After latest update - HA iPhone app -> DuckDNS + nGinX proxy -> HA Server broken

Mobile Apps Home Assistant Companion for Apple
1

Hi all,

Did the latest update yesterday,

(I had un executed duckdns and nginx updates), did not work this morning (what I mean here is HA app on iPhone could not talk to HA server,
I unconfigured the server details and reentered the information, I was now able to connect to HA as a local/internal connection, but when I left local Wifi and it had to enter via the duckdns url + use ssl cert via port 443, no joy, no connection, I’m now getting a code 400.

thinking it might be the unexecuted duckdns and nginex updates, I did those also, but made no difference.

It’s not my ssl cert (valid till 20 Sep).
I’ve check the IP address to which duckdns resolves and thats correct.

anyone know these bits fit together that might know of some recent changes to the stack that might be the culprit.

FYI. nginx works as a proxy, taking :8124 and host and redirect to 443 on container.
local (internal) access is on port http://:8123
Web (external) access is on https://:8124 which nGinX Proxy then push to 443.

please assist.

G

2

Additional
My duckdns settings.

lets_encrypt:
  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: <TOKEN VAL>
domains:
  - <URL>.duckdns.org
aliases: []
seconds: 300

My nGinX settings

domain: <URL>.duckdns.org
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
customize:
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf

I then have under network
443/tcp mapped to 8124

in iPhone APP I have :
internal pointing to local http://:8123
and
external set to https://.duckdns.org:8124

G

3

also: in configuration.yaml

homeassistant:
  external_url: "https://<URL>.duckdns.org:8124"
  internal_url: "http://<IP ADDRESS>:8123"

Note, I have tried to configure the nGinX Proxy to listen on host 443, forwarding to 443 on container, and associated modified my app to point to https://.duckdns.org directly.
… wonder if I then have to also modify the above configuration.yaml.

question, how does HA know that it needs to listen on 443, in addition to 80 (use by internal)
or thinking, how does it know that port 80 is redirected to 8123, in light of that how will it know that 443 needs to be redirected to 8123 ?

G

4

There is a breaking change for reverse proxy. You need to add the following line in your configuration.yaml-

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.0.0.200      # Add the IP address of the proxy server

Note: you should see an error log which contain the IP address that you need to put in the trusted_proxies.

5

My nGineX proxy is run as a app on my HA build, assume that would then mean my HA IP ?

G

6

assume you mean add this to configuration.yaml ?

G

7

If you are using Nginx addon, the trusted_proxies should be 172.30.33.0/24 which is the internal docker IP range used by Home Assistant.

Yes, you add those line in configuration.yaml. Read more about it in reverse proxy.

2 Likes
8

for my own education, I did look at my nGinX app/log… did not see it, which log file you referring to.

G

9

I am using the add on… so I should add :

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24

to my configuration.yaml ?

10

added… => working. so w saying this all due to that breaking change…

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.0.xxx      # Add the IP address of the proxy server
    - 172.30.33.0/24     # You may also provide the subnet mask
11

Ardy,

THANK you.

G