Every time im trying to load addons from HASS i get this error

GET https://domain.com/api/hassio_ingress/DLwq7FRgOdat0Fz52oBKq330QAuVVkmgLjkR7sTrfkE/stable-d7a2b4936af1bfd80cb96f2567af68badc2325e3/static/out/vsda.js

GEThttps://domain.com/api/hassio_ingress/DLwq7FRgOdat0Fz52oBKq330QAuVVkmgLjkR7sTrfkE/stable-d7a2b4936af1bfd80cb96f2567af68badc2325e3/static/out/vsda_bg.wasm

i did enter the stuff in my config.yaml and rebooted HASS

this is my reverse proxy config

server {

    server_name hass.domain.com;

    client_max_body_size 0;

    location / {
        auth_request /organizr-auth/2;
#        include /config/nginx/proxy.conf;
#        include /config/nginx/resolver.conf;
        set $upstream_app 192.168.2.233;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
proxy_hide_header X-Frame-Options;

    }

    location ~ ^/(api|local|media)/ {
#        include /config/nginx/proxy.conf;
#        include /config/nginx/resolver.conf;
        set $upstream_app 192.168.2.233;
        set $upstream_port 8123;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }

location ~ /organizr-auth/(.*) {
        internal;
        proxy_pass https://127.0.0.1/api/v2/auth/$1;
        proxy_set_header Content-Length "";
}
    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/hass.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/hass.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = hass.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 ;
    listen [::]:80 ;

    server_name hass.domain.com;
    return 404; # managed by Certbot


}

Issues with Reverse proxy and addons

Are you using the NGINX reverse proxy add-on?

no its on a diffrent VM

I have a reverse proxy config, which I used in the NGINX proxy add-on to use another service on the HA host. 🤔

wuth

lol

but you dont see anything weird in that config ?

do you need logging or something

quz i REALLY wanna have this work

I'm not too familiar with NGINX

you know some1 who is who can help ?

Gimme a second. I'll adapt my config - maybe that works for you

Now I think it should be similar to yours

the /share/nginx/proxy default

is that something i also have

or did you make that?

I changed the paths - reload the codepage

i dont have /share/nginx_proxy_default*.conf;

so i cant include it

Oh... it didn't save my changes. Sorry!

One second - doing it all again 😆

https://dpaste.org/88Xag

I hope, I haven't missed something

proxy_pass http://homeassistant.local.hass.io:8123; i guess this needs to be my local IP

from HASS

and cant i just not add

listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hass.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hass.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

for the dhparam

etc

or does it not work that way?

i suck at Nginx

You can use the IP:8123 or the homeassistant.local:8123 there. I'm not 100% sure if that is just working with an add-on.

i guess i just add this because it does the same that you do

only it also has my certificate

server {
server_name hass.domain.com;
​
# These shouldn't need to be changed
listen 80;
return 301 https://$host$request_uri;
}
​
server {
server_name hass.domain.com;
​
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_certificate /etc/letsencrypt/live/hass.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hass.domain.com/privkey.pem;
​
# dhparams file
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
​
listen 443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
​
proxy_buffering off;
​
ssl_certificate /etc/letsencrypt/live/hass.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hass.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
​
location / {
proxy_pass http://homeassistant.local.hass.io:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}

so like that

Your certs are already in my config. You declared them twice now.

H

ah yes i see

Nov 02 11:09:46 organizr nginx[8775]: nginx: [emerg] unknown directive "​" in /etc/nginx/sites-enabled/hass.domain.com:5

weird

i # all directives and same issue still

weird and i am running your conf @flint mural

i am running multiple reverse proxys

like around 8

Okay... you should be able to copy and paste their config and adapt the details 🤔

map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

server {
    if ($host = unifi.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  server_name unifi.domain.com;
  client_max_body_size 4G;
  return 301 https://$host$request_uri;


}

server {
  listen 443 ssl http2;
  server_name unifi.domain.com;
  set $upstream 192.168.2.251:8443;
  auth_request /organizr-auth/2;

  location / {
    proxy_pass     https://$upstream;
    proxy_redirect https://$upstream https://$server_name;
    proxy_hide_header X-Frame-Options;

    proxy_cache off;
    proxy_store off;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_read_timeout 36000s;

    proxy_set_header Host $http_host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Referer "";

    client_max_body_size 0;
  }
location ~ ^/organizr-auth/(.*) {
    ## Has to be local ip or local DNS name
    proxy_pass https://192.168.2.241:443/api/v2/auth/$1;
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
}

    ssl_certificate /etc/letsencrypt/live/unifi.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/unifi.domain.com/privkey.pem; # managed by Certbot
}

also running this 1

ok weird

i changed it

but now i get unable to connect to home asisstant

cant reach the api/websocket

Have you added the trusted proxy to HA's configuration.yaml?

http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.2.0/24

i added this

or does it need to be the IP

It can also be the network

so this should work

If your proxy communicates from that network

i dont have any Vlans or anything

so ye

If there is an internal network (like in Docker or VM bridges) they use another IP range

nope only network it has access to is my internal network

wish i could send screenshots

https://i.imgur.com/CpahD0J.png

the IP config of my proxy

Strange

https://i.imgur.com/0GspPkg.png

the error im getting

and on the webpage its 502 bad gateway

Can you reach the UI?

https://i.imgur.com/rBlJggs.png

yea only getting this

and if i press retry i get bad gateway

i guess it goes bad with calling the API

location ~ ^/(api|local|media)/ {
    set $upstream_app 192.168.2.233;
    set $upstream_port 8123;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

}

https://community.home-assistant.io/t/reverse-proxy-using-nginx/196954

You would have to change some stuff

yea all that SSL stuff

And the HA IP

And host names ^^

map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}

server {
# Update this line to be your domain
server_name example.com;

# These shouldn't need to be changed
listen [::]:80 default_server ipv6only=off;
return 301 https://$host$request_uri;

}

server {
# Update this line to be your domain
server_name example.com;

listen [::]:443 ssl default_server ipv6only=off; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";


proxy_buffering off;

location / {
    proxy_pass http://127.0.0.1:8123;
    proxy_set_header Host $host;
    proxy_redirect http:// https://;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
}

}

so like that

That's the one from the forum?

Y

That worked at least for some people. I'd try that - with the SSL, host and IP changes

i also have the SSL locations

so i could also just change those

400 bad request

Any typos?

only thing i changed was listen [::]:80 default_server

i changed it to listen 80

listen [::]:443 ssl default_server

this 1 too

to listen 443 ssl

because it isnt my default server

thats already assigned to another proxy

You should keep the [::] stuff it makes it work for IPv6 too. That might be one reason of failure

Nov 02 12:45:01 organizr nginx[9465]: nginx: [emerg] duplicate listen options for [::]:443 in /etc/nginx/sites-enabled/domain.conf.conf:17
Nov 02 12:45:01 organizr systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE

thats why i changed it

I have looked at the NGINX add-on's config itself (which obviously works with HA). Haven't seen anything websocket specific in it

I'm not an expert when it comes to this so please excuse me if I'm talking BS 😄

I'm running nginx proxy manager on a different VM and had to enable websocket support because I couldn't login otherwise. But apart from that I didn't have to do anything else using the GUI to get it running.

never used the proxy manager

Yeah. NPM has more overhead, but is really user friendly and easy to configure.

let my try it, because everytime these struggles are getting anoying XD

Would it be helpful if I share my config with you? But I can't find anything that sounds like "websocket support" in the .conf file, so maybe this is configured elsewhere?

maybe

but sure

can always try

trying to install the mariaDB

quz its needed for the manager addon

but it aint installing

and the proxy manager went like a charm

trying it by the local IP

can yo also import stuff ?

and a reverse proxy

is that a proxy or a redirection host

its a proxy

Proxy host

yea

question the system is not able to change the config of my nginx that im already running

it makes its own reverse proxy i guess

dammit

it makes my HASS the reverse proxy host

and i dont want that XD

You can run NPM as a Docker image on any host

https://nginxproxymanager.com/setup/#running-the-app

https://github.com/causefx/Organizr

yea but im using this for reverse proxy

and its not in a docker

just a ubuntu VM

Erm... you said, you are using NGINX as reverse proxy

yea

with org

org comes in with build in NGINX

That adds more possible points of failure

Also you have to tell HA, that it is allowed to run in an iframe

At least I guess, what's going on with that service. Didn't dive in too deep

This is what my .conf looks like

`server {
set $forward_scheme http;
set $server "homeassistant.local";
set $port 8123;

listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443 ssl http2;

server_name homeassistant.mydomain.net;

Let's Encrypt SSL

<some ssl stuff>

Block Exploits

include conf.d/include/block-exploits.conf;

HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)

add_header Strict-Transport-Security "max-age=63072000; preload" always;

# Force SSL
include conf.d/include/force-ssl.conf;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

access_log /data/logs/proxy-host-5_access.log proxy;
error_log /data/logs/proxy-host-5_error.log warn;

location / {

HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)

add_header Strict-Transport-Security "max-age=63072000; preload" always;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

# Proxy!
include conf.d/include/proxy.conf;

}

Custom

include /data/nginx/custom/server_proxy[.]conf;
}`

@flint mural but does also the addon studio code server work

behind your reverse proxy

or @tepid bough

I don't have any problems with the Studio Coder Server add-on but I'm only accessing local files with it.

never tried accessing remote files with it

And my 2 other add-ons Piper and Whisper work fine as well

can you try it on your reverse proxy?

Try what?

go to HASS on your reverse proxy url

and check if you can open the addon

I'm always using the remote url

works fine

:/

https://i.imgur.com/57tBXOL.pngim only getting this

could you send me your NGINX config

the RAW config

not the 1 in your manager

Isn't that what I posted earlier?

That's my .conf file in the nginx directory

too much include stuff

Do you have any custom stuff in the add-on configuration? Mine is completely empty

same

Does it work if you connect to your HA if you access it via IP?

yea

home assistant work overall

but not the studio code server

ok all web addons dont work

just installed the web ssh addon

also doesnt do a thing

I can't even find the files its referencing...

should be there

else you get allot of errors XD

freaking frustrating XD

how does it work normally for you and not for me

:?

even when i try to access it as a site it doesnt work

do you get errors when you try to include the files above?

You are using it inside that frame in Organizr?

Proxy.conf:

add_header X-Served-By $host; proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_pass $forward_scheme://$server:$port$request_uri;

force-ssl.conf:

if ($scheme = "http") { return 301 https://$host$request_uri; }

And I guess you can comment out the block exploits and HSTS stuff cause you don't need that for testing purposes

You can remove the "# Custom" line too, custom files don't exist.