[Resolved] Access HA via custom local domain

fruitwerks · April 18, 2024, 5:25pm

Hello all. I have HA running in a QEMU/KVM instance. I can access it by IP. I have jumped through hoops trying to figure out why I can’t use a hostname. I’ll paste my nginx config block for this site and the domain is valid, I have many things configured in a similar fashion and they all work flawlessly. There is nothing different about HA that I am aware of.

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    server_name good.domain;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    server_name good.domain;

    listen 443 ssl; 
    ssl_certificate /etc/letsencrypt/live/good.domain/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/good.domain/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 

    location / {
        proxy_pass http://192.168.0.174:8123;
        proxy_set_header Host $host;
        proxy_redirect http:// https://;
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # WebSocket support
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

I see some similar topics but those appear to be segmented lans and wifi issues. When I do a request in the browser, it says it can’t connect.Nothing is logged in nginx, the domain does resolve to the nginx host. I can connect via IP all day long. Any suggestions are appreciated. Thanks!

darranwest · April 18, 2024, 5:50pm

I’m assuming you’ve using Nginx as a proxy. If so, have you added the following code to you configuration.yaml?

http:
  use_X_forwarded_for: true
  trusted_proxies:
    - xxx.xxx.xxx.xxx

This will allow access from your reverse proxy. Just change xxx.xxx.xxx.xxx for the IP of your proxy.

fruitwerks · April 18, 2024, 6:01pm

Yes, this is set. I do see a commented base_url definition that does mention a domain though. I don’t think this is the issue though. Even if I try with curl via domain it is refused instantly. Oddly, nothing is logged in nginx. I can get a response with curl via IP. I feel like I need to investigate with wireshark at this point.

ddaniel · April 18, 2024, 6:06pm

You have to resolve somehow your domain to your local ip. You can use a local dns like adguard for resolving your domain to point it back to your ip address. Feel free to use any other option.

fruitwerks · April 18, 2024, 6:27pm

Yes yes. I have BIND running and the domain does resolve to the nginx host. I have other internal only subdomains and they work great.

ddaniel · April 18, 2024, 6:45pm

ok, but the problem might be then in your router. I think that you will have to point your router dns to point to your ip host running dns server to resolve your local domain.
At least this is how I set things up. I use adguard for dns resolving including my local domain.
But maybe this is not necessary for all setups, but there are a lot different setups you can do.

fruitwerks · April 18, 2024, 6:52pm

Thanks all for the tips so far.

I just did some testing with wireshark. For whatever reason the multiple browsers and machines I tried this on instantly refuses the connection and doesn’t log any traffic. When I try to access my other proxy hosts that are on this same target machine, tons of logs and they work. This does not explain what is happening, but does validate the lack of any logging on the nginx side.

Sidenote, all of my LAN and WiFi traffic is on the same subnet and the only shaping/filtering/firewall stuff happens at the edge router. These requests are all internal, thus not subject to any routing.

This does not appear to be a direct issue with HA itself. I’ll have to brainstorm for a bit.

ddaniel · April 18, 2024, 6:57pm

Then you misconfigured something on the host you are trying to access. Or just a firewall is blocking access to this host.

fruitwerks · April 18, 2024, 8:57pm

After fully restarting my DNS (even though DNS was resolving properly, no clue what the browsers were pulling), and restarting HA it worked… kinda

I did have to increase the nginx workers to 2048 from 1024. This will be different for everyone depending on your other deployments and workloads.

Thanks again for the ideas and comments.