Apache2 HTTP redirection to HomeAssistant

rushabh55 · January 27, 2024, 9:41pm

Hey all I have a Homeassistant instance deployed using Hyper V VM (192.168.1.203). I have another webserver which is also a Hyper V VM running Apache2 (192.168.1.4)

This is my HA configuration.yaml on 192.168.1.203

http:
  server_port: 80
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.4
    - 127.0.0.1
    - ::1

And this is my Apache2 virtual host on 192.168.1.4

<VirtualHost *:80>
  ServerName home.example.org
  ProxyPreserveHost On
  ProxyRequests off
  ProxyPass /api/websocket ws://192.168.1.203/api/websocket
  ProxyPassReverse /api/websocket ws://192.168.1.203/api/websocket
  ProxyPass / http://192.168.1.203/
  ProxyPassReverse / http://192.168.1.203/
  ProxyPass /api/websocket ws://192.168.1.203/api/websocket disablereuse=on
  ProxyPass / http://192.168.1.203/ disablereuse=on

  ServerSignature Off
</VirtualHost>

When using the above combination I am unable to use HA on my URL http://home.example.org

I get 400: Bad Request on my browser and HA logs indicate the following

Logger: homeassistant.components.http.forwarded
Source: components/http/forwarded.py:114
Integration: HTTP (documentation, issues)
First occurred: 1:27:44 PM (1 occurrences)
Last logged: 1:27:44 PM

A request from a reverse proxy was received from 192.168.1.4, but your HTTP integration is not set-up for reverse proxies

Can anyone help me debug why things aren;t working?

I don’t intend to use SSL, and my webserver is using apache2 and I would like to stick to that over nginx or lighthttpd

Followed process here

But wasn’t able to get things to work

I’m also running pi-hole and if I setup home.example. org as a local DNS record there, things work.

Note: I am using example. org to mask my real domain. I am not actually using example .org anywhere!

boheme61 · January 27, 2024, 9:51pm

:8123 use to be the port for HA

When you just type an ip or web address ( in a browser ), it’s … wel i guess i dont have to tell you, as you have a webserver your self

default ports for http / https are well know

rushabh55 · January 27, 2024, 9:59pm

Yes! I understand, that’s why I specified server_port: 80 in my configuration.yaml
So from my understanding it should work with just ip address right out of box since HTTP port is 80. I don’t care much about 443/https

boheme61 · January 27, 2024, 10:10pm

So are the trusted proxy for HA 192.168.1.Y which is your WebServer
And your WebServer’s proxy is 192.168.1.X ( the IP of your HA )

Or is this just to confuse , that your hiding all your internal IP’s ( Which i assume noone can access, regardless if they knew )

odwide · January 27, 2024, 11:43pm

Posting the config with your internal IPs will make it clearer for us. As boheme61 said, they are inaccessible publicly.

rushabh55 · January 28, 2024, 1:37am

I updated with correct IPs. Let me know if there is any misconfiguration

odwide · January 28, 2024, 1:57am

Sorry, I hadn’t read you post well enough. From HA complaining about the reverse proxy in the log it seems clear that the issue is you not whitelisting the Apache IP in the HA config. Check the HTTP Integration notes on this.

boheme61 · January 28, 2024, 2:24am

Regardsless, if you open incoming port 80, for both your Webserver and HA, you are asking for problems … you will soon find that 10-100.000 snooping, crawling and poking

odwide · January 28, 2024, 2:35am

The warning about opening up port 80 over HTTP is very valid. You’ll have all bots and their mothers infecting you before soon.