If you just look at your Home Assistant logs when you get a 400 bad request, it will have a line that says that it rejected a connection from an IP address (which it will tell you) which was not configured as a trusted proxy. So you will be able to figure out if it’s complaining about an internal IP address or an external one.
i’m bad at logs, where are these ?
let me look.
asking as Configuration : Logs is not showing anything
10.0.0.1 is the LAN IP on My Modem
10.0.0.2 is the WAN IP on the pgSense
G
Your trusted proxies should be:
trusted_proxies:
- 10.9.116.254
- 173.245.48.0/20
- 103.21.244.0/22
- 103.22.200.0/22
- 103.31.4.0/22
- 141.101.64.0/18
- 108.162.192.0/18
- 190.93.240.0/20
- 188.114.96.0/20
- 197.234.240.0/22
- 198.41.128.0/17
- 162.158.0.0/15
- 104.16.0.0/12
- 172.64.0.0/13
- 131.0.72.0/22
With the top address being your HAProxy address.
Meanwhile your config in HAProxy needs to have:
http-request replace-value x-forwarded-for ^ "%[hdr(x-forwarded-for)], %[src]"
Because otherwise you will have multiple x_forwarded_for headers and Home Assistant will complain.
any idea where this must be set ? I"m digging…
in front end there was the option to enable “Use “forwardfor” option” which I’ve now unticked.
still getting invalid certificate on mobile devices through, thinking there was 2 issues maybe, the 400 and the cert on mobile app on cell phone.
G
think I found something that might be pointing to the problem,
as it seems we got the browser based https stable.
the mobile works on a socket:
G
What is the certificate presented by cloudlfare?
If it’s the letsencrypt one, you might encounter an issue like Home assistant Android App and Let’s encrypt certificate - Mobile Apps - Home Assistant Community (home-assistant.io)
it’s the ACME generated lets_encrypt,
but the mobile app is iOS.
G
One of the replies mentioned iPad…
PS. BTW, using ACME in place of “certificate” or “Let’s Encrypt” is not correct. ACME is just the protocol used to obtain and renew the certificates with Letsencrypt.
Chris, true… but I also mentioned the ACME generates the lets_encrypt cert.
we’re a apple house, all the mobile devices are iOS.
Believe my problem is related to the web sockets, getting them working. looking for a clear explanation, what to enable how and where.
All I really want to work is the mobile device, happy to close web access to the HA site from outside.
G
If it would be so, the browsers wouldn’t work, either
just following somer redit threads that all seem to be pointing to web sockets thats seem to be handled by haproxy differently.
G
also found this one on GitHub, that seem to point to web sockets.
although as said, I can access through browser, only problem now is the not working mobile app.
G
The mobile app in the connection configuration screen actually says web socket not working.
G
George, you receive an “invalid certificate” error message.
What in the name of god would make you think the problem is not a certificate one…
because the mobile app is telling the web socket is failing.
and the fact that from the same mobile device access the url through safari works.
and the fact that from safari and firefox from other devices accessing the url works.
G
It maybe obvious but are you clearing the storage of the mobile app after making each of these changes?
clearing storage on mobile app, how would I do that.
What I have done is to totally close the app.
G
I don’t have an ios device. A long press on the icon brings me to androids settings for the app, from there I can clear the storage.
nothing like that in iOS, closest is a hard close of the app.
G
That’s strange there must be a way to flush the data out of the app. Not even an option to clear the cache? Maybe delete and reinstall. The app has a tendency of holding settings.