Hello,
Trying to take care of the warning properly before the next release breaks everything but it just seems to break access via browser and mobile app.
My DNS is hosted through Cloudflare and setup as proxied. It hits my OPNSense router that is running HAProxy for various services. Home assistant is running in HA OS on R Pi 4.
Warning is:
A request from a reverse proxy was received from 192.168.11.1, but your HTTP integration is not set-up for reverse proxies; This request will be blocked in Home Assistant 2021.7 unless you configure your HTTP integration to allow this header
I read through Reverse proxy error but it seems to be more related to NGINX.
I tried adding the relevant http section to my config:
# For reverse proxy
http:
use_x_forwarded_for: true
trusted_proxies:
# Gateway
- 192.168.11.1
# Public IP
- <public IP>
# Cloudflare IPs
- 173.245.48.0/20
- 103.21.244.0/22
- 103.22.200.0/22
- 103.31.4.0/22
- 141.101.64.0/18
- 108.162.192.0/18
- 190.93.240.0/20
- 188.114.96.0/20
- 197.234.240.0/22
- 198.41.128.0/17
- 162.158.0.0/15
- 172.64.0.0/13
- 131.0.72.0/22
- 104.16.0.0/13
- 104.24.0.0/14
Which resulted in:
2021-06-15 20:43:59 ERROR (MainThread) [homeassistant.components.http.forwarded] Too many headers for X-Forwarded-For: [‘public IP’, ‘random Cloudflare ip’]
2021-06-15 20:44:10 ERROR (MainThread) [homeassistant.components.http.forwarded] Too many headers for X-Forwarded-For: [‘public IP’, ‘random Cloudflare ip’]
I tried the comment by Frenck in Too many headers http 400 Error while using revers proxies · Issue #40421 · home-assistant/core · GitHub that suggested to use http-request replace-value x-forwarded-for ^ "%[hdr(x-forwarded-for)], %[src]"
. Also tried http-request replace-header x-forwarded-for ^ "%[req.fhdr(x-forwarded-for)], %[src]"
to haproxy backend config as suggested on a haproxy github post. Neither worked.
# Backend: HomeAssistant_Pool ()
backend HomeAssistant_Pool
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 10m
# WARNING: pass through options below this line
http-request replace-header x-forwarded-for ^ "%[req.fhdr(x-forwarded-for)], %[src]"
http-reuse safe
server HomeAssistant 192.168.11.6:8123
When I try to access home assistant with the above config I get 400: Bad Request
in the browser and an entry in the logs (viewing via ssh).
2021-06-15 20:54:15 ERROR (MainThread) [homeassistant.components.http.forwarded] Too many headers for X-Forwarded-For: [‘public IP’,‘random Cloudflare ip’, ‘random Cloudflare ip’]
Hoping another set of eyes can help me get through this. It was working fine before making these required changes.
edit: to fix formatting