#HA gives 503 openresty error when trying to access through Nginx Proxy Manager

Heyo! I previously had this issue with HA, which was fixed when I enabled Websocket support on NPM. A few days ago I stopped being able to access HA externally. I'm not sure what's gone wrong or how to fix it, any help would be appreciated!

Check the HA (core) log

https://www.home-assistant.io/integrations/http/#reverse-proxies

Thanks! Does that go in my configuration.yaml?

Oh I already have that in there

Did you actually check the log?

Also, images of text are horrible, please don't

In case you don't know where to find the log ☝️

Sorry.

Setting logs to info now and will report back

Stop

Just check the log you have

It is that simple 😉

haha yea I did. Did'nt show anything to do with networking. Hence changing log level quick

If there's a problem with HA's config for the proxy the log will already show it

Nothing relevant there... then check the proxy log

FINALLY!

2024/11/01 09:03:29 [error] 1836#1836: *5 connect() failed (113: No route to host) while connecting to upstream, client: 192.168.0.102, server: ha.trog.co.za, request: "GET /manifest.json HTTP/2.0", upstream: "http://192.168.0.19:8123/manifest.json", host: "ha.trog.co.za", referrer: "https://ha.trog.co.za/lovelace"

I know this is now no longer an HA issue. But any ideas how to fix this?

The proxy can't reach HA, you have a network problem

Thanks for the guidance. I will look into it

Yea I've got no idea lol

Can you ping 192.18.0.19 from the proxy host?

Apparently not:

troggoman@troggoman-Super-Server:/opt/mediaserver/conf$ ping 192.168.0.19
PING 192.168.0.19 (192.168.0.19) 56(84) bytes of data.
From 192.168.0.18 icmp_seq=1 Destination Host Unreachable
From 192.168.0.18 icmp_seq=2 Destination Host Unreachable
From 192.168.0.18 icmp_seq=3 Destination Host Unreachable
From 192.168.0.18 icmp_seq=4 Destination Host Unreachable
ping: sendmsg: No route to host
From 192.168.0.18 icmp_seq=5 Destination Host Unreachable
From 192.168.0.18 icmp_seq=6 Destination Host Unreachable
^C
--- 192.168.0.19 ping statistics ---```

I'd chase that then

I'm confused though... I've ssh'd into 0.203, but it's sending pings from 0.18?

Check the network settings (routes particularly)

Maybe .18 is the default gateway

lol 18 is also my server? 203 is media-server.home and 18 is troggoman-super-server.home. I'm so confused hahaha

Thanks for the assistance though!

You're pinging from the .18 address?

I'm ssh'd into 0.203. I run ping 192.168.0.19 which is my HA server.

The output says From 192.168.0.18 icmp_seq=1 Destination Host Unreachable

Then .18 is involved for some reason - check your routes

lol idk man

traceroute to 192.168.0.19 (192.168.0.19), 30 hops max, 60 byte packets
 1  troggoman-super-server.home (192.168.0.18)  3061.753 ms !H  3061.705 ms !H  3061.699 ms !H
troggoman@troggoman-Super-Server:~$ traceroute ha.trog.co.za
traceroute to ha.trog.co.za (192.168.0.203), 30 hops max, 60 byte packets
 1  media-server.home (192.168.0.203)  1.338 ms  1.224 ms  1.153 ms
troggoman@troggoman-Super-Server:~$ traceroute homeassistant.home
traceroute to homeassistant.home (192.168.0.19), 30 hops max, 60 byte packets
 1  troggoman-super-server.home (192.168.0.18)  3052.411 ms !H  3052.345 ms !H  3052.313 ms !H```

Dude

Seriously

troggoman@troggoman-Super-Server:/opt/mediaserver/conf$ ping 192.168.0.19

What feckin' host was that there?

18 is troggoman-super-server.home

No, you weren't

ssh'd into 0.203

PS C:\Users\Troggo> ssh troggoman@192.168.0.203

But it's cool man don't stress. I'll figure it out eventually. Thanks!

I'm confused though... I've ssh'd into 0.203, but it's sending pings from 0.18?

Spoiler.... you weren't

troggoman@troggoman-Super-Server:/opt/mediaserver/conf$ ping 192.168.0.19
          ^^^^^^^^^^^^^^^^^^^^^^

18 is troggoman-super-server.home

That is why the pings were coming from .18 - you were running the command from that host

I've obviously got a fundamental misunderstanding of networking then I guess.

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether ac:1f:6b:e9:68:ec brd ff:ff:ff:ff:ff:ff
    altname enp4s0
    inet 192.168.0.203/24 brd 192.168.0.255 scope global dynamic noprefixroute eno1
       valid_lft 84131sec preferred_lft 84131sec
    inet6 fe80::ca76:8af4:f3a8:d184/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether ac:1f:6b:e9:68:ed brd ff:ff:ff:ff:ff:ff
    altname enp5s0
    inet 192.168.0.18/24 brd 192.168.0.255 scope global dynamic noprefixroute eno2
       valid_lft 84130sec preferred_lft 84130sec
    inet6 fe80::90d6:38ed:c03:b51b/64 scope link noprefixroute
       valid_lft forever preferred_lft forever```

Why the fuck do you have two interfaces on the same subnet?

eno1 and eno2 are on the same subnet

Passthrough networking for the HAOS vm

Then the interface shouldn't have an IP

Apologies for screenshot. Here's the nework config for the VM

Type    Model type    MAC address    IP address    Source    State    
direct
virtio
52:54:00:7e:1c:fa
inet
192.168.0.19/0
Direct
eno2
TAP device
macvtap0
up```

FR though don't frustrate yourself explaining probably obvious things to me if you don't want to. I'm not too stressed man. Just wondering why it would have stopped working

I initially tried to connect to the vm like normal but couldn't gain access to it. I couldn't figure out how to get my router to route me to it. So I plugged in a 2nd network cable and just did passthrough.

I am very bad at networking lol

Would actually very much prefer if I didn't need to run two cables to my server haha

There should be no need

That's what I thought too! And then my skill ran out

https://linuxconfig.org/how-to-use-bridged-networking-with-libvirt-and-kvm

It was a while ago, but I think the reason I settled on passthrough was because I couldn't get Nginx ProxMan to forward IP's in a different subnet. Or something like that

1. Sure you can
2. Bridges are on the same subnet anyway