HA with reverse proxy not working

Hi all

I have an issue with HA in conjunction with Kemp load balancer running as reverse proxy.

HA works just fine on the local network accessing it via the local ip and port 8123. All good there. However if the request/traffic comes from the proxy, it just displays the cloudflare host error (520) and logs an error in HA.

I have configured HA like this: (version 2021.11.5)

http:
  server_port: 8123
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.15            #Virtual IP from the proxy      

Each time i try to access it via the proxy/subdomain i get following error in HA logs:

Logger: aiohttp.server
Source: /usr/local/lib/python3.9/site-packages/aiohttp/web_protocol.py:393
First occurred: 16.34.22 (4 occurrences)
Last logged: 16.45.40

Error handling request
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/aiohttp/web_protocol.py", line 314, in data_received
    messages, upgraded, tail = self._request_parser.feed_data(data)
  File "aiohttp/_http_parser.pyx", line 546, in aiohttp._http_parser.HttpParser.feed_data
aiohttp.http_exceptions.BadStatusLine: 400, message="Bad status line 'invalid HTTP method'"

Kemp is setup with certificate from cloudflare and everything else works as intended. Multiple other services, have not posed any issues like HA, while setting up reverse proxy.

Do i need to enable HTTPS (or disable it?) on HA? if so, how? None of the other proxied services have any certs installed and works flawlessly with no raised cert flags in chrome.

Thanks
Troels

Do you both proxy http and websockets ?

I only proxy http on port 443 (https).

HA is pretty minimally setup on a VM, with zigbee gateway and a few automations.

I don’t use kemp but nginx, and I have to proxy both http and websockets for HA to work over the proxy.

I am not sure how to set that up? It seems to complain about the traffic/http method and not websockets?

… so I have this working now.

What worked for me was:

  • In Advanced Properties of the main VS do NOT “Add a Port 80 Redirector VS”
  • In the Sub-VS, under Real Servers, set the “Real Server check method” to ICMP Ping