There have been recent changes to the HTTP component which is causing my (typical?) Cloudflare configuration to break.
I didn’t see another thread dealing with this issue, so here’s the problem/solution:
The recommended Cloudflare configuration uses ‘Proxied’ requests to your HA instance.
This is treated as a ‘reverse proxy’ by HA which (currently) blocks these requests, so you get a 400 Bad Request error.
Switching to DNS-only is an option, but this breaks the 10Y SSL certificate Cloudflare issues that several guides suggest as an alternative to LetsEncrypt etc.
You need to follow the guide for HTTP Reverse Proxies and add all the IP Ranges Cloudflare may use - you can copy and paste these in including the /XY subnet.
This should resolve the issue (until Cloudflare adds/deletes ranges).
Thanks for the idea but the ip range whitelist doesn’t work, my setup is docker containers for every service and Cloudflare teams (through Cloudflare tunnel), every service works except HomeAssistant
Same for me with the Cloudflare proxies added in HA config still bad request 400. Did anyone solve this?
EDIT: solution for me was adding the ip-address to the proxies in HA from mine local Proxmox container where I installed the Cloudflare tunnel. You can find the address of the bad request in your HA log.
Thank you for sharing your solution. It worked for me as well. I am using a cloudflared container with Unraid. I looked into the log of the home assistant container and added the IP of the bad request. After restarting HA I was able to access it through the Cloudflare tunnel.
Hello…I came across this post and your answer because I just set up cloudflare tunnel and my Home Assistance is the only docker container I cant set up. I get a 400 Bad Request error when i set the tunnel as http. when i set it up as https i get 502 Bad Gateway error.
I read your solution but I am not sure how to implement it…I am new to self hosting so I am still learning what everything means and where to do. Would you mind directing me how and where to go and fix my problem? Thank you!
Go to your HA logs there you can find the error and the ip address. Next edit your configuration.yaml and add that ip address to the http: section under trusted_proxies
I also had problems with the integration. From just working it went to just not working.
After some time of struggling I decided to reinstall the integration, also in CF delete any settings an redo according to the manual. And it magically worked again.
In my scenario I had both a IPv4 and IPv6 address in my logs… I added both to the trusted proxies section of my configuration.yml and restarted. I was good to go after that!
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.2.16 # Add the IP address of the proxy server
# - 172.30.33.0/24 # You may also provide the subnet mask
and face
Logger: homeassistant.components.websocket_api.http.connection
Source: components/websocket_api/commands.py:230
Integration: Home Assistant WebSocket API (documentation, issues)
First occurred: 7:02:17 PM (1 occurrences)
Last logged: 7:02:17 PM
[140383316075968] Cannot quick reload all YAML configurations because the configuration is not valid: Integration error: trusted_proxies - Integration 'trusted_proxies' not found. Integration error: use_x_forwarded_for - Integration 'use_x_forwarded_for' not found.
Traceback (most recent call last):
File "/usr/src/homeassistant/homeassistant/components/websocket_api/commands.py", line 230, in handle_call_service
await hass.services.async_call(
File "/usr/src/homeassistant/homeassistant/core.py", line 2035, in async_call
response_data = await coro
^^^^^^^^^^
File "/usr/src/homeassistant/homeassistant/core.py", line 2072, in _execute_service
return await target(service_call)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/src/homeassistant/homeassistant/helpers/service.py", line 986, in admin_handler
await result
File "/usr/src/homeassistant/homeassistant/components/homeassistant/__init__.py", line 342, in async_handle_reload_all
raise HomeAssistantError(
homeassistant.exceptions.HomeAssistantError: Cannot quick reload all YAML configurations because the configuration is not valid: Integration error: trusted_proxies - Integration 'trusted_proxies' not found.
Integration error: use_x_forwarded_for - Integration 'use_x_forwarded_for' not found.
Thank you very much to everyone, with the help of this discussion I came to a solution, although I do not know if my solution is legal in terms of information security.