Hi It is possible to use nginx using 8123 port,
ex. https://mydomain.duckdns.org:8123, i don’t like to use directly
Thanks for this, worked for my situation too.
Same for me! Thank you so much!
I’ve read though the thread but still can’t get my remote access to work. I’m using the Nginx Proxy Manager add-on. Getting these debug logs:
listen 80;
#listen [::]:80;
listen 443 ssl http2;
#listen [::]:443;
server_name mydomain.se;
# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-1/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-1/privkey.pem;
# Force SSL
include conf.d/include/force-ssl.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
access_log /proc/1/fd/1 proxy;
error_log /proc/1/fd/1 warn;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://192.168.10.178:8123;
# Force SSL
include conf.d/include/force-ssl.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
}
# Custom
include /data/nginx/custom/server_proxy[.]conf;
}
[12/20/2023] [5:25:36 PM] [Nginx ] › ℹ info Testing Nginx configuration
[12/20/2023] [5:25:36 PM] [Nginx ] › ℹ info Testing Nginx configuration
[12/20/2023] [5:25:36 PM] [Nginx ] › ℹ info Reloading Nginx
[20/Dec/2023:17:25:56 +0100] 200 - GET http 85.229.56.34 "/" [Client 167.94.145.59] [Length 1154] [Gzip -] "-" "-"
[20/Dec/2023:17:25:59 +0100] 200 - GET http 85.229.56.34 "/" [Client 167.94.145.59] [Length 625] [Gzip 1.88] "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" "-"
[20/Dec/2023:17:25:59 +0100] 400 - - http localhost-nginx-proxy-manager "-" [Client 167.94.145.59] [Length 150] [Gzip -] "-" "-"
[20/Dec/2023:17:26:00 +0100] 400 - GET http 85.229.56.34 "/favicon.ico" [Client 127.0.0.1] [Length 226] [Gzip -] "-" "-"
2023/12/20 17:26:19 [error] 352#352: *2036 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.10.1, server: mydomain.se, request: "POST /api/webhook/89ad14f94b8ae4027281dfdbd1617cf7e4a83e292b228226323e1402c55bf300 HTTP/2.0", upstream: "http://192.168.10.178:8123/api/webhook/89ad14f94b8ae4027281dfdbd1617cf7e4a83e292b228226323e1402c55bf300", host: "mydomain.se"
[20/Dec/2023:17:26:19 +0100] - 502 502 - POST https mydomain.se "/api/webhook/89ad14f94b8ae4027281dfdbd1617cf7e4a83e292b228226323e1402c55bf300" [Client 192.168.10.1] [Length 150] [Gzip -] [Sent-to 192.168.10.178] "Home Assistant/2023.7 (io.robbie.HomeAssistant; build:2023.471; macOS 14.1.2)" "-"
[20/Dec/2023:17:26:47 +0100] - 200 200 - POST https mydomain.se "/api/webhook/89ad14f94b8ae4027281dfdbd1617cf7e4a83e292b228226323e1402c55bf300" [Client 192.168.10.1] [Length 0] [Gzip -] [Sent-to 192.168.10.178] "Home Assistant/2023.7 (io.robbie.HomeAssistant; build:2023.471; macOS 14.1.2)" "-"
[20/Dec/2023:17:27:12 +0100] - - 499 - POST https mydomain.se "/api/webhook/89ad14f94b8ae4027281dfdbd1617cf7e4a83e292b228226323e1402c55bf300" [Client 192.168.10.1] [Length 0] [Gzip -] [Sent-to 192.168.10.178] "Home Assistant/2023.7 (io.robbie.HomeAssistant; build:2023.471; macOS 14.1.2)" "-"
[20/Dec/2023:17:27:20 +0100] - 200 200 - POST https mydomain.se "/api/webhook/89ad14f94b8ae4027281dfdbd1617cf7e4a83e292b228226323e1402c55bf300" [Client 192.168.10.1] [Length 0] [Gzip -] [Sent-to 192.168.10.178] "Home Assistant/2023.7 (io.robbie.HomeAssistant; build:2023.471; macOS 14.1.2)" "-"
[20/Dec/2023:17:32:16 +0100] - 200 200 - POST https mydomain.se "/api/webhook/89ad14f94b8ae4027281dfdbd1617cf7e4a83e292b228226323e1402c55bf300" [Client 192.168.10.1] [Length 1014] [Gzip -] [Sent-to 192.168.10.178] "Home Assistant/2023.7 (io.robbie.HomeAssistant; build:2023.471; macOS 14.1.2)" "-"
[12/20/2023] [5:36:13 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...
[12/20/2023] [5:36:27 PM] [Nginx ] › ℹ info Testing Nginx configuration
[12/20/2023] [5:36:27 PM] [Nginx ] › ℹ info Reloading Nginx
[12/20/2023] [5:36:28 PM] [SSL ] › ℹ info Renew Complete
My problem to access Home Assistant is only when trying to access from a mobile data connection. I have checked that the DNS is correct se-up, no Firewall blockings, my ISP have confirmed they are not blocking any ports. I forward both 80 and 443 in the router. I get my certificate from a DirectAdmin SSL challange and is confirmed to be created successfully. I have been chatting with ChatGPT 4 for 2 days now trying to solve the problem and we are out of ideas now. Please help!
Mobiledata are usually using ipv6 make sure you have enabled it.
Also your cert are going to expire soon
Wondering what web sockets support and block common exploits will change in the nginx configuration, any idé?
thank you. that solved also my problem
Yup, that was my issue. Once enabling web sockets it started working as expected. Thanks to all for the susgestion
I had this same issue , using NPM and also Authelia.
I actually turned websockets off, and added these now famous lines to the Advanced tab in the “location /” section of the boilerplate authelia code.
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
It worked fine with and without websockets enabled.
I dont know if anyone did this but it was by asccident I set the config like so pointing to my nginx reverse proxie server ip. which still didnt get me past the login.
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.1.3
ip_ban_enabled: true
login_attempts_threshold: 3
but because i banned the ip for too many failed attempts I found the docker ip
inside the op_bans.yaml file
I popped that under the nginx ip and boom all good.
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.1.3
- 172.18.0.1
ip_ban_enabled: true
login_attempts_threshold: 3
What worked for me: Raspberry Pi 5, running Home Assistant and the Nginx Proxy Manager add-on.
in configuration.yaml:
Remote Access with Enginx
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
Enabling the web sockets option in Nginx proxy manager
Adding the lines in define location as discribed by @cwricklee
thank you alll for the discussion , i was struggling with same errors, I have deployed HA, Frigate, mqtt all in docker in Ubuntu and was trying to setup the duckdns domain with reverse proxy and finally i am successful…
What proxy you use?
Try this… (same post here: Ingress with support for websocket - #2 by nikos445)
Configuration YAML:
http:
server_port: 80
use_x_forwarded_for: true
trusted_proxies:
- 192.168.200.100
Ingress:
kind: Ingress
metadata:
name: home-assistant-ingress
namespace: default
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/server-snippets: |
location /api/websocket {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
spec:
ingressClassName: nginx
tls:
- hosts:
- example.com
secretName: home-assistant-cert
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: haas
port:
# number: 80
name: haas
I am using nginx service
Thank you so much, been trying to fix this for ages, your solution worked a treat for me. Thank you 
Epic. This linked worked for me too
did you get it working ? I can’t seem to find the path where the log file is stored.
did you found a solution to redirect the access log somewhere ?
I would like to use a GoAccess for nginx proxy manager addon/docker to view a website portal with statistics.
using this: GitHub - xavier-hernandez/goaccess-for-nginxproxymanager: GoAccess Docker Image for Nginx Proxy Manager and more...
I did not found a HA addon for it, but I can make it with Portainer en paste a docker compose text there in the “Add Stack”.
If I look at the Nginx Reverse Proxy Manager Addon with Portainer, I see following Volume mappings:
indeed the /mnt/data/supervisor/addon_configs/a0d7b954_nginxproxymanager is under my HA samba share undder addon_configs:
but the other share is not under addons directory (it is empty).
Anyone got GoAccess working with the HA NPM addon logs ?
edit: I think the logs are stored with HA under /var/log/journal ? (binary files)
with :
ha host logs --identifier addon_a0d7b954_nginxproxymanager
under supervsor ssh you can also see the log of the NPM.
Question now how to add this to the GoAccess docker compose file Volumes?
below something I tought it would be, but log is not available as file I think.
version: ‘3.3’
services:
goaccess:
image: ‘xavierh/goaccess-for-nginxproxymanager:latest’
container_name: goaccess
restart: always
ports:
- ‘7880:7880’
environment:
- TZ=Europe/Brussels
- SKIP_ARCHIVED_LOGS=False #optional
- DEBUG=False #optional
- BASIC_AUTH=False #optional
- BASIC_AUTH_USERNAME=user #optional
- BASIC_AUTH_PASSWORD=pass #optional
- EXCLUDE_IPS=127.0.0.1 #optional - comma delimited
- LOG_TYPE=NPM #optional - more information below
- ENABLE_BROWSERS_LIST=True #optional - more information below
- CUSTOM_BROWSERS=Kuma:Uptime,TestBrowser:Crawler #optional - comma delimited, more information below
- HTML_REFRESH=5 #optional - Refresh the HTML report every X seconds. GoAccess - Manual Page
- KEEP_LAST=30 #optional - Keep the last specified number of days in storage. GoAccess - Manual Page
- PROCESSING_THREADS=1 #optional - This parameter sets the number of concurrent processing threads in the program’s execution, affecting log data analysis, typically adjusted based on CPU cores. Default is 1. GoAccess - Manual Page
volumes:
- /mnt/data/supervisor/addons/data/a0d7b954_nginxproxymanager/logs:/opt/log
- /path/to/host/custom:/opt/custom #optional, required if using log_type = CUSTOM
networks:
- nginxproxymanager_default
networks:
nginxproxymanager_default:
external: true