Redirect New Home assistant supervised with existing reverse proxy nginx on same Debian

Hello, Bonjour !
Prerequisites
I just installed HA supervised on and existing VM with Debian 12.

On this Debian, i already have a reverse proxy nginx (and some services: wordpress, domoticz, a small java app)
I don’t want to buy an other device and i don’t have enough memory to create an other vm on my server. (it’s an old server i can’t add more)

I can access webUI using 192.168.1.10:8123
now i want to reach through ha . mydomain . com

I add the nginx configuration founded here:

My issue
but I have this error when i execute this command after restarting nginx:
sudo journalctl -xeu nginx.service

févr. 21 18:39:48 debian nginx[9933]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
févr. 21 18:39:48 debian nginx[9933]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
févr. 21 18:39:48 debian nginx[9933]: nginx: [emerg] still could not bind()

It seems that a docker container created by HA is using port 80 and 443:
(here nginx is not lauched cause i can’t)

 ~ % sudo netstat -ltnp | grep -w ':80'
 ~ % sudo netstat -ltnp | grep -w ':443'
 ~ % sudo lsof -i :80                   
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
python3 8891 root   27u  IPv4 175764      0t0  TCP debian:43306->172.30.32.2:http (ESTABLISHED)
python3 8891 root   31u  IPv4 175765      0t0  TCP debian:43308->172.30.32.2:http (ESTABLISHED)
python3 8891 root   34u  IPv4 161515      0t0  TCP debian:54886->172.30.32.2:http (ESTABLISHED)
 ~ % sudo lsof -i :443
 ~ %

I don’t really understand why HA is using port both: 8123, 80, 443.

Here all port used : (nginx is not lauched)

 % sudo netstat -tlnp
Connexions Internet actives (seulement serveurs)
Proto Recv-Q Send-Q Adresse locale          Adresse distante        Etat        PID/Program name    
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      508/systemd-resolve 
tcp        0      0 0.0.0.0:1883            0.0.0.0:*               LISTEN      628/mosquitto       
tcp        0      0 0.0.0.0:4357            0.0.0.0:*               LISTEN      1526/docker-proxy   
tcp        0      0 172.30.32.1:65455       0.0.0.0:*               LISTEN      3748/nginx: master  
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      652/sshd: /usr/sbin 
tcp        0      0 192.168.1.10:40000      0.0.0.0:*               LISTEN      8891/python3        
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/init              
tcp        0      0 127.0.0.1:65455         0.0.0.0:*               LISTEN      3748/nginx: master  
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      753/mariadbd        
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1224/exim4          
tcp        0      0 0.0.0.0:8123            0.0.0.0:*               LISTEN      8891/python3        
tcp6       0      0 :::5355                 :::*                    LISTEN      508/systemd-resolve 
tcp6       0      0 ::1:25                  :::*                    LISTEN      1224/exim4          
tcp6       0      0 :::4357                 :::*                    LISTEN      1533/docker-proxy   
tcp6       0      0 :::22                   :::*                    LISTEN      652/sshd: /usr/sbin 
tcp6       0      0 :::111                  :::*                    LISTEN      1/init              
tcp6       0      0 :::8123                 :::*                    LISTEN      8891/python3        
tcp6       0      0 fe80::58c9:4eff:f:40000 :::*                    LISTEN      8891/python3

Here my ha.conf for nginx:

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    server_name ha.mydomain.com;

    listen [::]:80 default_server ipv6only=off;
    return 301 https://$host$request_uri;
}

server {
    server_name ha.mydomain.com;

    ssl_certificate /etc/letsencrypt/live/ha.mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ha.mydomain.com/privkey.pem;

    ssl_dhparam /etc/nginx/ssl/dhparams.pem;

    listen [::]:443 ssl default_server ipv6only=off; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    ssl_protocols TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    proxy_buffering off;

    location / {
        proxy_pass http://127.0.0.1:8123;
        proxy_set_header Host $host;
        proxy_redirect http:// https://;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}

 % sudo docker ps
CONTAINER ID   IMAGE                                                      COMMAND               CREATED        STATUS                 PORTS                                   NAMES
81e31e627c4c   ghcr.io/hassio-addons/vscode/amd64:5.15.0                  "/init"               5 hours ago    Up 5 hours (healthy)                                           addon_a0d7b954_vscode
999bb2579796   ghcr.io/esphome/esphome-hassio:2024.2.0                    "/init"               6 hours ago    Up 6 hours                                                     addon_5c53de3b_esphome
2de3674ed3f8   ghcr.io/home-assistant/amd64-hassio-multicast:2023.06.2    "/init"               6 hours ago    Up 6 hours                                                     hassio_multicast
0a79e38f66d2   ghcr.io/home-assistant/amd64-hassio-audio:2023.12.0        "/init"               6 hours ago    Up 6 hours                                                     hassio_audio
4ab032e941f7   ghcr.io/home-assistant/amd64-hassio-dns:2023.06.2          "/init"               6 hours ago    Up 6 hours                                                     hassio_dns
7dbd09d83d34   ghcr.io/home-assistant/amd64-hassio-cli:2023.11.0          "/init"               6 hours ago    Up 6 hours                                                     hassio_cli
121f55f4aa14   ghcr.io/home-assistant/amd64-hassio-supervisor:latest      "/init"               12 hours ago   Up 6 hours                                                     hassio_supervisor
d5792425ab29   ghcr.io/home-assistant/qemux86-64-homeassistant:2024.2.2   "/init"               23 hours ago   Up 5 hours                                                     homeassistant
3e2fee09dbdc   ghcr.io/home-assistant/amd64-hassio-observer:2023.06.0     "/usr/bin/observer"   23 hours ago   Up 6 hours             0.0.0.0:4357->80/tcp, :::4357->80/tcp   hassio_observer

What is hassio_observer ? I think that this is the one who don’t allow nginx to start cause it use port 80

Do you have an idea / explainations / links ?

Thanks !

HA is probably not using port 80 explicitly, but it is running in host mode, which might conflict with your other containers and NGinX.

Yes. What is hassio_observer ? I think that this is the one who don’t allow nginx to start cause it use port 80

The memory use of using Home Assistant OS and the memory use of using Home Assistant Supervised on a different host will be nearly the same.

You don’t tell us what your hypervisor is, but the overhead memory of a VM is fairly small, and with ballooning, you should easily be able to oversubscribe your host.

I’d suggest that creating a separate VM will be a much better experience for you, without significant performance impact.

I’m using HP proliant ML110 G7 with 16Go of RAM running with ProxMox.
I have 2 VM: Debian 12 with 8Go and TrueNas with 8Go (which is the very minimum with ZFS)

Thank you !
I install HAOS on a third VM on ProxMox. I have 16Go of ram and 3 VM using 20Go of RAM and no issues. I forget this was possible.
It’s not the solution but a better workaround !
i used this tutorial:

Or just check the forums

Yes, and it’s more universal in english !