Reverse proxy NGINX .... Unable to connect to Home Assistant

dony1971 · September 28, 2018, 2:48am

Using home-assistant v.0.78.3
I follow this docs below, but cannot connect to home-assistant

It’s working fine if setup home-assistant port to 443 and without nginx but using port forwarding on the router.

nginx error.log

2018/09/27 19:03:40 [error] 11989#0: *28 upstream prematurely closed connection while reading response header from upstream, client: 207.123.57.123, server: EXAMPLE.duckdns.org, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8123/", host: "EXAMPLE.duckdns.org"
2018/09/27 19:03:42 [error] 11989#0: *32 upstream prematurely closed connection while reading response header from upstream, client: xxx.123.57.123, server: EXAMPLE.duckdns.org, request: "GET /service_worker_es5.js HTTP/1.1", upstream: "http://127.0.0.1:8123/service_worker_es5.js", host: "EXAMPLE.duckdns.org", referrer: "https://EXAMPLE.duckdns.org/service_worker_es5.js"
2018/09/27 19:03:43 [error] 11989#0: *32 upstream prematurely closed connection while reading response header from upstream, client: 207.123.57.123, server: EXAMPLE.duckdns.org, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8123/", host: "EXAMPLE.duckdns.org", referrer: "https://EXAMPLE.duckdns.org/"
2018/09/27 19:03:45 [error] 11989#0: *32 upstream prematurely closed connection while reading response header from upstream, client: 207.123.57.123, server: EXAMPLE.duckdns.org, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8123/", host: "EXAMPLE.duckdns.org", referrer: "https://EXAMPLE.duckdns.org/"

home-assistant configuration.yaml

# home-assistant http frontend
http:
  # Uncomment this to add a password (recommended!)
  # server_host: 128.168.1.40
   ssl_certificate: /etc/letsencrypt/live/EXAMPLE.duckdns.org/fullchain.pem
   ssl_key: /etc/letsencrypt/live/EXAMPLE.duckdns.org/privkey.pem
#   base_url: some.random.url
   server_port: 8123
   #server_port: 443
   trusted_networks:
     - 127.0.0.1
     - 128.168.1.0/24
     - 128.168.2.0/24
#   trusted_proxies:
#     - 127.0.0.1
#     - 128.168.1.40
#   use_x_forwarded_for: true

dony1971 · September 28, 2018, 3:07am

if using home-assistant ios app, error message
“502 Bad Gateway”
what could be wrong?

flamingm0e · September 28, 2018, 3:10am

Why are you doing any SSL in HA? Let NGINX handle the SSL.

Seems like you are trying to use the reverse proxy AND your duckdns and sending your ‘upstream’ to the DUCKDNS URL?

I’m confused.

get rid of the SSL stuff inside HA, put your certs on NGINX, set your upstream in your NGINX to be the INTERNAL IP of your HA

dony1971 · September 28, 2018, 3:17am

ahhh … foolish of me
it’s working now
thanks for help

flamingm0e · September 28, 2018, 3:19am

UH. You need to remove your duckdns address and fix your config

Are you in your office right now?

flamingm0e · September 28, 2018, 3:21am

image1688×773 72.8 KB

DavidFW1960 · September 28, 2018, 3:36am

Sounds like a horn alarm might be fun…

flamingm0e · September 28, 2018, 3:37am

I don’t want to wake the kids.

I have private messaged him with some valuable info that I have regarding his configuration.

flamingm0e · September 28, 2018, 3:44am

FYI: Your “internal IP addresses” are not internal. Those are publicly routeable IP addresses owned by someone else. Your network is all sorts of broken.