Hi Guys,
Tldr: How do I config two seperate servers (nginx and home assistant) to work together with ssl?
I have the following setup:
-
nginx server which is reachable from the internet via port forwarding to port 80 and 443
-
home assistant which is not directly reachable
The nginx server has a config for a subdomain, that will then redirect to the home assistant server. Here it is:
server {
server_name ha.mydomain.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass https://192.168.43.2:8123;
proxy_ssl_server_name on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/romanozumbe.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/romanozumbe.de/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#listen 80; #I explain this one further down
}
On home assistant I’ve set up ssl as well in my configuration.yml:
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
use_x_forwarded_for: true
trusted_proxies:
- 192.168.43.54
I have letsencrypt running on nginx and also on home assistant but even if I let nginx forward port 80 (see I did explain it) to home assistant letsencrypt says it can’t download the necessary files to issue a cerificate. I had it directly hooked up to port 80 once and then it worked.
Now I have the following problem, it seems ingress isn’t working anymore and all plugins that depend on it (like studio code server, zigbee2mqtt, …) won’t load their web interfaces. If I remove the ssl settings from ha everything works fine but only if I don’t go through nginx.
So how can I set it up in this scenario?