Ngnix reverse proxy: terminal and file editor don't display, "refused to connect"

Third party integrations
1

Hey folks,

I have home assistant running in a virtual machine and everything works via http://10.10.1.98:8123 . Everything.

I have an nginx reverse proxy setup and most of Home Assistant works. The File Editor and Terminal & SSH addons do not. They work just fine when I access via http://10.10.1.98:8123, but not when I access through my hostname / reverse proxy. I get “ha.<my_domain>.com refused to connect”:

Here’s what I get when I go to Terminal

image
image1196×789 33.3 KB

and here’s File Editor:

image
image1196×789 34.2 KB

When accessing without the reverse proxy, these addons work fine. Example Terminal:

image
image1282×768 82 KB

The output of the terminal hints to me that maybe Home Assistant thinks its URL is “homeassistant.local:8123” but I’m not sure how to change this. In Home Assistant > Settings > System > Network I have the URL set to my domain:

image
image1135×1062 76.5 KB

Does anyone have any suggestions for me? Here is my nginx config:

server {
  listen 80;
  server_name ha.mydomain.com;
  return 301 https://ha.mydomain.com$request_uri;
}

upstream homeassistant {
  server 10.10.1.98:8123;
  keepalive 8;
  keepalive_timeout 300;
}

server {
  server_name ha.mydomain.com;
  include /etc/nginx/snippets/mydomain_ssl.conf;

  error_log /var/log/nginx/ha.mydomain.com-error.log;
  access_log /var/log/nginx/ha.mydomain.com-access.log;

  proxy_buffering off;

  location / {
    proxy_pass     http://homeassistant;
    proxy_set_header Host $host;
    proxy_redirect http:// https://;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
  }
}

I’ve subbed “mydomain” for my actual top-level domain. I host a number of subdomains behind a wildcard certificate, and they all use the same ssl config. The contents of the mydomain_ssl.conf is this:

listen 443 ssl;
http2 on;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ecdh_curve secp384r1;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; ";
add_header X-Frame-Options "DENY";

Thanks in advance!

2

I figured it out! By happenstance I restarted my machine and the Brave browser used a ton of CPU for reasons I couldn’t fathom. So I rage quit it and started Firefox, and the message Firefox displayed was that Firefox wasn’t allowed to display the page in a frame … that I had to open it in a new window instead.

Well, that behavior is X-Frame-Options "DENY" header! I removed that from my config and BOOM, File manager and Terminal rendered correctly.