I get these from time to time, and it’s usually due to me using the wrong password. However I got a notice a few hours ago and it was definitely not me.
But the IP address it shows is always an internal network address. I’m using docker and Traefik for reverse proxy. Is there a way to actually get the “true” ip that was attempting a login? Be it a device on my network that has a DHCP assigned address or a WAN IP address.
Pinging @DavidFW1960 as he knows his docker stuff and probably has some insights.
Yes, take a look at the HTTP component docs, with a close look at the use_x_forwarded_for flag. Set that to True.
Also look at the trusted_proxies flag, since you will have to add your reverse proxy server to this list.
Finally, you’ll have to make sure your reverse proxy is forwarding the original IP. I’m not sure about Traefik, but for nginx, the config is something like this:
I’ve seen the same. It just started with HA 0.92.x with me. It appears to happen when I reboot my server but leave my browser open waiting for a reconnect.
The trusted_proxies list which servers are allowed to forward those headers and have them reported. So whatever the “wrong” ip address you get reported you must configure as a trusted proxy and add these to your reverse proxy config, well actually I think its only the X-Forwarded-For which is what HA uses.
I was confused about this because with the hassio addon for nginx reverse proxy was running on the same machine. so I try to use the main ip address, and loopback, but nginx communicate through one of the internal docker addresses 172...* so I add that to trusted_proxies and then disconnect from wifi on my mobile and try to login with incorrect credentials, then the correct ip address appears in the notification, do whois on it and it comes up as my mobile provider which is correct.
I had a hell of a time getting this working with my docker setup. I’m not even certain it is working 100% of the time. My network is 172.16.68.X/24. I think the trick was specifying the pihole_sub (at the bottom of the docker compose)