@hcooper I wonder if you could share the relevant bit of your config here. I’m trying to do the exact thing with a proxy and Authelia, however can’t seem to get trusted networks to work. I have this config, but still get prompted to log in:
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.22.0.0/24
ip_ban_enabled: true
login_attempts_threshold: 5
# assuming you have only one non-system user
homeassistant:
auth_providers:
- type: trusted_networks
trusted_networks:
- 0.0.0.0/0
- 127.0.0.1
- ::1
allow_bypass_login: true
- type: homeassistant
I’ve some minor differences, but don’t see anything obviously wrong with your config.
Just to check:
the trusted_proxy IP address should be that of the proxy server (not authelia, if that’s running elsewhere).
the proxy does my https, so HA is only listening on 80.
Try adding ::/0 in case the services are talking over their local v6 addresses.
I have the ip_ban disabled because I deffer all that logic to authelia/proxy.
http:
server_port: 80
ip_ban_enabled: false
# login_attempts_threshold: 4
use_x_forwarded_for: true
trusted_proxies:
- 10.254.254.251 # traefik
homeassistant:
auth_providers:
- type: trusted_networks
trusted_networks:
# open so allow_bypass_login can be enabled.
# authelia adds x-forwarded for, so the real
# ip of the client is checked by HA.
- 0.0.0.0/0
- ::/0
allow_bypass_login: true
- type: homeassistant
Just checked from a fresh incognito session, and once authed with authelia I don’t get any HA login prompt. Any clues in your logs?