Logs not displaying in ESPHome UI when using SSL and nginx_proxy on latest HA 2021.11

[craggyh]

The problem

Logs are not displaying in the ESPHome UI when using SSL and nginx_proxy on latest HA 2021.11 They worked fine up until I installed the most recent update. if I access my HA over SSL there is no log output visible but if I go back to local IP I can see the logs as norma l.

Which version of ESPHome has the issue?

2021.10.3

What type of installation are you using?

Home Assistant Add-on

Which version of Home Assistant has the issue?

2021.11.0

What platform are you using?

ESP8266

Board

No response

Component causing the issue

No response

Example YAML snippet

No response

Anything in the logs that might be useful for us?

Supervisor log: ERROR (MainThread) [supervisor.api.ingress] Ingress error: 403, message='Invalid response status', url=URL('http://172.30.32.1:63109/ace')

Additional information

No response

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[leonardpitzu]

same for me on 2022.03.* and 2202.04 beta

[MACscr]

Issue still exists with Home Assistant Core: 2022.6.7 Home Assistant Supervisor: 2022.05.3 and last dev version of the addon. I find it odd that there arent more clear instructions for using the official HA ssl proxy with the esphome addon.

[mmakaay]

Frankly, I'm not aware of what the "official HA ssl proxy" is. Is that a Home Assistant addon, or are you maybe referring to the Nabucasa service? Anyway, the problem lies in that HA ssl proxy and not in ESPHome. That makes the ESPHome project the wrong target for reporting the issue.

I am running ESPHome behind an nginx reverse proxy without issues. My home lab setup has quite a few services running behind this proxy (my Home Assistant instance as well), and my generic proxy config rules (which work for all my services) contain more than needed for ESPHome, but this is what I use:

File: nginx_reverse_proxy.conf (included from main config)

proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header Origin "${scheme}://${http_host}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $request_port;

# Some apps may require large uploads.
client_max_body_size 0;

Reverse proxy section from main config

upstream upstream-esphome {
        server 192.168.100.173:6052;
    }

    server {
        listen 443 ssl http2;
        server_name my.esphome.hostname;
        include /local/nginx_ssl.conf;

        location / {
            proxy_pass http://upstream-esphome;
            include /local/nginx_reverse_proxy.conf;
            allow 192.168.100.0/24; # LAN users
            allow 192.168.102.0/24; # VPN users
            deny all;
        }
    }

Possibly this helps the people in charge of the HA proxy setup to fix the issue.

[oddlama]

FYI: The issue occurs when using proxy_set_header Host $host; instead of proxy_set_header Host $http_host;. I suspect esphome fails when using $host, because $host strips the port number if present. Yet, it should be noted that using $host would be preferable since it prevents host spoofing (more information here).

[speed47]

Damn, thank you @oddlama! This was driving me crazy and your comment nailed it! Replacing $host by $http_host does fix the issue. This should be documented.

[thetxpopulist]

can confirm as well, I lost access to view logs when dialing in my nginx config; reverting from $host back to $http_host was the fix as pointed out by @oddlama , and in the directive:

This variable may have a different value from $http_host in such cases: 1) when the Host input header is absent or has an empty value, $host equals to the value of server_name directive; 2)when the value of Host contains port number, $host doesn't include that port number. $host's value is always lowercase since 0.8.17.

[renatoccosta]

For me it worked only when I added these lines:

proxy_set_header    Upgrade             $http_upgrade;
proxy_set_header    Connection          "upgrade";
proxy_http_version 1.1;

Full location block:

  location / {
    proxy_pass http://esphome;

        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;
        proxy_set_header    Host                $host;
        proxy_set_header    X-Forwarded-Host    $host;
        proxy_set_header    X-Forwarded-Port    $server_port;
        proxy_set_header    Upgrade             $http_upgrade;
        proxy_set_header    Connection          "upgrade";

        proxy_http_version 1.1;

  }

[aghosh0605]

For me it worked only when I added these lines:

proxy_set_header    Upgrade             $http_upgrade;
proxy_set_header    Connection          "upgrade";
proxy_http_version 1.1;

Full location block:

  location / {
    proxy_pass http://esphome;

        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;
        proxy_set_header    Host                $host;
        proxy_set_header    X-Forwarded-Host    $host;
        proxy_set_header    X-Forwarded-Port    $server_port;
        proxy_set_header    Upgrade             $http_upgrade;
        proxy_set_header    Connection          "upgrade";

        proxy_http_version 1.1;

  }

Thanks for the help! Because of this small issue, my update was crashed as I had to stop without knowing what is actually happening in logs!