Reverse SSL proxy issues

Hello everyone.

I’ve only been using Home Assistant for a week or so… but using Hassio and the awesome info on this site, I’ve managed to get 12 lights or light switches setup from Philips Hue, TP-link and Sonoff and it’s all great. (got a Harmony on it’s way too and also have a Broadlink IR blaster and a Sonoff SC to figure out yet.)

Then I thought I’d best put it behind a reverse SSL proxy so I can move to the next level.

Hassio is currently running fine from a Pi2 (later on I’ll put it on my KVM hypervisor as it does arm emulation too) but for now it’s fine on the Pi. For the reverse proxy I am running the official Nginx image in a docker container on the KVM hypervisor… it works fine for the rest for my web stuff. I already had a SSL cert setup in apache for my webmail so I just moved the cert to the Nginx reverse proxy and had it proxy for the webmail too which is also working fine.

My problem is that the SSL proxy is working for the standard HTTP stuff, but not for the web socket.
As a result I’m getting the “Home Assistant had trouble connecting to the server.” message. No useful error in Nginx log which is set to debug level.

My plan was to have urls with /homeass/ in them redirect to the internal address/port of the Pi. home assistant.

So did the following:
In configuration.yaml:
use_x_forwarded_for: True

Check returns no errors.

In nginx /conf.d/ssl.conf (I’ve mounted local volumes for conf, log and localtime so the docker container can be easily configured and logging easily accessible and time synchronized with the host.)

location /homeass/ {
proxy_set_header Host $host;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

The reverse SSL is working and chrome is all green for the cert and looking at the cert details all checks out… but no web socket. The Upgrade and Connection headers are supposed to be for the web socket and after my initial setup didn’t work I swapped to one from the forum (the one above), but it wasn’t any better. So I have no useful feedback from nginx to tell me why it can’t find the web socket… a reverse proxy means that document root isn’t relevant and the config looks right and everything bar web socket connection is working so I’m at a bit of a loss as to what is going on. (I’m a linux admin so not the first time i’have run SSL proxies with Nginx/Tengine.)

Would love to hear any suggestions you good folks might have as it might save me hours of trying stuff till it works. (Hassio just updated home assistant with the .2 update so it’s as up to date as I can make it.)

kindest regards


Just to let you know. I actually got this working kind of using nginx sub_filter and mapping the various json/js/image types to their new paths… it worked well in firefox but weirdly not always in chrome.

Then I remembered that there are two ports assigned to HTTPS and I was only using one of them… 443. (8443 is also HTTPS) so I port forwarded 8443 to nginx and setup a new nginx server block listening on 8443 and had it proxy to hassio/home assistant… so now I have https;// and that works perfectly… port 443 points to nginx which proxies to the old apache server… completely reliable and no hackery getting it to work.