Good morning all,
After exhausting every option I can think of I’m hoping that someone on these forums will have more knowledge than I and will be able to point me in the right direction.
A little while ago (not quite sure when - I’ve been away with work) I ceased to be able to access HA from external to my network, which has been working without issue since install multiple versions ago (somewhere in the 70s or early 80s). I get the login page, login with the appropriate credentials and then get the “Unable to connect to Home Assistant. Retry” page.
I can still login with no issues by using the local IP address of the HA server.
All my searching pointed to a defect with the Nginx reserve proxy. I’ve tried everything that I can see in those threads with no success. However the relevant section of my Nginx configuration file is:
server {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
#####OTHER SITES HERE####
listen 443 ssl;
server_name [externaladdress];
ssl on;
ssl_certificate [internal path] # managed by Certbot
ssl_certificate_key [internal path] # managed by Certbot
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
proxy_buffering off;
access_log /var/log/nginx/ha_access.log;
error_log /var/log/nginx/ha_error.log;
location / {
proxy_pass http://[myinternalip];
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
location /api/websocket {
proxy_pass http://[myinternalip]/api/websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
However, in the last 48 hours I tried to access HA from a different device and had to put in my one-time code using google authenticator. It failed.
I deleted the requirement from the command line so I could log in, then tried to re-enable it, to which I got the responce “invalid code” during the setup process.
I thought there might be a time based issue (cryptographic seed) so I checked the time on the server and the docker container and they both match the realworld time. Leaving that as a dead end.
So I’m out of ideas and hoping someone else might be able to suggest something else I can try.
The details you will probably need:
- Installation method: Docker
- Current Version: 109.6
Docker compose:
version: "2.1"
services:
homeassistant:
container_name: homeassistant
image: homeassistant/raspberrypi3-homeassistant:stable
network_mode: "host"
ports:
- 8123:8123
volumes:
- /home/homeassistant/.homeassistant:/config
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
restart: unless-stopped #on-failure
depends_on:
mosquitto:
condition: service_started
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:8123"]
interval: 30s
timeout: 10s
retries: 6
Relevant bits of the HA Configuration file:
homeassistant:
# Name of the location where Home Assistant is running
#name: Home
# Location required to calculate the time the sun rises and sets
#latitude: !secret lat
#longitude: !secret long
# Impacts weather/sunrise data (altitude above sea level in meters)
#elevation: 85
# metric for Metric, imperial for Imperial
#unit_system: metric
# Pick yours from here: http://en.wikipedia.org/wiki/List_of_tz_database_time_zones
# time_zone: Australia/Sydney
# Customization file
customize: !include customize.yaml
auth_providers:
- type: homeassistant
http:
# api_password: !secret http_password
# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
base_url: https://[correct external address]
# use_x_forwarded_for: true
# trusted_proxies:
Thankyou everyone, I really appreciate the assistance.