Trouble with nginx reverse proxy and homeassistant - login screen works but no redirect to lovelace

Configuration
1

I have several domains pointing to my home server. I set up and nginx+letsencrypt docker container using the linuxserver/letsencrypt image.
this container is running on the same host as my hassio containers

I get to the login screen and am able to verify username and password. Providing an incorrect password gives an error message and reprompt. I can reach homeassistant though 10.0.0.10:8123 without any trouble. In other words… something is working!
however, when homeassistant would normally redirect to lovelace, I get the error 'unable to connect to homeassistant. I believe I am missing something in my config, but I am too inexperienced to determine what.

this is the http part of configuration.yaml

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.0.0.0/24 # local network
    - 172.0.0.0/8 # docker containers

and this is the homeassistant file in /config/nginx/site-confs/

upstream hass {
    server 10.0.0.10:8123;    # the hass server and port inside the network
    }

server {
    listen 443 ssl http2 ipv6only=off;
    server_name eample.nl;
    include /config/nginx/ssl.conf;
    client_max_body_size 0;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    ssl_session_cache shared:SSL:10m;
    proxy_buffering off;

    location / {
        proxy_pass http://hass;    # Matches to the "upstream" name above
        proxy_set_header Host $host;
        proxy_redirect http:// https://;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  # for forcing password validation from outside
        proxy_set_header Upgrade $http_upgrade;
#        proxy_set_header Connection $connection_upgrade; # this prevents the nginx: [emerg] unknown "connection_upgrade" variable error
        }

}

2

Do you have websocks enabled on your nginx server?

1 Like
3

i dont think so. where can I check that?

4

Thank you EKC, I have found it.
I commented out the line below as it was causing an error

 proxy_set_header Connection $connection_upgrade;

it turns out the reason I was getting that error is because another line was missing further up in the code. adding that fixed the issue

map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

the complete config is

upstream hass {
    server 10.0.0.10:8123;    # the hass server and port inside the network
    }
map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

server {
        listen 443 ssl http2 ipv6only=off;
        server_name example.nl;

        include /config/nginx/ssl.conf;
        client_max_body_size 0;

    # These shouldn't need to be changed
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
        ssl_session_cache shared:SSL:10m;

        proxy_buffering off;

        location / {
            proxy_pass http://hass;    # Matches to the "upstream" name above
            proxy_set_header Host $host;
            proxy_redirect http:// https://;
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  # for forcing password validation from outside
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
5

It should be in your nginx docker configuration somewhere - unfortunately I use NginxProxyManager so it won’t be in the same place for you, but this is the same issue that I had when I forgot to enable websocks.

Edit: we posted at the same time, I’m glad you’ve got it sorted out :slightly_smiling_face:

6

thank you, I found the issue. You pointed me in the right direction!