Docker and zwave weirdness

This is a couple of questions in one post. About 18 months ago I purchased a NUC to run HA. I installed Ubuntu and installed HA directly on to that. It has been running well. However, I recently noticed that I was using a massive 3% of the processor so inspired by the many posts on here I decided to go the Docker route. I wiped the machine, installed Ubuntu 18.04 and installed Docker and docker-compose.

I started a home-assistant container from the command line and let it generate the default files. I stopped the container and copied my backup in to the config directory. HA wouldn’t complete the start up. Spent way too long yesterday trying to figure out why so today I decided to start from scratch. I recreated the container and started adding things in to the config one by one. It started well but then I added in the nest configuration. My config is as straightforward as

nest:
    client_id: !secret nest_client_id
    client_secret: !secret nest_client_secret

But restarting HA just causes it to freeze. Remove this directive, it starts up fine.

Added a few more things (Hue lights, mqtt and so on which were all fine) and decided to start on my zwave stuff.

I decided to do a hard reset of my Aeotec ZW090 Z-Stick Gen5, connect it up, add the zwave: directive with the USB port and restart. This worked because I can see the controller in HA. So I proceeded to add a Multisensor device. Reset it, added it and it appeared in HA. Went to the Customization section and renamed everything to do with this new node to Hallway. Every time I clicked Save I got

It seems that your configuration.yaml doesn’t properly include customize.yaml Changes made here won’t affect your configuration.

Which isn’t correct. On Googling this error message you find a couple of people who have reported it but the tickets have closed automatically because there’s been no response to them. And it does seem to save the changes so I assume this isn’t a relevant problem.

I also remembered to do the the Command Options > Binary Sensor Report thing.

This seemed to go well so I added another couple of nodes (Bathroom and Kitchen). At this point I realised I was being a bit over confident because they’re not working properly - and I can’t figure out why. First, they seem to be reporting their values as a string so I get graphs like this

Secondly, I’m in the UK. I don’t have the heating on and it’s currently (2245 BST) 9°C outside so there’s no way it’s 24°C in my hallway. It’s also currently 28°C in my kitchen which could be possible if someone was cooking but no-one is cooking at this time of night.

I’m using nginx with letsencrypt certificates to forward traffic from https://house.domain.com/ to my HA box. When I was running HA direct on the box this worked fine so all I did - or all I thought I needed to do - was change the IP address in my hass-proxy.conf file. Now whenever I log in to HA there’s a panel saying

Login attempt or request with invalid authentication from 192.168.105.22

I never used to get this with the old setup. I assume it has something to do with where HA thinks the connection is coming from? HTTP connection looks like this:

http:
  api_password: !secret httppass
  base_url: !secret base_url
  use_x_forwarded_for: True
  trusted_proxies:
    - 192.168.105.22
  trusted_networks:
    - 192.168.0.0/24
    - 127.0.0.1
    - 192.168.101.0/24
    - 192.168.102.0/24
    - 192.168.103.0/24
    - 192.168.104.0/24
    - 192.168.105.0/24

I don’t think this is breaking anything per se but as part of testing the motion sensors I was trying to walk around with my iPhone and the HA App - but now it doesn’t load, it just shows “Loading data…”. Again, I can’t figure out why. Neither the client or the server produces an error.

So - did anyone else come across network problems and zwave problems with Docker? I’m pretty sure that the zwave problems aren’t going to be Docker related but I can’t rule it out completely because I never had these problems when HA had direct access to the controller. Also, are there any other tweaks I have to make to HA or nginx to get the proxy to work with HA in a container?

Very grateful for any suggestions

Steve

Trying to hit the points of interest. Your post is quite long :).

Just making sure but is this hass.io docker or HA docker from docker hub?

When you setup the container as “new” with no configuration at all, did you try to add the nest config and restart? I helped someone in the past with this exact issue but they were on hass.io. I don’t know what the fix was as he just fell offline. I have nest integrated and do not see this issue happening. Same standard config.

As far as the zwave customization, why are you using customize.yaml? You can just rename it in the UI (entity_registry is gone which I used faithfully). Also, post your directive in your config.yaml for customize. You could have a simple typo preventing it from working. We’ve all been there.

When you say “hard reset” of the zwave stick, define what you did.

I don’t know what " I also remembered to do the the Command Options > Binary Sensor Report thing." is.

As far as reporting as a string, that seems odd. What else do you have in customize.yaml? Seems like the global setting is set to string.

Also, using trusted networks with a reverse proxy is not advised. Any outside IP will hit the proxy and the proxy is IN your trusted network which will bypass authentication. The http documentation has a warning about it.

homeassistant:
  container_name: home-assistant
  restart: unless-stopped
  image: homeassistant/home-assistant
  devices:
    - /dev/ttyACM0:/dev/ttyACM0
  volumes:
    - /srv/docker/hass-config:/config
    - /etc/localtime:/etc/localtime:ro
  network_mode: host
  privileged: true

I AM renaming it in the UI. That’s where the error message appears.

I did a hard reset? I don’t know how to expand on that.

If you don’t do that the motion sensors don’t report. Example

That doesn’t help. I accept my original post should say “…at the moment” but if I remove the House VLAN (105) from configuration it doesn’t fix the actual problem which is the error message “Login attempt or request with invalid authentication from 192.168.105.22” which is there permanently.

I know. That’s why I asked for help. All that’s in the customize.yaml is what HA put there. Lots of lines similar to

zwave.aeotec_zw100_multisensor_6:
  friendly_name: Kitchen

Do you have IP ban enabled by chance? What is the .22 IP? Is that the docker host? Idk if you have ngnix in a container or not either but I’m curious if .22 is that host.

BTW… What version of HA are you on ?

By default the docker container will pull :latest since I didn’t specify a version so it will be 0.77

I have fail2ban enabled on my bastion host but it’s not part of this equation.

It is. The point is that I didn’t see this message when it proxied to HA installed in a Virtual Env with PIP directly on to the OS. The only thing that’s changed is that HA is now in a container. It’s still exposed over HTTP on port 8123 so theoretically it should be different.

.22 is a different machine (called Docker01) which is running the linuxserver/letsencrypt container. This machine has been running that container for about 9 months and proxying to various other Docker containers and servers I’m running… These all work fine and I don’t get any errors. To be honest, I’m not getting any errors now - it’s just that the message is wrong.

By chance have you tried deleting the HA database and restarting? It sounds like that message is being stored.

Multiple times.

Also, for reference, this is the error message I was on about further up

This error message is wrong because

1. The changes do work
2. configuration.yaml does include customize.yaml

Another update. I’ve figured out that iOS devices are causing the

Login attempt or request with invalid authentication from 192.168.105.22

errors when they try and connect. As mentioned above, they can’t connect - I just get a spinning dot and “Loading data”. Again, something that wasn’t a problem when HA wasn’t running on Docker.