Reverse Proxy for ports other than HTTP/HTTPS

Hi everyone,

Yesterday I was configuring a reverse proxy for Home Assistant to use HTTPS and have it terminated at the proxy and push http to home assistant. It worked all the way to the login screen but then it failed to connect. I contacted the Home Assistant team and they told me I need to also reverse proxy WS (WebSocket).

I tried to see if there was a way to do this with the WebServer but I couldn’t find a way to do it. Is there another way I could Reverse Proxy a WebSocket with Nethserver?

Thanks

This is what you might be looking for - Improve reverse proxy, automatic handling of websockets

I don’t know if this has been pushed for official release yet.

Yes that sounds like it is what I am looking for. I probably wont install something unofficial. Any ETA on release?

I was wrong; it is out officially. I had to install the reverse proxy package.

2 Likes

LOL!!! OMG hahaha how did I miss that…

Because I had the same problem. For some reason the reverse proxy is available (though the websocket option is not available) even if you do not have the software package installed. Might be by design but I would tend to think this should be greyed out until a user has officially downloaded that module but who knows.

Unfortunately it doesn’t work at all with home assistant. I’ve mapped the url I’m getting an error for from the debugging window and, no can do. So yeah I guess the module is missing or something.

I don’t have access to your particular software to validate and test against but I also noted you were talking about different ports rather than 80/443. There is a way to define a particular Websocket path but the formatting you might need to play with. I am sorry I cannot be of more help.

I tried that, it wont work. The actualy error when debugging the browser’s console is this

When I try to use that address it doesn’t solve anything. The issue remains.

I did try what you suggested, doesn’t work.

Home Assistant uses port 8123 on http. In front I have https terminated by the reverse proxy. So yes my destination url is something like http://mysite:8123.

Again i could be barking up the wrong tree - is that image you posted referencing wss:// at the beginning or do you have it posted as ws:// within NS?

I’m spinning up a VM this weekend and i’ll see if I can’t get it to work on my end.

Update - 7/25
@tessierp I think you are having a problem with something other than the reverse proxy/websockets. This morning I deployed a Home Assistant vm and NS vm locally and had the reverse proxy/websockets work without issue via a web browser. My mobile app also works.



1 Like

I guess I was not paying attention. I removed my link to wss and it started working. Problem solved ! Thanks

@royceb Did you try this with the application? The only issue I’m having now is with the android application, it doesn’t work for me.

I did with the latest android app from Google Play on a Samsung galaxy device. I had to modify my DNS settings on my phone to make sure the mobile device was resolving to the proper IP address but in the end it did work (see third picture above).

I saw but you are using http not https. Not sure if that could be the issue. I modified the URL with https on my case, same thing I’m using in the browser but that application just doesn’t want to work with it.

One odd thing I noticed is when I pinged the dynamic address I created for my system, it was pinging the IP Address of my modem as expected. After I added the reverse proxy address, now when I ping that same FQDN, it returns one of my 2 internal NICs gateway address, 192.168.20.1 or 192.168.30.1… NOT EXPECTED.

I’d start first with http to confirm that everything is working first and then work towards each desired step afterwards to help isolate where things might be getting stuck. My example above used http://hs-demo1.nethserver.lan to prove to myself that I could a)resolve the domain appropriately and b) that the reverse proxy was functional as implemented within NethServer. My next step in your case then would be to enable & verify the SSL component works internally. Finally I would then start working on the external DNS routing/https and firewall configuration.

I can’t tell you how many times I have been working on a project and had a problem come up that had nothing to do with NS and everything to do with how my own lab setup.

Well I’m now able to confirm if I force SSL (https) it will only work with the browser. The Home Assistant application does not work with https. HTTP works with the android application and the browser, HTTPS only through the browser but not the android APP. Are you able to confirm the same behavior?

I am sorry but I cannot. I deleted my vms yesterday and won’t have the time this week to re-set them up. I’ve read over at hassi.io of something similar but I am nearly familiar enough with the software to know.

The problem could be with the android application.

But what I did find odd was what I said when I try to ping internally, I will be returned the gateway addresses not the outside IP. I guess this is normal when you set a reverse proxy?

What device/service is providing for your internal DHCP/DNS? If you have NS as your DNS provider/reverse proxy in your internal network then I would say yes. In the example above I had hs-demo1.nethserver.lan as the reverse proxy and when I pinged that url, it routed to my NS install locally.