nginx_proxy: add use_ssl_backend option to support cases where backend is using SSL

nginx_proxy/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 3.15.0
+
+- add use_ssl_backend option to support cases where the http section is using the ssl_certificate, ssl_key options
+
 ## 3.14.0
 
 - Listen over IPv6, since true IPv6 support for add-ons is now available

nginx_proxy/DOCS.md

@@ -13,7 +13,7 @@ Follow these steps to get the add-on installed on your system:
 The NGINX Proxy add-on is commonly used in conjunction with the [Duck DNS](https://github.com/home-assistant/addons/tree/master/duckdns) and/or the [Let's Encrypt](https://github.com/home-assistant/addons/tree/master/letsencrypt) add-on to set up secure remote access to your Home Assistant instance. The following instructions covers this scenario.
 
 1. The certificate to your registered domain should already be created via [Duck DNS](https://github.com/home-assistant/addons/tree/master/duckdns), [Let's Encrypt](https://github.com/home-assistant/addons/tree/master/letsencrypt) or another method. Make sure that the certificate files exist in the `/ssl` directory.
-2. You must add the following section to your [Home Assistant configuration.yaml](https://www.home-assistant.io/docs/configuration/). If the `http` section is using the `ssl_certificate`, `ssl_key` or `server_port` keys, make sure to remove them.
+2. You must add the following section to your [Home Assistant configuration.yaml](https://www.home-assistant.io/docs/configuration/). If the `http` section is using the `ssl_certificate` or `ssl_key` keys, enable the `use_ssl_backend` option.
 
    ```yaml
    http:
@@ -79,6 +79,10 @@ The filename(s) of the NGINX configuration for the additional servers, found in
 If enabled, configure Nginx with a list of IP addresses directly from Cloudflare that will be used for `set_real_ip_from` directive Nginx config.
 This is so the `ip_ban_enabled` feature can be used and work correctly in /config/customize.yaml.
 
+### Option `use_ssl_backend` (optional)
+
+Enable this option to configure Nginx to connect with SSL to the backend when your `http` section uses the `ssl_certificate` or `ssl_key` options.
+
 ### Option `real_ip_from` (optional)
 
 If specified, configures Nginx to use Proxy Protocol to get the Real Ip from an upstream load balancer; [for more information](https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/).

nginx_proxy/config.yaml

@@ -1,5 +1,5 @@
 ---
-version: 3.14.0
+version: 3.15.0
 hassio_api: true
 slug: nginx_proxy
 name: NGINX Home Assistant SSL proxy
@@ -22,6 +22,7 @@ options:
   certfile: fullchain.pem
   keyfile: privkey.pem
   cloudflare: false
+  use_ssl_backend: false
   customize:
     active: false
     default: nginx_proxy_default*.conf
@@ -36,6 +37,7 @@ schema:
   certfile: str
   keyfile: str
   cloudflare: bool
+  use_ssl_backend: bool
   customize:
     active: bool
     default: str

nginx_proxy/rootfs/etc/nginx/nginx.conf.gtpl

@@ -90,7 +90,11 @@ http {
         {{- end }}
 
         location / {
+            {{- if .options.use_ssl_backend }}
+            proxy_pass https://homeassistant.local.hass.io:{{ .variables.port }};
+            {{- else }}
             proxy_pass http://homeassistant.local.hass.io:{{ .variables.port }};
+            {{- end }}
             proxy_set_header Origin $http_origin;
             proxy_set_header X-Forwarded-Proto $scheme;
             proxy_set_header Host $http_host;

nginx_proxy/translations/en.yaml

@@ -20,6 +20,10 @@ configuration:
       If enabled, configure Nginx with a list of IP addresses directly from
       Cloudflare that will be used for `set_real_ip_from` directive Nginx
       config.
+  use_ssl_backend:
+    name: Use SSL Backend
+    description: >-
+      If enabled, configure Nginx to use SSL to connect to backend.
   customize:
     name: Customize
     description: >-