"Unable to connect to Home Assistant" via nginx reverse proxy

I am at my wit’s end. I have nginx proxy manager running on Docker on my Synology NAS. I am trying to connect through it to my Home Assistant at 192.168.1.36:8123. I can connect successfully on the local network, however when I connect from outside my network through the proxy via hassio.example.com, I see the Home Assistant logo with the message “Unable to connect to Home Assistant.”

I have configured my configuration.yaml:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.222 #my synology nas IP

The proxy is configured in nginx proxy manager like so:

The external connection through the proxy actually works fine with my Google Assistant Integration, so I’m at a loss as to why I can’t connect through a web browser.

2 Likes

From what I see, you’re only forwarding 8123, so you should use http://hassio.example.com:8123

Sorry, should have mentioned that my domain is on Cloudflare and is configured to forward hassio.example.com to port 8123. It is reaching Home Assistant successfully as I get the HA login screen. After I enter my credentials, I see this:

What browser?

What is install method?
If docker you need docker IPs added

Look at nginx logs. Problem have something wrong there

Most recent version of Firefox. Nginx proxy manager is installed via Docker on my NAS.

I tried adding the IP from the nginx log to my HA configuration.yaml:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.222 # Add the IP address of the proxy server
    - 172.20.0.1

But I get the same error after entering credentials.
Nginx Proxy Manager is installed via Docker on my NAS. I checked the nginx log in proxy-host-1_error.log and there are warnings:

2022/01/22 16:31:49 [warn] 2775#2775: *1013 using uninitialized "server" variable while logging request, client: 172.20.0.1, server: hassio.example.com, request: "GET / HTTP/1.1", host: "hassio.example.com:8123"
2022/01/22 16:33:36 [warn] 2774#2774: *1828 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/1/00/0000000001 while reading upstream, client: 172.20.0.1, server: hassio.example.com, request: "GET /frontend_latest/onboarding.3cb6717e.js HTTP/2.0", upstream: "http://192.168.1.36:8123/frontend_latest/onboarding.3cb6717e.js", host: "hassio.example.com:8123", referrer: "https://hassio.example.com/service_worker.js"

In my Home Assistant log, I see:

2022-01-22 10:10:57 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 172.20.0.1 (172.20.0.1). (Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0)

I’m confused as this IP is on the trusted_proxies and I know my credentials are correct.

did you restart after add docker IP?

sorry. I dont use nginx proxy manager so I not sure how that should be comfigured. Probably should take your domain out of screenshot however.

How is proxy manager installed?

As test and verification I would temporarily throw all local IP (192.168.1.0/24) and docker IP (172.20.0.0/24) into trusted proxies and see if connection through domain allowed. this would at least answer if the http section of config is causing some issue.

if that not work, I would verify requests from domain to nginx are OK. pointing the domain to a file on the server and having that served through nginx would answer that.

After that I would do next step based on results of above 2. sorry but hopefully this gets you moving in a good direction.

Also as FYI. I have for long time had issues connected through nginx on iOS, so if you testing on iOs or Apple please let me know and I may have different advice. This is caused by my nginx config but I never fix since for long time I only use android/linux and this only recently become issue I too busy to fix.

Yep, restarted after adding the docker IP.

Oops! Thank you, I took it out of the screenshot.

I’m using the jc21/nginx-proxy-manager Docker image on my NAS.

Changed my config to:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.0/24 # Add the IP address of the proxy server
    - 172.20.0.0/24

But same problem. I get unable to connect to Home Assistant after entering credentials.

What is very strange is that I have my Google integration set up with this same domain and everything seems to work fine.

No iOS devices on my network.

1 Like

IP is not banned by HA correct?

maybe the nginx config is wrong. google does not connect in same manner.
Domain may be passing OK but websocket connections may be having issue.

Id look at nginx but not sure what to check there. Maybe try different addon or verify setup with someone using same addon

EDIT
Dont forget to change below back to normal when all is resolved.

Smells like websocket is not proxied on cloud flare, then

1 Like

Thanks all for the help. Cloudflare states that websockets are supported by default without any configuration changes. I’m fairly confident the problem is with how my nginx is working. I have Googled and tried some other solutions to get nginx to support websockets but nothing has worked. Unfortunately I don’t think this is worth the time and effort anymore. I have spent many hours so far and haven’t made much progress. I’m just going to go back to using duckdns to access home assistant.

Don’t give up! I’m having the same issue… It’s been working fine for AGES. Did something break during a recent upgrade?
Found my problem. My Lets Encrypt SSL Certs expired…months ago apparently and things just kept working until my system went offline for most of a day. Fixed my certs and it started working again.

My situation is similar: I am trying to access my local HA instance that is already accessible from outside the network using a duckdns domain using the Nginx Proxy Manager on a rented server. I am stuck with such a weird configuration because I don’t have a public ipv4 address.

I am getting the same errors that you described earlier. I found online, that setting

location / {
    proxy_pass http://homeassistant.local.hass.io:%%HA_PORT%%;
    proxy_set_header Host $host;
    proxy_redirect http:// https://;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
}

in Nginx is supposed to help with socket forwarding. I don’t know how to use it properly in NPM but maybe it helps you out or someone else has an idea?

Edit: this worked for me Home Assistant Community Add-on: Nginx Proxy Manager - #543 by JasonLee

5 Likes

I had exactly same problem and I’ve finally solved it by enabling WebSocket custom headers - $http_upgrade and $connection_upgrade - in reverse proxy (I’m using standard reverse proxy built in DSM, but I believe there is something similiar in Nginx Proxy Manager).

35 Likes

That solved my problem! Thanks much!

Thank you! This just solved an access issue for me after re-setting up NGINX.

1 Like

Thank you!! This solved my problem as well.

1 Like

Hi! Good to see you have it working. Can you please share how to add those headers to Nginx Proxy Manager? I also keep getting the “Unable to connect (…)” error after switching from the HA add-on Nginx (which was working) to the Proxy Manager that I have running on another device.

Although I have been trying for hours to get everything working before I posted, ofcourse just after posting I found the solution. I missed the checkbox of Websockets support. It’s working!

1 Like

Thank you so much! This solved my problem too!

Someone know how can I put this settings in the “Nginx Proxy Manager” please ?
I have same problem when I access from my work office PC (outside)
But it’s work when I use the mobile phone Android (outside)

In the Chrome console give me:
core.a0afd420.js:1 WebSocket connection to ‘wss://hass.xxxdomain.com/api/websocket’ failed:
(at my work office PC outside of my LAN)

Thanks a lot
Denis

1 Like