Can't access Dockerized HA webserver through VPN, but can access all other containers

I’m running containerized HA via docker-compose running on a raspberry pi 4 8gb

My HA instance is on at http://192.168.0.5:8123/, i can access that from the local net, but not the VPN
My Node-Red instance is accessible at http://192.168.0.5:1880 from the local net and the VPN
My Hass-configurator instance is available at http://192.168.0.5:3218, I can also access this from both the local net and vpn

I noticed that it seemed like the webpage was loading forever so I curled it, and that was successful as well. Let me know if any of you would like to see curl output

I only have one error in my error log, but I’ve been getting that error since I installed HA and long before I attempted connecting via VPN:

Logger: aiohttp.server
Source: /usr/local/lib/python3.12/site-packages/aiohttp/web_protocol.py:421
First occurred: 4:22:38 AM (92 occurrences)
Last logged: 4:30:14 AM 
Error handling request
Traceback (most recent call last):
  File "/usr/local/lib/python3.12/site-packages/aiohttp/web_protocol.py", line 350, in data_received
    messages, upgraded, tail = self._request_parser.feed_data(data)
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "aiohttp/_http_parser.pyx", line 557, in aiohttp._http_parser.HttpParser.feed_data
aiohttp.http_exceptions.BadStatusLine: 400, message:
  Invalid method encountered:

    b'\x16\x03\x01\x01T\x01'

Since I can navigate to the node-red and hass-configurator pages, I have to assume the issue lies directly with Home Assistant. I haven’t edited my configuration.yaml in any way to support using the VPN (i.e. allowing connection from the vpn’s lan), am I missing something?

Edit: Additional Note

I realized that the issue is with the replied from the HA webserver because of this:

I connected my phone to wi-fi and disabled the vpn, then logged into HA. On my dashboard there is a button card that controls a light in my room.

I disabled wifi and connected the vpn

I pressed the button to toggle the light, and the light toggles! The state of the button as shown by the page doesn’t change though. If i refresh the page, it times out.

How can I troubleshoot the reason why the HA webserver isn’t responding to IP’s on the VPN lan?

Depending on your VPN setup you might have to set up trusted proxies too.

Added the following lines to my configuration.yaml (with 10.8.0.0/24 being my VPN subnet):

http:
    trusted_proxies:
        - 10.8.0.0/24
    use_x_forwarded_for: true

Issue is the exact same

Another note:

I am able to create/get the state from a binary http sensor from via curl on termux over the vpn. I used the following commands:

Create sensor:

curl -X POST -H "Authorization: Bearer LONG_LIVED_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"state": "off", "attributes": {"friendly_name": "Radio"}}' \
    http://192.168.0.5:8123/api/states/binary_sensor.test

Get sensor state:

 curl -X GET -H "Authorization: Bearer LONG_LIVED_ACCESS_TOKEN" \
       -H "Content-Type: application/json" \
       http:/192.168.0.5:8123/api/states/binary_sensor.test

The sensor is being created and I the GET request for the sensor state is responded to properly over the vpn, but I still can’t navigate in the app or on a web browser. What gives?

Some additional testing:

I’ve confirmed I can access the API over both the local net and vpn via the following jquery in Kiwi Browser dev console, with a successful replying showing sensor state:

fetch('http://192.168.0.5:8123/api/states/binary_sensor.test', {
  method: 'GET',
  headers: {
    'Content-type': 'application/json',
    'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkODMwMWVlYjBiYjg0MjkxOTQwNTlhZjFiZjliNTMxOSIsImlhdCI6MTcxNjAwNDc3MCwiZXhwIjoyMDMxMzY0NzcwfQ.vIkphM_9lrVPYaz8QjLqVelGvmF7OHo7-5y4HM9Xkbg',
    'Origin': '10.8.0.6'
  }
})
.then(res => res.json())
.then(console.log)

On the same browser (kiwi-browser), I am unable to navigate to the root home assistant webpage (http://192.168.0.5:8123/) over the VPN, it times out after loading forever. Looking at the dev console, I can see that only the initial page load request is sent, and nothing is sent back.

Why can I access the api everywhere, but the root webpage only on the local net?