After latest update - HA iPhone app -> DuckDNS + nGinX proxy -> HA Server broken

Hi all,

Did the latest update yesterday,

(I had un executed duckdns and nginx updates), did not work this morning (what I mean here is HA app on iPhone could not talk to HA server,
I unconfigured the server details and reentered the information, I was now able to connect to HA as a local/internal connection, but when I left local Wifi and it had to enter via the duckdns url + use ssl cert via port 443, no joy, no connection, I’m now getting a code 400.

thinking it might be the unexecuted duckdns and nginex updates, I did those also, but made no difference.

It’s not my ssl cert (valid till 20 Sep).
I’ve check the IP address to which duckdns resolves and thats correct.

anyone know these bits fit together that might know of some recent changes to the stack that might be the culprit.

FYI. nginx works as a proxy, taking :8124 and host and redirect to 443 on container.
local (internal) access is on port http://:8123
Web (external) access is on https://:8124 which nGinX Proxy then push to 443.

please assist.


My duckdns settings.

  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: <TOKEN VAL>
  - <URL>
aliases: []
seconds: 300

My nGinX settings

domain: <URL>
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf

I then have under network
443/tcp mapped to 8124

in iPhone APP I have :
internal pointing to local http://:8123
external set to


also: in configuration.yaml

  external_url: "https://<URL>"
  internal_url: "http://<IP ADDRESS>:8123"

Note, I have tried to configure the nGinX Proxy to listen on host 443, forwarding to 443 on container, and associated modified my app to point to directly.
… wonder if I then have to also modify the above configuration.yaml.

question, how does HA know that it needs to listen on 443, in addition to 80 (use by internal)
or thinking, how does it know that port 80 is redirected to 8123, in light of that how will it know that 443 needs to be redirected to 8123 ?


There is a breaking change for reverse proxy. You need to add the following line in your configuration.yaml-

  use_x_forwarded_for: true
    -      # Add the IP address of the proxy server

Note: you should see an error log which contain the IP address that you need to put in the trusted_proxies.

My nGineX proxy is run as a app on my HA build, assume that would then mean my HA IP ?


assume you mean add this to configuration.yaml ?


If you are using Nginx addon, the trusted_proxies should be which is the internal docker IP range used by Home Assistant.

Yes, you add those line in configuration.yaml. Read more about it in reverse proxy.


for my own education, I did look at my nGinX app/log… did not see it, which log file you referring to.


I am using the add on… so I should add :

  use_x_forwarded_for: true

to my configuration.yaml ?

added… => working. so w saying this all due to that breaking change…

  use_x_forwarded_for: true
    -      # Add the IP address of the proxy server
    -     # You may also provide the subnet mask


THANK you.