External access stopped working since upgrade

Thanks, I think this is the information I am looking for. I did not realise my reverse proxy was misconfigured… until now. Thanks for the pointer.

The proxy is on a separate pc, with ethernet and wifi interface :slight_smile:

1 Like

I gather that the trusted proxy ip address for the ‘official’ ngnix proxy Manager add-on will be the same as the ip address the home assistant server is running on. So that will be:

http:
  use_x_forwarded_for: true    
  trusted_proxies:
    - 192.168.1.99 <= homeassistant.server.ip.address

Does that sound right?

No, does not work.

See this topic :

In my case it was. Is your proxy on the HA machine? Did you also configure the proxy to pass through the real IP address?

Thanks for your feedback.

I’ve set up the Nginx Proxy Manager from the home assistant add on store.

Is your proxy on the HA machine?

Yes, installed via the add on store.

Did you also configure the proxy to pass through the real IP address?

Yes, was working prior to the update. Setup via the add-on GUI

Here is my configuration.yaml entry (referencing this thread).

http:
  server_host: 0.0.0.0
  use_x_forwarded_for: true    
  trusted_proxies:
    - 127.0.0.1

Tried with and without the server_host entry. Doesn’t work.

Hi, check the log for the right proxy ip!

You mean the ngnix log? What am I looking for exactly?

OK, I was looking in the Ngnix Log, but I think I’ve found it in the Home Assistant log.

Thought I’d found it, but I am still unable to connect. Now I can’t find it in the log.

Yes, in the HA log.

Thanks, yes I used that address. It is now working. Thanks for that.

That’s great. :slight_smile:

1 Like

For anyone else struggling with this issue:

  • Open your HA log (/config/home-assistant.log)
  • Search for “untrusted proxy”
    Should be a line like this:
2021-07-10 22:26:04 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy 172.30.33.4
  • In the HTTP section of your config file, make sure you have use_x_forwarded_for:true and add the address found in the previous step (yes, it may be some strange IP you’ve never seen before) to trusted_proxies entry like so:
http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1
    - ::1
    - 172.30.33.4
  • Reboot / restart HA
  • Start NGinx Proxy Manager add-on if it didn’t automatically start
  • It should be working now
3 Likes

Great tip. For me, finding the right IP too use was the most difficult part. Would be handy if the Nginx proxy manager add-on displayed its IP address, that would have made it easier.

BTW, what is the ::1 for? My configuration worked without it.

the IPv6 equivalent of 127.0.0.1
Portainer will show the docker container IP address and there are bound to be multiple other ways as well.

1 Like

Hello everyone, I am using the NGINX Home Assistant SSL proxy add-on and I am still having this issue.

I added the http settings to the configuration file.

Do I still need to do port forwarding to my pi? if so what would be the ports?

I have been trying a lot of combinations and nothing seems to work :confused:

Port forwarding from router to pi on 443
Forward in nginx 443 to 8123

Thanks for the response!

yeap that is what I have but on the external duckdns url I get error 400 (Bad request ):

400: Bad Request

and on the HA logs I see:

Received X-Forwarded-For header from an untrusted proxy 172.30.33.2

But I already listed that IP under trusted_proxies

Did you restart HA after adding

172.30.33.2

to the trusted proxies ?

Yes I did, but still same log errors

EDIT:
I found the issue!! This is for NGINX Home Assistant SSL proxy add-on

This is what you need.

  • default add-on configurations. just add your duckdns url

  • Add the http settings they have on their github, just like it is posted.

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
  • Configure port forwarding 443 port of your pi, to 443 external port

* And the most important step, not mentioned anywhere… you need to install the MariaDB add-on and make sure it runs fine, before starting MariaDB, make sure you change de null password value. Please ignore this bullet. Thanks. - Petro

Thanks all. that will work!

Please don’t spread imprecise information.
Mariadb is maybe needed for your specific setup, but it has nothing to do with “standard” nginx setup or remote access