Nginx / Unraid / Home Assistant

SeveredDime · June 29, 2018, 5:08pm

So I managed to get Home Assistant running as root with the following code borrowed from here:

But had to change this:

ssl_dhparam /config/nginx/dhparams.pem;

add_header Strict-Transport-Security “max-age=31536000; includeSubdomains”;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers <‘Ciphers’>
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

To This"

ssl_dhparam /config/nginx/dhparams.pem; # Bit value: 4096
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;

upstream backend {
server 192.168.0.111:19999;
keepalive 64;
}

map $http_upgrade $connection_upgrade {
default upgrade;
’’ close;
}

server {

listen 443 ssl default_server;
root /config/www;
index index.html index.htm index.php;

server_name www.duckdns.org;

ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;

add_header Strict-Transport-Security “max-age=31536000; includeSubdomains”;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers <‘Ciphers’>
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

proxy_buffering off;

client_max_body_size 0;

location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

Fix the “It appears that your reverse proxy set up is broken" error.

proxy_pass http://192.168.0.111:8123;
proxy_read_timeout 90;

proxy_redirect http://192.168.0.111:8123 https://hass.duckdns.org;
}

location /sonarr {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.0.111:8989;
}

location /radarr {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.0.111:7878;
}

location /ombi {
include /config/nginx/proxy.conf;
proxy_pass http://192.168.0.111:3579/ombi;
}
}

I don’t really want to run Hass at root but as a subdomain but at least this is a step in the right direction.