So, I’ve set up a new installation as a docker container using DDClient & Traefik. I’m currently using the exact same configuration as one that works just fine on my other server. For some reason, I can only access Home Assistant from outside the local network unless I connect via. IP address & port.
I can reach the login, but when the correct credentials are entered it says Unable to connect to Home Assistant with the following errors in the logs. The IP address specified is the local networks gateway IP address. Even trying IP ban disabled in the configuration, it still won’t work.
[homeassistant.components.http.ban] Login attempt or request with invalid authentication from _gateway (172.16.1.254). Requested URL: ‘/auth/token’.
Here is my configuration.
docker-compose.yml
version: '3'
services:
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
volumes:
- ./homeassistant/config:/config
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
privileged: true
network_mode: host
labels:
- "traefik.enable=true"
- "traefik.http.routers.homeassistant.rule=Host(`DOMAIN.com`)"
- "traefik.http.routers.homeassistant.tls=true"
- "traefik.http.routers.homeassistant.tls.certresolver=letsencrypt"
- "traefik.http.routers.homeassistant.tls.domains[0].main=DOMAIN.com"
- "traefik.http.services.homeassistant.loadbalancer.server.port=8123"
- "traefik.http.routers.homeassistant.middlewares=secureHeaders"
ddclient:
container_name: ddclient
image: lscr.io/linuxserver/ddclient:latest
environment:
- PUID=1000
- GUID=1000
- TZ=American/Regina
volumes:
- ./ddclient/config:/config
networks:
default:
ipv4_address: 10.5.0.12
restart: unless-stopped
traefik:
container_name: traefik
image: traefik:v2.8
command:
- "--api.dashboard=true"
- "--api.insecure=true"
- "--providers.docker"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entryPoint.permanent=true"
- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
- "[email protected]"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
networks:
default:
ipv4_address: 10.5.0.10
ports:
- 80:80
- 443:443
- 8080:8080
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.secureHeaders.headers.sslredirect=true"
- "traefik.http.middlewares.secureHeaders.headers.framedeny=true"
- "traefik.http.middlewares.secureHeaders.headers.stsincludesubdomains=false"
- "traefik.http.middlewares.secureHeaders.headers.stspreload=true"
- "traefik.http.middlewares.secureHeaders.headers.stsseconds=63072000"
- "traefik.http.middlewares.secureHeaders.headers.contenttypenosniff=true"
- "traefik.http.middlewares.secureHeaders.headers.accesscontrolallowmethods=GET,POST"
- "traefik.http.middlewares.secureHeaders.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.secureHeaders.headers.addvaryheader=true"
- "traefik.http.middlewares.secureHeaders.headers.referrerpolicy=no-referrer"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik/letsencrypt:/letsencrypt"
extra_hosts:
- host.docker.internal:172.17.0.1
networks:
default:
name: default_network
ipam:
config:
- subnet: 10.5.0.0/16
gateway: 10.5.0.1
configuration.yaml
# Allow Traefik reverse proxy.
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.16.1.0/24 # IP address range of local network.
- 10.5.0.10 # IP address of the Traefik proxy server.
# Import themes directory.
frontend:
themes: !include_dir_merge_named themes
# Loads default set of integrations. Do not remove.
default_config:
# Text to speech
tts:
- platform: google_translate
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml