Notifications with attachments not working over SSL?

Kalquaro · October 9, 2023, 2:27pm

Good morning,

Here’s my goal: I want to get push notifications when a person is detected by my reolink camera at the front door, with a snapshot of the camera displayed in the notification, when my home assistant companion app is connected over SSL to my home assistant instance.

This works absolutely fine when my companion app is connected directly to my home assistant instance, without SSL.

When connected through the reverse proxy at https://ha.mydomain.com, I get the notification but the attachment doesn’t come through.

nginx is a new addition to my homelab. Prior to that, SSL was configured directly on home assistant, and I had intermittent issues with attachments. Sometimes they would come through, sometimes they wouldn’t. The notification itself would always come through.

I looked into the logs and searched for the name of my automation but nothing related would come up. Not sure what I should be looking for.

My setup:

I have 2 RPI 4. One is running my home assistant instance and the other one is running nginx with a reverse proxy to ha.mydomain.com, where SSL is enabled. Here’s my nginx config file:

server {
        listen 80;
        server_name ha.mydomain.com;
        return 301 https://$host$request_uri;
}

server {
        listen 443 ssl;
        server_name ha.mydomain.com;
        ssl_certificate /etc/ssl/mydomain.crt;
        ssl_certificate_key /etc/ssl/mydomain.key;

        location / {
                proxy_pass http://ip.home.assistant.instance:8123;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header X-Forwarded-Host $host;
        }
}

Here’s the automation that detects someone at the front door and sends the notification with an attachment:

alias: Notification - Front Porch - Human Detection
description: Sends notification to my phone if someone is detected at the door
trigger:
  - type: turned_on
    platform: device
    device_id: 092524197ea1fcdbc21a116f6cf7886d
    entity_id: 99abd7ebd2ee2ddeea766132c19e732b
    domain: binary_sensor
condition: []
action:
  - service: camera.snapshot
    data:
      filename: /config/www/snapshot.jpg
    target:
      device_id: 092524197ea1fcdbc21a116f6cf7886d
  - service: notify.mobile_app_pixel_7_pro
    data:
      message: Someone is at the door
      title: Ding Dong!
      data:
        image: /local/snapshot.jpg
mode: single

tom_l · October 9, 2023, 3:31pm

Try replacing your link with:

image: https://ha.mydomain.com/local/snapshot.jpg

Be aware that while people can’t search or list the contents of https://ha.mydomain.com/local/ they can guess file names. It would be better to use a random name for your file if you want some semblance of privacy. e.g. ghtwkyzbmos66s22kUDB3566.jpg is a lot harder to guess than “snapshot.jpg”.

Kalquaro · October 9, 2023, 3:45pm

That’s a great idea, I didn’t think about that. I’ll give it a try.

Good point on the naming of the snapshot file. My home assistant instance is not exposed to the internet so I’m not overly worried about this at the moment.

tom_l · October 9, 2023, 3:53pm

If you cant reach https://ha.mydomain.com/ from the internet you are not going to be able to see the file.

Kalquaro · October 9, 2023, 3:57pm

I still can because I have a zone for my domain name in my local DNS server. When I’m away from home my phone automatically connects to my VPN, so it should be ok.