SHS on reverse proxy

Questions & Help
1

Hi there,

There is something we don’t understand. We have Caddy correctly configured, including the necessary port forwarding rules on the modem/router, capable of routing requests for http:// mydomain. example. com to services within our LAN. If we configure something very simple, like:

mydomain.example.com {
reverse_proxy HOMEY_LAN_IP:4859
}

we can reach Homey remotely at https:// mydomain. example. com.
Instead, if we try to use a configuration with a specific high port:

mydomain.example.com:9000 {
reverse_proxy HOMEY_LAN_IP:4859
}

the address https:// mydomain. example. com:9000 does not respond.

According to this article: https://support.homey.app/hc/en-us/articles/24060221985436-Setting-up-a-Custom-Domain-for-Homey-Self-Hosted-Server it seems that Homey SHS can only respond on port 443.

Is that correct?

2

The SHS port is 4859, not 4869.

3

just a typo, now corrected.

4

Is port 9000 being forwarded correctly? Can you access port 9000 on the server running Caddy from your internal network?

5

of course, once you configure :9000 @caddy, 9000 is listening.

6

That leaves my first question: is port 9000 being forwarded correctly?

7

yes

8

So what happens exactly when you try to access the server?

9

This site can’t be reached
mydomain. example. com refused to connect.

ERR_CONNECTION_REFUSED

10

Sounds like a configuration issue in your router then.

11

no way, it’s not a router side problem. same config perfectly works with home assistant.

12

But you said that port 9000 is accessible from inside your network, just not outside. And the only thing in between the outside and the inside is your router.

13

port forwarding of port 9000 is ok, let’s forget it.

can you answer the question I asked in my first post?

14

No.

15

so, why: “In your reverse proxy, point to http://<ip-of-homey>:4859. Please refer to your reverse proxy’s manual on how to configure this.

Make sure that the reverse proxy issues a certificate, that it listens on port 443 (HTTPS), and that WebSocket support is enabled.”

16

You asked “it seems that Homey SHS can only respond on port 443”, and I answered: that’s not correct. Homey SHS only responds to ports 4859 (HTTP) and 4860 (HTTPS).

You’re now asking about the reverse proxy listening on port 443, which is something else.

That’s why I asked if port 9000 worked in your local network, because if it does, it’s not an issue with the reverse proxy setup.

ERR_CONNECTION_REFUSED is a sign that either your router or your reverse proxy aren’t set up correctly. Even if, for some reason, Homey SHS depends on being accessed through a reverse proxy on port 443, you should not get that specific error if port forwarding and reverse proxy are set up properly.

17

Solved. The problem was about caddy’s docker container, port 9000 wasn’t added in the list.

Thanks

18

I’m also using the reverse proxy configuration.

The Homey app will check this setting and use the own domain directly instead of cloud access.

But as written it’s using port 443. So you have to use port 443 for accessing your router from the www. If you are already using this port for something else, use a subdomain like shs.mydomain.com in your provider/domain settings and forward this subdomain to your router.

Then add port forwarding for port 443 to your reverse proxy.

In reverse proxy, forward the specific subdomain to your SHS.

I’m using Nginx reverse proxy this way.

19

Wrong, as a matter of fact you can use the port you desire, when using a reverse proxy.

20

Screenshot_20260120_130315_Firefox
Screenshot_20260120_130315_Firefox1080×1388 190 KB