Quick post: a little problem I ran into and fixed thanks to Frenck over at the HA discord.
My Home Assistant server stack consists of the following components:
Hass.io installed for Intel NUC via Docker
UFW to limit what ports can be accessed. I allow all ports on my local network to be accessed trough UFW
Remote access to HA trough a proxy rule in Caddy.
Ingress is a cool new Home Assistant feature for Hass.io based installs, which allows you to easily use UI from addons. Previously you had to manually forward those ports to your remote domain or set up a new subdomain and link it to the addon port if you wanted to access it.
What ingress does simplifies addon usage and integration even further. I was excited!
Until... I updated the SSH & Web Terminal addon and check out ingress. It did not work, I was redirected correctly but then greeted with a 502 Bad Gateway
error. I've had this shit before and instinctivly I temporarily disable ufw to see if the firewall is the issue.
Unfortunately, it was. But leaving my firewall disabled was no option either. I could not manage to find which port ingress was using so I could forward it. Ports 80 and 443 were already correctly forwared for Caddy, and allowing 8123 did not do the trick.
Maybe UFW could tell me what requests it blocked? This is when I first learned about the logs of ufw at /var/log/ufw.log
which showed the following entry:
logApr 16 17:20:49 berghain kernel: [5111970.605282] [UFW BLOCK] IN=hassio OUT= PHYSIN=... MAC=... SRC=... DST=... LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51167 DF PROTO=TCP SPT=35212 DPT=64662 WINDOW=29200 RES=0x00 SYN URGP=0
After a bit of searching on the web I found out the DPT directive (destination port) pointed towards the port trying to be accessed. The easy fix to enable ingress was:
shell$ ufw allow 64662$ ufw reload
And voila! Ingress works. Some background about port 64662: it is the port used internally by the Hass.io/Home Assistant network to communicate with different components/APIs. See the screenshot below for more info: