The never ending battle trying to configure SSL for Mealie integration. Nginx/Caddy/reverse proxy

I have been trying to configure SSL for my Mealie add-on for months now. Originally I wanted to access it remotely to access the shopping lists and hit every hurdle possible trying to configure a reverse proxy. Eventually, I found an easy but slightly cumbersome workaround using Tailscale.

Unfortunately, I ran into an issue when I was trying to add a webpage card for Mealie on HA and it appears the HA companion apps will only deal with HTTPS. So now I am back to trying to configure SSL. Additionally, it would be nice if other members of my family were able to access Mealie via HA without messing around with Tailscale.

I have tried so many different ways. Currently, I am trying to configure Caddy 2 (via the HA add-on), but as usual I hit hurdle after hurdle and eventually a big brick wall. At this time, I am happy to try anything. The simpler, the better. If you haven’t already noticed, I am absolutely rubbish with this sort of thing.

My set-up:

HAOS installed onto Intel Nuc
Access HA remotely via Nabucasa

If anyone can help me configure this I would be so grateful. I mean, name your price and I would be happy to pay for your assistance (I am that deflated by it now)*.

*Subject to costs and my bank balance

Are you using the alexbelgium add-on or mealie in docker? I have meali running via the add on, and in the settings turned on ssl and can get the main page of mealie in iframe.

But I use duckdns and set up local dns to my duckdns home assistant page in pi-hole.

Yes that is the add-on I use. If I turn on SSL in the settings I am unable to access the UI.

So I guess its the NabuCasa causing me issues.

If you go on your app via nabu casa and go to add ons, mealie and hit open web ui can you access the mealie page? If so then use the https adress from that page to set up iframe in your home assistant.

For a second then I thought that was the answer. Unfortunately not, it just opens a blank page. I also tried it after enabling SSL in the config.

Yeah, I just read that it is not possible, you will probably need to use some other ssh tunel, I use duckdns add on it works, you can only use it to get the mealie https adress. You can also use this: https://carly.be/expose-home-assistant-through-ssh-tunnel/

Thank you. I managed to reach step 2… I got a bit lost when it says I will need a remote server, any idea? What would the remote server be in my case?

Well you need an external domain and a server to use this integration, I would use duckdns integration instead, as it will be easier to set up, then you just need to set up a free duckdns domain.

How to do this you can read here: https://homeassistantwithoutaplan.wordpress.com/2023/07/17/installing-duckdns/

1 Like

I’m actively working on this as well. Setting up the mealie add on was easy, but I am not able to access it outside of my local network… I see this seems to be a common problem for people with no solution.

Here’s where I’m at…
I have set up a domain on the duckdns website.
I have the duckdns addon installed and this has already been set up and configured for my HA instance and that is working.
Router has a port forward for 443 to my HA instance.
in the mealie addon configuration, I have the baseurl set as [duckdnsmealiedomain].duckdns.org
SSL is enabled in the configuration network port is 9090
In the duckdns addon configuration I have added [duckdnsmealiedomain].duckdns.org to the domains list.

this all works locally, but when i turn off wifi on my phone and try to go to the 1 panel card that i have set up for the website…it doesn’t work. I’m out of ideas and hoping someone has some guidance here…

Note: [duckdnsmealiedomain] is not the actual name of the domain

So I got this working. I can’t tell you exactly what it is I did to get it working as I was coming at it from every angle half asleep and eventually something worked. However, I think it was something to do with port forwarding with my situation.

Have you got the http set up in yaml for duckdns?

I have port 443 fwd’d to my ha instance…does there need to be anything other than that?

Did you set up an ssh tunnel?

When you say ‘worked’ does that mean you can get to mealie via https://yourmealiedomain.duckdns.org … or do you need to include a port number?

I have these entries in my config.yaml

#needed for NGINX
http:
  use_x_forwarded_for: true
  trusted_proxies:
    
  ip_ban_enabled: true
  login_attempts_threshold: 3