I have HA running internally on my network at 8123. Can access it just fine locally with http://aaa.bbb.ccc.ddd:8123.
I want to access it externally, so I set up a forwarded port (8123) to the container’s IP. As I have a domain of my own I added a DNS record ha.<mydomain>
→ my static IP.
This works fine for the app and also for web access via http://ha.<mydomain>:8123
. However I get the warning that it’s not secure, it’s not, and safari won’t autofill my password.
So … I got an SSL certificate for ha.<mydomain>
and installed the NGNIX addin. Reasonably sure I have the cert and key PEMs correct. I set ha.<mydomain>
as the domain in the NGINX config.
To my main config.yaml I added
use_x_forwarded_for: true
trusted_proxies:
- 10.13.0.0/16
my HA server runs on the 10.13.x net, I can tighten that up later but started with something broad.
I forwarded 443 into the HA container, the same way that 8123 was forwarded.
I cannot however make it work. Accessing https://ha.<mydomain>
gives me
‘400 Bad Request’
I have tested with openssl and curl and I see correct certificate validation, I feel however that NGINIX isn’t forwarding to 8123 but to 80 (eg I don’t see where to tell it that 8123 is where the server is running and the documentation seems to indicate it forwards 443 to 80). What piece of config am I missing here and/or what else can I do to debug.
openssl s_client -connect ha.<mydomain>:443 ...
SSL handshake has read 3975 bytes and written 401 bytes
Verification: OK
curl -I https://ha.<mydomain>
HTTP/2 400
server: nginx
date: Tue, 17 Jun 2025 06:57:11 GMT
content-type: text/plain; charset=utf-8
content-length: 16
strict-transport-security: max-age=31536000; includeSubDomains