So, I added the use_x_forwarded_for and trusted_proxies to my config a while back (as per this) to my main HASS (core docker image), while I just added it to my “testing” (HassOS VM) once I upgraded, and couldn’t access he external URL.
But after updating the docker image to 2021.7.1, I can only access via my external URL. If I try navigating to the local IP, I get a 403: forbidden (from my mobile, tested on Android app, Opera and Firefox for Android). As soon as I switch to mobile data, the phone app connects (via external URL).
I have tried clearing cache of the mobile browser (not sure how to do that in mobile app, when it just shows the 403: forbidden). Weirdly, from the same home network, I can connect to the local IP (10.0.30.21:8123) from my laptop. No cache clearing or anything necessary…
From my configuration.yaml:
http:
ip_ban_enabled: true
login_attempts_threshold: 3
use_x_forwarded_for: true
trusted_proxies:
- 172.11.0.2 # NGINX/Let's encrypt docker container
- ::1 # Loopback. This is the machine running Home Assistant (IPV6 addrress)
- 172.11.0.1 # loopback
- 10.0.30.21
For comparison, from config of the HassOS VM:
http:
use_x_forwarded_for: true
trusted_proxies:
- 10.0.30.21
ip_ban_enabled: true
login_attempts_threshold: 5
I have tried removing everything but 10.0.30.21 (the machine running both the docker Hass and the HassOS, as well as the nginx) from the docker config. And both HA instances have identical nginx configs.
Is there something I missed? Or is this just another nudge to finally move everything to the VM and scrap the docker container?