Websocket error on custom domain with SSL (Synology)

Tags: #<Tag:0x00007f3265ee3768> #<Tag:0x00007f3265ee35b0>

I have HA running on my Synology NAS with a custom domain from DuckDNS and SSL from LetsEncrypt. I’m using my Synology as proxy server (which basically is nginx).
My router has port forwards for 443 to my Synology

https://foo.duckdns.org shows the Home Assistant login page. However when trying to login, the login page gives an error

Unable to connect to Home Assistant. Retry

In my console I can see that the websocket gives an error

Error during WebSocket handshake: Unexpected response code: 400

Login itself works, because when I enter the wrong credentials, it states

Invalid username or password

Using HA on the local IP works flawless.

Does anybody know why I can not use HA remote via my custom domain & SSL?

Below are screenshots of my configurations

Port forwards on router

Reverse Proxy Rules in Synology

Certificate for domain

I’ve checked my Nginx configuration and it hass a passthrough for HA

And this is in my configuration.yaml

Hope anyone can help!

Your HA instance is not running on In HA conf change to the ip of your nas and the info in proxy pass for nginx should definitely not be 127.0.01:8123 more likely the ip ip your nas, (192.1bluuurrr). There is never any point in blurring a private ip…

These are my settings:

  base_url: https://hassio.myds.me
  server_port: 8124
  use_x_forwarded_for: true


When did this happen ? Mine was also all OK after setting up last week and is now at the same stage as yours when out of the house and on mobile data.

I have tried playing around with the headers info but it did nothing.

I just cant remember when 107.7 came out as it was working up to Thursday I think. With been on lockdown lol.



Thanks @fredrike that solved my issue. You truly are a Great Contributor :+1:t2:

1 Like

@dicko I did a clean install with the Hass.io package by @fredrike

A few questions:
Is the base_url still needed/valid with 0.110 with the External/Internal URL?
Is server_port: 8124 correct?

  base_url: https://hassio.myds.me
  server_port: 8124
  use_x_forwarded_for: true

And last one: I created certificate with DuckDNS addon on HA, but I see in first post it has been added or imported on Synology NAS?
Whenever I go to xxxx.duckdns.org it tell me that certificate is wrong (it uses the already on the NAS existing xxxx.synology.me certificate)

do you see it listed here? https://www.home-assistant.io/integrations/http/

Also, did you read this: https://www.home-assistant.io/blog/2020/05/20/release-110/#breaking-changes under Http? it even has a link to https://github.com/home-assistant/core/pull/35224

Thanks for being critical! You point is clear! :wink:
Sorry i bothered you.

I was asking because I’m struggling already for a long time to get things working, I tried many options and configurations and I’m at the point to give up.

cool. since your posting in a Synology thread:

are you having issues with Synology, or general issues with in/external_url.
You set your own port, so use the port you set in your own config.

Cant really help you with the Synology question, since I don’t run HA on my Synology.

Believe it or not, it is finally finally working! And the trigger was in post #1. :slight_smile:

What didn’t work before did work today, I was able to register the Let’s Encrypt certificate (xxx.duckdns.org) directly on my Synology NAS. I assume some other settings I found here helped as well. :slight_smile:

I have a similar setup with external port 18881 (not the real one). Reverse proxy on my Synology to http instance of HA.
All work well but some time when I try to connect remotely it can’t connect. I must retry in a couple of seconds and then works. Same thing for the Google integration. When this happens I saw a websocket error in the log (Disconnected: Did not receive auth message within 10 seconds).
I haven’t configured the http: section but I had add the trusted_networks with the full range of my home network.

Thank you, great post.
I got it working with your configurations, both from internal and external by leaving out the base_url and server_port.