SSL behind an nginx server

Hi Guys,

Tldr: How do I config two seperate servers (nginx and home assistant) to work together with ssl?

I have the following setup:

  • nginx server which is reachable from the internet via port forwarding to port 80 and 443

  • home assistant which is not directly reachable

The nginx server has a config for a subdomain, that will then redirect to the home assistant server. Here it is:

server {

    location / {
         proxy_set_header   X-Forwarded-For $remote_addr;
         proxy_set_header   Host $http_host;
         proxy_ssl_server_name on;         
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection “upgrade”; 

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    #listen 80; #I explain this one further down

On home assistant I’ve set up ssl as well in my configuration.yml:

  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  use_x_forwarded_for: true

I have letsencrypt running on nginx and also on home assistant but even if I let nginx forward port 80 (see I did explain it) to home assistant letsencrypt says it can’t download the necessary files to issue a cerificate. I had it directly hooked up to port 80 once and then it worked.

Now I have the following problem, it seems ingress isn’t working anymore and all plugins that depend on it (like studio code server, zigbee2mqtt, …) won’t load their web interfaces. If I remove the ssl settings from ha everything works fine but only if I don’t go through nginx.

So how can I set it up in this scenario?