CF Tunnel was working perfectly for a long time, but suddenly ran into an issue where it simply broke after years of it working properly. In the CF Tunnel logs I was getting Error 400, and in HA logs saw this:
Logger: homeassistant.components.http.forwarded
Source: components/http/forwarded.py:125
Integration: HTTP (documentation, issues)
First occurred: March 1, 2024 at 3:41:29 PM (1182 occurrences)
Last logged: 9:21:34 AM
Received X-Forwarded-For header from an untrusted proxy 192.168.1.1
I included 192.168.1.1/32 as a trusted proxy, and still getting an the login error unable to connect to home assistant.
When I use a different browser - Firefox and Edge, I am able to get the login prompt, but after entering 2FA, it fails. The CF Tunnel logs shows the 400 bad request and get a failed login attempt logged in HA.
Just letting you know, I had the same issues you were having (exactly the same with the error and different browser and CL tunnels). After trying all sorts of IP addresses including 0.0.0.0/0 under the trusted proxy, I finally got it to work by actually restarting home assistant, not just reloading the YAML file. I got it to work with just 192.168.1.1 and ::1 under the trusted_proxies and a full restart of HA (probably dont need ::1 but I left it anyways). I know it said to restart HA in the docs but for some reason I though just reloading the yaml files would be enough…clearly not. All working now.
Was trying to access via my tunnel today and I get 400, bad request. Not sure why, other stuff in my tunnel works fine, only HA gives 400. This is the configuration.yaml setting that has worked before:
@KLU Any chance this coincided with Cloudflare 5.1.15 update as well? I have pretty much done the same as you, but once I update to the latest Cloudflare Add on in HA, I then get the Bad Request, roll it back to 5.1.3, and the issue goes away. For us simpletons, what’s the purpose of the “/32” at the end and how did you know it was 32?
EDIT: I did your proposal, updated to 5.1.15 and it works. However if I refresh my window, I get the Home Assistant symbol and this message
" Unable to connect to Home Assistant.
Retrying in 56 seconds…
RETRY NOW"
If I click “Retry now”, it works, if I refresh the page again, I get the same issues. Never had this before, any ideas why this is suddenly starting to happen?
Hello, I pasted the command but it still gives me the same 400 error, this is how my configuration file is
Loads default set of integrations. Do not remove.
default_config:
Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24 (what IP do I put here and how do I get it)
- 192.168.1.101/32 (what IP do I put here and how do I get it)
I thanked you very much
Hi guys after weeks of f***ing around. In your Nginx proxy server add the following to clear the X-Forwarded-For information passed on by Cloudflare:
proxy_set_header X-Forwarded-For “”;
You should restart Cloudflared add-on and then search in the Cloudflared log for the following line:
INF ICMP proxy will use 172.30.33.2 as source for IPv4
Cheers!