NGINX Subdomains in the Hassio addon

2carlos · November 15, 2018, 6:11am

Looking at the config options for this addon it seems subdomains should be supported via the customize variable, but I don’t see any examples of what to put in those files.

I’ve tried many variations so far in the /share/nginx_proxy_default*.conf and /share/nginx_proxy/*.conf files.
I get various error messages from 502 bad gateway, unauthorized, 404, and the most common, chrome’s generic domain server could not be found

  "customize": {
    "active": true,
    "default": "nginx_proxy_default*.conf",
    "servers": "nginx_proxy/*.conf"
  }

one of my recent attempts via the *.conf file:

server {
	listen [::]:443 ssl;
	server_name motion.hass.tld;
	
	location / {
		proxy_pass http://192.168.x.x:8765;
	}
}

If you have a working subdomain through the hassio addon or know someone who does, I’d love to see it.

Madelinot · December 17, 2018, 12:25pm

I’m in the same boat. Documentation is really poor. Is anyone actually using this add-on?

2carlos · December 17, 2018, 3:45pm

Couldn’t make it work, though I found another nginx proxy addon that did

paired with his other addon certbot:

with these two together, I was able to get working subdomains

sebdoan · January 6, 2019, 12:28pm

you mind sharing the details of your configuration? Thanks in advance…

I’m using the NGINX addon atm (seems nice that it’s ‘official’), however only as a simple SSL encryption with instructions from this page https://help.konnected.io/support/solutions/articles/32000023964-set-up-hass-io-with-secure-remote-access-using-duckdns-and-nginx-proxy

I’d love to be able to do subdomain routing and even sub-subdomains

sebdoan · January 7, 2019, 11:09am

@2carlos & @bestlibre, I’m able to get the NGINX addon working and can confirm that it routes my subdomains on port 80 correctly to the below duckdns subdomains, but I can’t get the Certbot addon working to get SSL going. What am I doing wrong???

My Hassio Certbot config is as below:

{
  "debug": false,
  "email": "[email protected]",
  "certificats": [
    {
      "name": "hass",
      "domains": "vm-XXX.duckdns.org,XXX.duckdns.org,bi-XXX.duckdns.org"
    }
  ],
  "ssl_only": false
}

Certbot Addon Log:

starting version 3.2.2
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vm-XXX.duckdns.org
http-01 challenge for XXX.duckdns.org
http-01 challenge for bi-XXX.duckdns.org
Using the webroot path /ssl/wk for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. bi-XXX.duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://bi-XXX.duckdns.org/.well-known/acme-challenge/Hh_4iB8Bwc2fvco2P8jNRSitUUCDDo1t6ZfZ1vnN4UU: Error getting validation data, XXX.duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://XXX.duckdns.org/.well-known/acme-challenge/l93aleOZrpn5_AxnnDf4KZy0XviYjrcr7KeCAOazFo8: Error getting validation data
IMPORTANT NOTES:
 - The following errors were reported by the server:
   Domain: bi-XXX.duckdns.org
   Type:   connection
   Detail: Fetching
   http://bi-XXX.duckdns.org/.well-known/acme-challenge/Hh_4iB8Bwc2fvco2P8jNRSitUUCDDo1t6ZfZ1vnN4UU:
   Error getting validation data
   Domain: XXX.duckdns.org
   Type:   connection
   Detail: Fetching
   http://XXX.duckdns.org/.well-known/acme-challenge/l93aleOZrpn5_AxnnDf4KZy0XviYjrcr7KeCAOazFo8:
   Error getting validation data
   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

Sebastien_Couture · February 16, 2019, 8:38pm

Hi
Same problem here, did you find a solution?

2carlos · February 22, 2019, 10:15pm

hmm, Did you make sure to disable NGINX addon while you’re running the certbot addon? On my machine they’re both grabbing port 80, so I have to make sure NGINX is stopped before running certbot

sebdoan · February 23, 2019, 7:33pm

I did find a solution in the “caddy Web service” addon. I detail the steps I used to resolve it in walkthrough section #3 here My migration to improve Hassio performance and increase security

Let me know if it works for you.

gurbina93 · April 18, 2019, 9:02am

Mind sharing how did you configure nginx? I wanna give it a try, I tried caddy and no luck for me. NGINX seems to be working fine however I can get it to work with subdomains.
The official NGINX addon uses the /share/ nginx_proxy folder, there I should just drop the .config files for each subdomain, is that correct?

talondnb · April 18, 2019, 12:50pm

Just move to this addon, so much easier.

gurbina93 · April 18, 2019, 12:52pm

Just did! That add on is fresh from the oven!

GaryK · April 18, 2019, 1:51pm

Could you provide some insight into how a network novcie would employ this add-on to help secure their http:// domain?

2carlos · April 18, 2019, 10:27pm

Notice below how there’s only one path from the internet into the network of servers. That’s one way a reverse proxy helps. NGINX has additional options to increase security behind the scenes. it’s also nice for convenience as you can map subdomains such as:

mqtt.mydomain.com
nodered.mydomain.com
ha.mydomain.com
synology.mydomain.com

and have those forwarded to the different services on your local network.

I switched to Frencks add on to try it out. much easier to configure and you only have one addon installed instead of two

GaryK · April 18, 2019, 11:08pm

Will Frencks add-on cover origin servers outside of HassOS like an NVR?

talondnb · April 18, 2019, 11:22pm

Yes. And super intuitive interface, I also feel Frenck’s addon is much quicker too.

GaryK · April 18, 2019, 11:32pm

Thank you. I’ve got my HA instance running in containers under docker. Will that pose a problem?

talondnb · April 18, 2019, 11:59pm

No not at all. You could have a host anywhere on your network listening on a port and it will work.

GaryK · April 19, 2019, 12:00am

OK. I’ll give it a try.

GaryK · April 19, 2019, 1:01pm

How did you configure the add-on as a trusted proxy so you could login using trusted networks?

Added use_x_forwarded_for: true and trusted_proxies: to http: and changed my base url in configuration.yaml.

Unfortunately, I can’t connect to the duckdns domain outside of my network. Anyone had this happen?

kirpat · June 20, 2019, 4:13pm

Dear
Did u make nvr work with nginx?