appdaemon icon indicating copy to clipboard operation
appdaemon copied to clipboard
verified publisher icon AppDaemon

Open web UI breaks when on remote

Open Ten0 opened this issue 1 year ago • 8 comments

What happened?

Clicking "Open WEB UI" when connected remotely does not work: it tries to open http://<my-url>:5050/ but when connected remotely (DDNS and exposed HA on HTTPS), I don't necessarily have that NAT-ed. In fact, I don't want to NAT this, because there's no authentication on there so it clearly can't be opened to outside.

There is demand for this to work: https://community.home-assistant.io/t/solved-unable-to-connect-to-web-ui/134193/6

My understanding is that HomeAssistant has a feature called "Ingress" that enables exposing the web UI as an iframe within Home Assistant:

  • https://github.com/hassio-addons/addon-ssh/blob/d7c4c89b3c5f9c5948dae022041b006424e57250/ssh/config.yaml#L9-L11
  • https://www.home-assistant.io/blog/2019/04/15/hassio-ingress/

Then one should bind to the ingress port instead of to a fully exposed port, and it would:

  1. work
  2. be more secure (because it would now be authenticated by HomeAssistant instead of being exposed without authentication on the local network)

Version

4.4.2

Installation type

Home Assistant add-on (0.16.7)

(Not sure if maybe I should have opened this on https://github.com/hassio-addons/repository instead but that repository seems maybe a bit too general and it looks like a change might need to happen here as well although I'm not sure.)

Solving

(Updated after discussions below)

For ingress:

The application needs to support being served from a path, i.e. /somefolder/mypath. This can be a challenge for apps which assume everything is served from root (i.e. Javascript/asset loads etc)

Making the app work that way would then allow using the ingress feature.

Ten0 avatar Dec 11 '24 11:12 Ten0

Hi there -

This issue seems to be related to networking for the AppDaemon addon, which is not developed or supported by this team. I suggest you open an issue with the addon's author.

acockburn avatar Dec 11 '24 14:12 acockburn

Thanks, opened https://github.com/hassio-addons/repository/issues/700

Ten0 avatar Dec 11 '24 17:12 Ten0

As it turns out this is a limitation of the way the webapp is built here, so reopening.

https://github.com/hassio-addons/repository/issues/700#issuecomment-2537604482

The application needs to support being served from a path, i.e. /somefolder/mypath. This can be a challenge for apps which assume everything is served from root (i.e. Javascript/asset loads etc)

Ten0 avatar Dec 12 '24 12:12 Ten0

I was taking a look at this and the bug referenced for the add-on seems to have disappeared, is I'm not really sure what's being asked for here ...

acockburn avatar May 26 '25 22:05 acockburn

HA can proxy an addon's front-end (that should be served on a port provided via an env var chosen by HA) which would then be served as https://yourhomeassistanturl/addonproxy/addonblablabla, and benefit from HA's authentication and not require an extra external port bind or forwarding and extra security setup. The issue though is that for this to work the front should only use relative paths, since that setup adds one level to the url path, which means that all absolute paths would be broken. My understanding is that currently this isn't the case for the appdaemon front, which prevents this setup.

Ten0 avatar May 27 '25 00:05 Ten0

Gathering some docs about this here

jsl12 avatar May 27 '25 03:05 jsl12

Note: For me this isn't as much of a concern as it used to be because I ended up setting up Wireguard and reasonable firewalling. (But firewall setup was complex and this setup was driven notably by this issue.)

Ten0 avatar May 27 '25 06:05 Ten0

This issue is stale because it has been open for 6 months with no activity. Remove stale label or comment or this will be closed in 15 days.

github-actions[bot] avatar Nov 30 '25 02:11 github-actions[bot]