Websocket Connection Failed Through Nginx Proxy

ckchessmaster · February 10, 2022, 7:12pm

Hi everyone I’ve seen this topic posted a few times but I cannot for the life of me get it to work using those examples. Here is what I’m trying to do:

I’ve got a subdomain pointed to a VM on my network that is acting as a proxy to home assistant running in another VM. I went in and setup nginx to proxy everything from that subdomain and the normal HTTP requests work and I can even login. But then it fails while trying to load data and just says “Unable to connect to Home Assistant”. In the console I see the error “WebSocket connection to 'wss://ha.mydomain.com/api/websocket failed:”

I feel like I’ve tried everything but must be missing something. Any help would be appreciated.

Below is my nginx config for the site:

server {                                                                                                                                                                               
  listen      443 ssl http2;                                                                                                                                                           
  server_name ha.mydomain.com;                                                                                                                                                     
                                                                                                                                                                                       
  ssl_certificate           /etc/nginx/ssl/letsencrypt/ha.mydomain.com/ha.mydomain.com.cer;                                                                                    
  ssl_certificate_key       /etc/nginx/ssl/letsencrypt/ha.mydomain.com/ha.mydomain.com.key;                                                                                    
  ssl_ciphers               ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;                             
  ssl_dhparam               /etc/nginx/ssl/letsencrypt/ha.mydomain.com/dhparams.pem;                                                                                               
                                                                                                                                                                                       
  ## SSL logs ##                                                                                                                                                                       
  access_log /var/log/nginx/ha.mydomain.com_ssl_access.log;                                                                                                                        
  error_log  /var/log/nginx/ha.mydomain.com_ssl_error.log;                                                                                                                         
                                                                                                                                                                                       
  root          /var/www/ha.mydomain.com/html;                                                                                                                                     
  index         index.html index.htm index.php;                                                                                                                                        
                                                                                                                                                                                       
  proxy_buffering off;                                                                                                                                                                 
                                                                                                                                                                                       
  location / {                                                                                                                                                                         
    proxy_pass                  http://192.168.1.130:8123;                                                                                                                             
    proxy_http_version          1.1;                                                                                                                                                   
    proxy_redirect              http:// https://;                                                                                                                                      
    proxy_set_header            Host $host;                                                                                                                                            
    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;                                                                                                            
    proxy_set_header            Upgrade $http_upgrade;                                                                                                                                 
    proxy_set_header            Connection $connection_upgrade;                                                                                                                        
  }                                                                                                                                                                                    
}                                                                                                                                                                                      
                                                                                                                                                                                       
# Upgrade http to https                                                                                                                                                                
server {                                                                                                                                                                               
  listen      80;                                                                                                                                                                      
  server_name ha.mydomain.com;                                                                                                                                                     
                                                                                                                                                                                       
  return 301 https://ha.mydomain.com$request_uri;                                                                                                                                  
}

And then here is my home assistant config.yaml:


# Configure a default setup of Home Assistant (frontend, api, etc)
default_config:

# Text to speech
tts:
  - platform: google_translate

group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

http:
  server_port: 8123
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.135

ckchessmaster · February 12, 2022, 4:36pm

bumping for visibility. Thanks!

ckchessmaster · February 15, 2022, 2:25pm

bumping for visibility. Thanks!

ckchessmaster · February 22, 2022, 6:06pm

So per another user’s suggestion I decided to try and use Docker with swag to keep things simpler. Set it up and pointed it to my HA instance and once again got the login screen and then got the same websocket error in the console:

WebSocket connection to 'wss://my.domain.com/api/websocket' failed: 
Uncaught (in promise) 1 /lovelace?auth_callb…D&storeToken=true:1

I even tried using the template conf file provided by swag themselves and it still fails.

ckchessmaster · March 7, 2022, 2:41pm

bumping for visibility

dylankainth · April 10, 2022, 9:19pm

Hi, I think I had a similar problem today whilst redoing my HASS.

For me, I used this configuration in combination with the guide here

I checked the NGINX logs and apparently, it couldn’t find a variable for $connection_upgrade; .

Replacing

proxy_set_header            Upgrade $http_upgrade;                                                                                                                                 
proxy_set_header            Connection $connection_upgrade; `

with

proxy_set_header    Upgrade     $http_upgrade;
proxy_set_header    Connection  "upgrade";

seemed to let the web socket through

Try tinkering with your NGINX, and maybe checking the logs for it.
Good Luck.

-Dylan.

actuallymentor · January 3, 2023, 10:27pm

This fixed my issue. But I’m failing to see why. My nginx.conf has the following block segment:

http {
   map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }
}

and as far as I know that is correct…

chaot2000 · January 2, 2024, 3:32pm

Where is the right place in npm for that?