External access stopped working since upgrade

currest2620 · July 8, 2021, 4:23am

Thanks, I think this is the information I am looking for. I did not realise my reverse proxy was misconfigured… until now. Thanks for the pointer.

francisp · July 8, 2021, 4:30am

The proxy is on a separate pc, with ethernet and wifi interface

currest2620 · July 8, 2021, 4:55am

I gather that the trusted proxy ip address for the ‘official’ ngnix proxy Manager add-on will be the same as the ip address the home assistant server is running on. So that will be:

http:
  use_x_forwarded_for: true    
  trusted_proxies:
    - 192.168.1.99 <= homeassistant.server.ip.address

Does that sound right?

No, does not work.

francisp · July 8, 2021, 4:56am

See this topic :

DavidFW1960 · July 8, 2021, 5:01am

In my case it was. Is your proxy on the HA machine? Did you also configure the proxy to pass through the real IP address?

currest2620 · July 8, 2021, 5:19am

Thanks for your feedback.

I’ve set up the Nginx Proxy Manager from the home assistant add on store.

Is your proxy on the HA machine?

Yes, installed via the add on store.

Did you also configure the proxy to pass through the real IP address?

Yes, was working prior to the update. Setup via the add-on GUI

Here is my configuration.yaml entry (referencing this thread).

http:
  server_host: 0.0.0.0
  use_x_forwarded_for: true    
  trusted_proxies:
    - 127.0.0.1

Tried with and without the server_host entry. Doesn’t work.

balazsmark · July 8, 2021, 5:35am

Hi, check the log for the right proxy ip!

currest2620 · July 8, 2021, 5:37am

You mean the ngnix log? What am I looking for exactly?

OK, I was looking in the Ngnix Log, but I think I’ve found it in the Home Assistant log.

Thought I’d found it, but I am still unable to connect. Now I can’t find it in the log.

balazsmark · July 8, 2021, 5:50am

Yes, in the HA log.

currest2620 · July 8, 2021, 6:06am

Thanks, yes I used that address. It is now working. Thanks for that.

balazsmark · July 8, 2021, 6:18am

That’s great.

JesseWebDotCom · July 11, 2021, 2:42am

For anyone else struggling with this issue:

Open your HA log (/config/home-assistant.log)
Search for “untrusted proxy”
Should be a line like this:

2021-07-10 22:26:04 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy 172.30.33.4

In the HTTP section of your config file, make sure you have use_x_forwarded_for:true and add the address found in the previous step (yes, it may be some strange IP you’ve never seen before) to trusted_proxies entry like so:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1
    - ::1
    - 172.30.33.4

Reboot / restart HA
Start NGinx Proxy Manager add-on if it didn’t automatically start
It should be working now

currest2620 · July 11, 2021, 11:49pm

Great tip. For me, finding the right IP too use was the most difficult part. Would be handy if the Nginx proxy manager add-on displayed its IP address, that would have made it easier.

BTW, what is the ::1 for? My configuration worked without it.

DavidFW1960 · July 11, 2021, 11:55pm

the IPv6 equivalent of 127.0.0.1
Portainer will show the docker container IP address and there are bound to be multiple other ways as well.

ma-armenta · July 22, 2021, 3:36am

Hello everyone, I am using the NGINX Home Assistant SSL proxy add-on and I am still having this issue.

I added the http settings to the configuration file.

Do I still need to do port forwarding to my pi? if so what would be the ports?

I have been trying a lot of combinations and nothing seems to work

francisp · July 22, 2021, 3:39am

Port forwarding from router to pi on 443
Forward in nginx 443 to 8123

ma-armenta · July 22, 2021, 4:08am

Thanks for the response!

yeap that is what I have but on the external duckdns url I get error 400 (Bad request ):

400: Bad Request

and on the HA logs I see:

Received X-Forwarded-For header from an untrusted proxy 172.30.33.2

But I already listed that IP under trusted_proxies

francisp · July 22, 2021, 4:19am

Did you restart HA after adding

172.30.33.2

to the trusted proxies ?

ma-armenta · July 22, 2021, 4:28am

Yes I did, but still same log errors

EDIT:
I found the issue!! This is for NGINX Home Assistant SSL proxy add-on

This is what you need.

default add-on configurations. just add your duckdns url
Add the http settings they have on their github, just like it is posted.

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24

Configure port forwarding 443 port of your pi, to 443 external port

* And the most important step, not mentioned anywhere… you need to install the MariaDB add-on and make sure it runs fine, before starting MariaDB, make sure you change de null password value. Please ignore this bullet. Thanks. - Petro

Thanks all. that will work!

koying · July 22, 2021, 8:16am

Please don’t spread imprecise information.
Mariadb is maybe needed for your specific setup, but it has nothing to do with “standard” nginx setup or remote access