

Just did! That add on is fresh from the oven!

1 Like

Could you provide some insight into how a network novcie would employ this add-on to help secure their http:// domain?

Notice below how there’s only one path from the internet into the network of servers. That’s one way a reverse proxy helps. NGINX has additional options to increase security behind the scenes. it’s also nice for convenience as you can map subdomains such as:

mqtt.mydomain.com
nodered.mydomain.com
ha.mydomain.com
synology.mydomain.com

and have those forwarded to the different services on your local network.

I switched to Frencks add on to try it out. much easier to configure and you only have one addon installed instead of two

1 Like

Will Frencks add-on cover origin servers outside of HassOS like an NVR?

Yes. And super intuitive interface, I also feel Frenck’s addon is much quicker too.

Thank you. I’ve got my HA instance running in containers under docker. Will that pose a problem?

No not at all. You could have a host anywhere on your network listening on a port and it will work.

OK. I’ll give it a try.

How did you configure the add-on as a trusted proxy so you could login using trusted networks?

Added use_x_forwarded_for: true and trusted_proxies: to http: and changed my base url in configuration.yaml.

Unfortunately, I can’t connect to the duckdns domain outside of my network. Anyone had this happen?

Dear
Did u make nvr work with nginx?