Looks like openDashboard in app.js uses localIp as sent by the hub, instead of the location as seen in the browser, which doesn't work when the web UI is being proxied.
Everything else works well enough behind the proxy, and I can switch to cloud instead of local to work around it, so this isn't a very big deal, but it would be nice to have that fixed.
I think changing window.location = "http://" + localIp + "/apps/api/" to window.location = window.location.origin + "/apps/api/" will fix this, but I'll take any solution that you think is appropriate.
If anyone else is using nginx to proxy the dashboard, this is the configuration I used. It works for everything I could test, including dashboards, device event sockets, and installed apps.
+100 to fixing this. I ran into the same issue when setting up hub access behind an Apache server specifically so I could access my local dashboards from outside my local network. Apache lets me enforce AuthN/AuthZ and apply HTTPS.
I'll work on putting together a full writeup and post that in Code Share in a day or two. I'm still working out a few bugs with cookie header length due to how the hubitat UI does XHRs.
I'm able to get everything but dashboards working using the second reverse proxy example for nginx above (first one won't even fully load the dashboard page).
Everything seems to be proxying correctly, but navigating to one of my dashboards spits out my hub's private IP in the request instead. To be specific, the dashboards page loads, but the dashboards themselves are what are having the problem.
I can't put screenshots in my post for some reason, but this is the request URL it sends when navigating:
You probably need to tweak the sub_filter to account for native https now. When I wrote that the hub didn't have full support for https, so "http://" + localip worked.
Now that https is more supported, it's probably easier to just replace that with
sub_filter HUBITAT_IP EXTERNAL_IP_OR_ADDRESS
(so in your case, sub_filter '10.10.10.180' 'hubitat.yourdomain.net')
As most of us don't want to expose our hub UI without auth, I do use HTTP auth in front of the hub endpoint. Here's what I use in my location block (in addition to the block you posted):
When I browse to a dashboard, every single page element wants to authenticate and it eventually gets stuck in a loop of requesting for authentication. Any ideas how I could properly auth these requests?
@soumya92's answer got me on the right track. I wanted to leave some further information here for anyone else coming here who was in the same boat I was. I set up my reverse proxies via the Application Portal on my Synology DiskStation NAS. It works pretty well for simple reverse proxies, but it does not support custom configurations, nor does the version of nginx installed by default support the sub_filter directive.
I used the instructions at GitHub - Looooopy/patch_synology_nginx to install a version of nginx built with support for sub_filter. (I changed the version in the script to 1.15.7 to match the version installed on my Synology.)
Then I moved the reverse proxy configuration out of its default location (/etc/nginx/app.d/server.ReverseProxy.conf) into a new file (/usr/local/etc/nginx/sites-enabled/nginx-reverse-proxy.conf) and added the sub_filter directive. I also needed to change the SSL certificate paths to the system default (in /usr/syno/etc/certificate/system/default), since deleting the (now-redundant) reverse proxy in Application Portal will cause it to delete the copy of the certs it had made.
Then restarting nginx with synoservicectl --restart nginx let me use SSL access to my Hubitat hub and all my dashboards.
I hope this might be useful to anyone else using a Synology NAS to reverse proxy their Hubitat UI.
Hi Soumya - I'm having what I think is a similar issue with this... any help/feedback would be appreciated.
Basically I am trying to set up a 'guest' dashboard for my house (going to use it as a short-term vacation rental) - the idea was I would create a local DNS server (pi-hole), create a custom entry for 'house.lan', or something similar, and point it at the LAN link URL for the guest dashboard I created in Hubitat. Obviously DNS only can resolve host name to IP, so won't re-direct to a specific URL. To have 'house.lan' point at the Dashboard LAN link URL specifically I stood up an nginx reverse proxy on another raspberry pi. Now the traffic is directly correctly, and hits the page correctly, but the 'loading dashboard' logo keeps spinning an it won't load. I assume this is something related to how javascript is passed through the reverse proxy.
Here is my default file for my nginx server - pretty simple:
server{
listen 80;
server_name house.lan;
location / {
proxy_pass "Local Lan Dashboard Link";
}
}
Also, I tried using your above config, and I get a slightly different behaviour - the page just loads completely white, no spinning hubitat dashboard loading logo or anything.
it is quite annoying to have to do this. There is no real solution for HAProxy (on pfSense), as it cannot rewrite in the same way as apache/nginx.. it would be nice if hubitat just supported Let's Encrypt natively
It looks like that with the upgrade to version 2.2.6.130 that this nginx setup is no longer working.
Is there some extra filtering that is now required?