TomMaSS
(TomMaSs)
July 31, 2020, 1:34pm
1
Hi
Just started with Home Assistant and have an unpleasant problem with revers proxy.
The main goal in what i want access HA outside my network via domain url
I have DIY home server. Every service in docker container
So when i add HA container i add nginx host with subdomain in nginx-proxy container. Both containers in same network
In configuration.yaml:
http:
use_x_forwarded_for: true
trusted_proxies:
- 127.0.0.1 #localhost
- 172.21.0.1 #docker_net gw
- 172.21.0.11 #nginx-proxy hardcoded ip
- 31.202.xxx.xxx #my external ip
ip_ban_enabled: False
login_attempts_threshold: 5
Have access to main page but can’t login with message
2020-07-31 16:19:35 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 31.202.xxx.xxx
In ./config/.storage/auth have
"access_token_expiration": 1800.0,
"client_icon": null,
"client_id": "https://home.xxxxx.tk/",
"client_name": null,
"created_at": "2020-07-31T13:19:45.810914+00:00",
"id": "7da899ddb8b744beba5bd9dfbdbde79e",
"jwt_key": "6792fd8c25ef54af330a14dd7655a9d8b517ce36d7223340721c5e839ccb491a8e6f6a0145b0b653a19a3eb1e58a68f55c3662dexxxxxxxxxxxxx",
"last_used_at": "2020-07-31T13:19:45.811048+00:00",
"last_used_ip": "31.202.xxx.xxx",
"token": "24aa12671c27a25e2270b982a3c50d86e39a10ee47f7cff6b21620899750952860b9225ef4d792a2a363fa1dc7c2d511a450ad451c6xxxxxxxxx",
"token_type": "normal",
"user_id": "97aeb489b50046ef8ae546axxxxx"
tmjpugh
(Tmjpugh)
August 1, 2020, 6:21am
2
I don’t think your external IP should be trusted_proxy as traffic will no show as coming from there.
Maybe your server IP if docker
TomMaSS
(TomMaSs)
August 3, 2020, 6:09am
3
i don’t think what it will help
cause my traffic when i open browser link via url goes like pc > server in local net > nginx-proxy in container > HA in container
gurbina93
(Gurbina93)
August 3, 2020, 8:35am
4
Not sure about you, but I exposed mine with NGINX and didn’t change anything under configuration.yaml HTTP section except IP ban and thresholds:
http:
ip_ban_enabled: false
login_attempts_threshold: 8
As for in NGINX just basic configuration, it’s pretty much empty.
All IPs show correctly whether I am inside my network (internal IP) or outside (public IP I have assigned from whatever device or location I am accessing from).
I never had to play with the use_x_forwarded_for or trusted_proxies for the public IPs to show correctly, so I can actually see the IPs that have logged to my HA.
I have the proxy (local_host) set as a trusted proxy but I also use x_forwarded_for and so the real connecting IP address is exposed. I also then use the authenticated custom component so I can see every IP address that connects (with local IP addresses whitelisted). I use Caddy not Nginx but assume you can do the same.
TomMaSS
(TomMaSs)
August 3, 2020, 1:19pm
6
I’ll simplify the configuration.
do you also use docker version?
gurbina93
(Gurbina93)
August 4, 2020, 9:06am
7
Yes, I am using this docker image in Ubuntu which already contains the database compared to the official one:
Same as @DavidFW1960 I am also using Authenticated custom component to monitor on these logins and keep track of them.
TomMaSS
(TomMaSs)
August 6, 2020, 6:30pm
8
find problem
at first i create virtual machine and setup hassio on it
after configure nginx proxy to vm ip adress in local network. nginx is in old host on docker contaner
added trusted networks to hassio conf
when i open url i can log in. and see new token with success auth in logs. but web page stack on url
https://home.tommass.tk/lovelace?auth_callbackk=1&code=896261d383c3474bk=1&code=896261d383c3474bxxxxxxxxxxxxxx
it can’t open web socket for callback cause my nginx work on docker internal network with 172.xxx.xx.xx ip
Any ideas??
MaLaH
(Max)
September 25, 2020, 2:40pm
9
I had exactly tyhe same issue. Not sure if you were able to resolve it, but I found a solution. Will post it here just in case if anybody else will have the same issue:
Was resolved by adding these two parameters to my Nginx config:
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
Here is my working Nginx config:
server {
listen 80;
server_name hass.lan;
location / {
proxy_pass http://172.80.1.14:8123/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
2 Likes
I can’t find my nginx.conf file anywhere? Where does the addon save it?