Reverse SSL proxy with Apache: Works on mobile but not desktop

Hi

I’ve been using Home Assistant for a while now and it’s working well - an awesome piece of software!

I decided to configure Home Assistant to be externally visible on the web using Apache to handle the incoming HTTPS requests. I was following instructions on https://home-assistant.io/docs/ecosystem/apache/ as best I could, and I got it to work - on Chrome on my phone. However, the exact same URL from Chrome or Safari on my desktop gets a HTTP 500 error.

<Note, since I am a new user here, I can only post two links, so I need to redact the http links in the configuration below. I will use http_redacted as the pseudo protocol to appease the spamchecker bots>

My config is:

  • Raspberry Pi 3 on most recent updated Raspbian Stretch
  • Standard install of Home Assistant in a virtual Python environment
  • My network NAT gateway forwards ports 80 and 443 to the Raspberry Pi running Home Assistant. The server is accessible from outside the LAN
  • Raspbian Apache2 installed. Two virtual sites:
    • *:80, which redirects to *:443, and

    • *:433 which is a SSL proxy termination which redirects and rewrites to *:8123 (Home Assistant) using this config:

      <VirtualHost *:443\>
      ServerName redacted
      ServerAdmin redacted
      
      SSLEngine on
      SSLCertificateFile /etc/letsencrypt/live/gateway.zzzz.net/fullchain.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/gateway.zzzz.net/privkey.pem
      ProxyPreserveHost On
      ProxyRequests off
      ProxyPass / http_redacted://localhost:8123/
      ProxyPassReverse / http_redacted://localhost:8123/
      ProxyPass /api/websocket ws://localhost:8123/api/websocket
      ProxyPassReverse /api/websocket ws://localhost:8123/api/websocket
      
      RewriteEngine on
      RewriteCond %{HTTP:Upgrade} =websocket [NC]
      RewriteRule /(.*)  ws://localhost:8123/$1 [P,L]
      RewriteCond %{HTTP:Upgrade} !=websocket [NC]
      RewriteRule /(.*)  http_redacted://localhost:8123/$1 [P,L]
      </VirtualHost>
      

Here’s what I know:

  • I have a fully working Home Assistant accessible in my LAN on port 8123 - accessible both by phone and desktop browsers

  • I can access Home Assistant on port 443 from my Android phone from both inside and outside my LAN

  • When I access from my desktop browser, the browser successfully handshakes TLS, but Apache returns an HTTP 500 error:

    Internal Server Error
    The server encountered an internal error or misconfiguration and was unable to complete your request.
    
    Please contact the server administrator at *redacted email* to inform them of the time this error occurred, and the actions you performed just before this error.
    
    More information about this error may be available in the server error log.
    
    Apache/2.4.25 (Raspbian) Server at *redacted server name* Port 443
    

In my error file I see these these errors when I access from the desktop browser:

gateway.zzzz.net:443 aa.bb.cc.dd - - [18/Feb/2018:16:56:16 +0100] "GET /states HTTP/1.1" 500 4040 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36"
gateway.zzzz.net:443 aa.bb.cc.dd - - [18/Feb/2018:16:56:16 +0100] "GET /favicon.ico HTTP/1.1" 500 4040 "*redacted server name*/states" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36"
  • I do not see any errors in the Home Assistant log. In particular, there are no instances of INFO:homeassistant.components.http:Serving for these HTTP 500 errors, whereas I see them from my phone and from local access on port 8123.

Has anyone seen this kind of issue before? Does anyone know what I’ve done wrong? Is there any other debug information I can grab?

Seeing as you are able to succesfully connect from a phone outside of your LAN, I don’t think it is a configuration problem. Have you tried clearing your cache on the desktop PC? ( or CTRL + F5 on the homeassistant page)

Thank you for the suggestion. I have tried clearing the cache as you suggest, but problem remains.

I am 100% sure it’s a web server/Home Assistant problem because it’s the web server (specifically Apache) that threw the error - I included the HTTP 500 response from Apache and the error message on the web server log.