#Nginx proxy manager. I need help getting https to work

I have a domain. I have forwarded port 80 and 443 on my server/gateway. I have installed nginx, and when I access it with the internet IP from outside I get the congrats page up

When I try access the https version it just won't connect

I've tried a few guides, and while they all seem very simple I just cannot get it working.

What have you setup at http://homeassistant.local:81/nginx/proxy?

To rule out tardy DNS propogation, try the following:

curl -L -H 'Host: sunmaster.skystrip.no' http://homeassistant.local

...does it look like it's returning the content you expect?

well it did give <!DOCTYPE html><html><head><title>Home Assistant</title><meta charset="utf-8"><link rel="manifest" href="/manifest.json" crossorigin="use-credentials"><link rel="icon" href="/static/icons/favicon.ico"><link rel="modulepreload" href="/frontend_latest/core.9788ba1e3e5485c3.js" crossorigin="use-credentials"><link rel="modulepreload" href="/frontend_latest/app.0a149a9a588dd5dd.js" crossorigin="use-credentials"><link rel="mask-icon" href="/static/icons/mask-icon.svg" color="#18bcf2"><link rel="apple-touch-icon" href="/static/icons/favicon-apple-180x180.png"><meta name="app ....

That would suggest you have HA running on 192.168.1.27... makes sense.
Were you expecting something else?
By accessing with the external-IP (i.e. in a browser) the Host header is not properly set, which NG needs to know what proxy host to route; this is what -H 'Host: ...' in the curl command is doing

I should have spotted this in your OP

yes it's runnig on .27

...the HTTPS version also needs the correct hostname (i.e. the not the external-IP) to correctly/safely match the SSL cert

When I try access the https version it just won't connect
Depending on what you are actually seeing, this is to be expected

ok, I just want to access my home assistant installation/interface from outside

Sure, you need to use sunmaster.skystrip.no, not any kind of IP address.
is https://sunmaster.skystrip.no not working in your browser?

no, it gives connection error. However, pinging the hostname works so it does resolve. But if I understand you correctly I need to set the destination proxy to sunmaster.skystrip.no ?

Yeah, but it looks like you are correctly setup there?

• The browser (or curl, with -H 'Host: ...') needs to match the hostname you enter to the SSL cert name, to verify and make a secure connection.
• NG-proxy needs to match the hostname, to know where to route you request to, or else it won't and you get "Congratulations..."

Note that all browers set the Host header for you automatically; you have to do it manually with curl

If you must use the IP address in the browser - say for testing purposes - you would need to install a browser extension that allows you to set HTTP headers; then you could set Host like you would with curl

ok?

Lol.

Forgive me for the overload, and forgive me for snooping... when I lookup your domain name I get the following:

;; ANSWER SECTION:
sunmaster.skystrip.no.    1931    IN    A    109.247.208.57

Is that your external-IP? If so, try the following (http and https):

curl -L -H 'Host: sunmaster.skystrip.no' http://109.247.208.57
curl -L -H 'Host: sunmaster.skystrip.no' https://109.247.208.57

For the http I get nothing. For the https I get a "connection lost" error (translated to english)

brave browser says something like ocnnection reset for https

from the nginx log I see

2025/09/22 17:27:34 [error] 411#411: *18845 open() "/var/www/html/_profiler/phpinfo" failed (2: No such file or directory), client: 192.168.1.1, server: localhost-nginx-proxy-manager, request: "GET /_profiler/phpinfo HTTP/1.1", host: "109.247.208.57"
[22/Sep/2025:17:27:34 +0200] 404 - GET http 109.247.208.57 "/_profiler/phpinfo" [Client 192.168.1.1] [Length 181] [Gzip 3.22] "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.96 Safari/537.36" "-"
[22/Sep/2025:17:27:53 +0200] - - 499 - GET http sunmaster.skystrip.no "/" [Client 192.168.1.1] [Length 0] [Gzip -] [Sent-to sunmaster.skystrip.no] "curl/7.88.1" "-"

i need to head out. will check back tomorrow to see if you are still stuck
hopefully you've followed my explanation above, and can rule those issues out.

when I access it with the internet IP from outside I get the congrats page up
it's hard to imagine with this result, why using your domain name does not work, given

• a the external-IP routes to your server and ports are forwarded, as you hit NG-proxy (you get congrats page)
• the domain name resolves to your external IP

good luck, for now

thanks so far

When setting the proxy host source to https and trying to access tge page I find in nginx's log :

[9/22/2025] [5:45:45 PM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;"
[9/22/2025] [5:45:45 PM] [Nginx ] › ⬤ debug Deleting file: /config/nginx/proxy_host/1.conf
[9/22/2025] [5:45:45 PM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;"
[9/22/2025] [5:45:45 PM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;"
[9/22/2025] [5:45:45 PM] [Nginx ] › ℹ info Reloading Nginx
[9/22/2025] [5:45:45 PM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -s reload

Btw, I appreciate you might want to figure this out and make it work, however there is an alternative approach to accessing your HA - and home network in fact: - that would be Tailscale.

You can even setup HA as an exit-node, which means, not only can you access anything on your home network, you can browse the internet as your traffic was originating from your home network. If that matters to you.

Well, I ave it working now - on http not s. And for now I don't dare touch anything 🙂

What did you do to get this far?

Re: Tailscale, they are completely compatible, in the orthogonal sense that they have nothing to do (cause no interference) with each other.
IMO It's just nice to not have to faff with router port-forwarding and SSL cert updates