Guys, I’m trying to setup NGINX as proxy for HA (version 0.41) but when I try to open HA http://thisismydomain.com after a long loading I have the login with an error message “Unable to connect” and even if I type again the password the result is the same. I’m stuck and I cannot figure out what is the problem, can you help?
I had already the lines you mentioned. Here my nginx.conf
user www-data;
# As a thumb rule: One per CPU.
worker_processes 4;
# Maximum file descriptors that can be opened per process
# This should be > worker_connections
worker_rlimit_nofile 100;
events {
worker_connections 50;
}
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
charset utf-8;
# + Nginx - To avoid 2MB upload error: https://github.com/Fourdee/DietPi/issues/546
client_max_body_size 100M;
# Upstream to abstract back-end connection(s) for PHP
upstream php {
server unix:/run/php5-fpm.sock;
}
# Set the mime-types via the mime.types external file
include mime.types;
# And the fallback mime-type
default_type application/octet-stream;
# Click tracking!
access_log off;
# Hide nginx version
server_tokens off;
# ~2 seconds is often enough for HTML/CSS, but connections in
# Nginx are cheap, so generally it's safe to increase it
keepalive_timeout 65;
# You usually want to serve static files with Nginx
sendfile on;
tcp_nopush on; # off may be better for Comet/long-poll stuff
tcp_nodelay off; # on may be better for Comet/long-poll stuff
server_name_in_redirect off;
types_hash_max_size 2048;
gzip off;
gzip_http_version 1.0;
gzip_comp_level 1;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_types
# text/html is always compressed by HttpGzipModule
text/css
text/plain
text/x-component
application/javascript
application/json
application/xml
application/xhtml+xml
application/x-font-ttf
application/x-font-opentype
application/vnd.ms-fontobject
image/svg+xml
image/x-icon;
# This should be turned on if you are going to have pre-compressed copies (.gz) of
# static files available. If not it should be left off as it will cause extra I/O
# for the check. It would be better to enable this in a location {} block for
# a specific directory:
# gzip_static on;
gzip_disable "msie6";
gzip_vary on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
This helped me a lot. When applying these settings to the location directive as @shire210 suggested, I also had to make sure $connection_upgrade was defined in the http directive as @mikeg1130 suggested .
@Slash yes I’m using the linuxserver/letsencrypt docker container on an Unraid server. It comes bundled with a valid sample configuration file for HomeAssistant:
However, you may find that file is for the basic/core HomeAssistant install, and HassIO needs additional proxy configuration for many add-ons to work correctly via websocket connections to the api/hassio_ingress endpoint… so you will need to add another location mapping (in addition the /api/websockets one already in the sample):
More details can be found here on the Github forum for HassIO add-ons, but basically adding this block to the sample in the docker enables HassIO add-ons to work properly also…
# Duplicate websocket configuration specifically for HassIO add-ons (e.g. /api/hassio_ingress)
# Details of how this config works can be read here:
# https://www.serverlab.ca/tutorials/linux/web-servers-linux/how-to-proxy-wss-websockets-with-nginx/
location /api/hassio_ingress {
resolver 127.0.0.11 valid=30s;
set $upstream_app 192.168.1.???;
set $upstream_port 8123;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
Note: For security & best practices (narrow scope), I added this section to specifically only hanlde the hassio_ingress route, as opposed to just allowing all requests at my root location (wildcard for any request to my HomeAssistant) to be upgraded as websockets which was mentioned in the HomeAssistant forum.
FYI I have just installed Nginx Proxy Manager (NPM) and was having problems logging in. Based on the advice in the above comments I changed the settings to Scheme: HTTPS and Websockets Support. I was immediately able to connect to HA from my subdomain. Thanks everyone.
ok so i have basically the same issue. I am using a synology for the reverse proxy. The tip with the webSocket helped a lot. thanks @ imperyal
it did work fine for like a minute or so…
if I set up a new reverse proxy… with websocket and everything, same thing it works locally and via the internet externaly. But maybe for 10 minutes…
Then it goes back to “Unable to connect to Home Assistant.”
Any update on this? Im running nginx proxy manager on unraid, and never had an issue when proxying to other docker services. I am running HA in a VM on Unraid with my own domain and cloudflare.
HTTP works, HTTPS hangs on ‘loading data’ and then errors out.
