Hi Dear HA community,
I am struggling a bit to fire up HASS on rpi using caddy as a reverse-proxy for it.
My Caddyfile is the following:
:80 {
gzip
proxy / 192.168.0.80:8123 {
websocket
transparent
}
}
Tried a lot of iterations and still not sure what is missing, I have also tried:
<HA_DOMAIN> {
header / {
Strict-Transport-Security “max-age=31536000; includeSubdomains”
X-XSS-Protection “1; mode=block”
X-Frame-Options “DENY”
Referrer-Policy “same-origin”
}
proxy / <HA_IP>:8123 {
websocket
transparent
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}
header_upstream X-Forwarded-Proto {scheme}
}
My HA config has the following:
Uncomment this if you are using SSL/TLS, running in Docker container, etc.
http:
login_attempts_threshold: 5
Here I have also tried a lot of things like:
http:
ip_ban_enabled: true
login_attempts_threshold: 5
use_x_forwarded_for: true
trusted_proxies: <CADDY_IP>
I have also did a tcpdump and what I can see that the authentication looks fine and I get to the point where the browser sends the following HTTP packet :
GET /api/websocket HTTP/1.1
Host: 192.168.0.80
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
Accept-Language: en-US,en;q=0.9
Cache-Control: no-cache
Connection: Upgrade
Cookie: wp-settings-1=editor%3Dtinymce%26libraryContent%3Dbrowse; wp-settings-time-1=1547414549
Origin: http://192.168.0.80
Pragma: no-cache
Sec-Websocket-Extensions: permessage-deflate; client_max_window_bits
Sec-Websocket-Key: BVOA6ZZhyfY9khwJFipKlQ==
Sec-Websocket-Version: 13
Upgrade: websocket
X-Forwarded-For: 192.168.0.206
X-Forwarded-Proto: http
X-Real-Ip: 192.168.0.206
Accept-Encoding: gzip
Connection: close
However after this no response from the HASS only the error in the logs after like 20 seconds.
If the issue is the Connection: close sent by the proxy, why is it doing that ?
Thanks for your help.