I’m testing a new setup for my hass environment, where most if it gets moved to a public cloud (Google Cloud in my case). I’ve deployed latest (2021.6.6 as I write) and it’s working fine when I use port redirection (80 → 8123 on the host machine).
The problem comes when I put a load balancer in the path, so the setup is something like:
WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from X.X.X.X
on the backend logs and a login screen with just the hass logo and this text (because I even tried adding my public IP to the trusted networks list):
You’re about to give http://X.X.X.X/ access to your Home Assistant instance.
Logging in to Home with Trusted Networks.
Error: invalid client id or redirect uri
Where X.X.X.X is the public IP of my desktop. So apparently, use_x_forwarded_for and trusted_proxies configs are working, but I’m completely lost on how to debug further.
I’m using http (no https) and no domain on the external URL. Find below the relevant sections of my config file:
Indeed I had already captured traffic and saw the header:
X-Forwarded-For: <my public IP>, <my LB public IP>
X-Forwarded-Proto: http
on the other hand, I’ll check the requirements for domain name instead of plain IPs, but what’s the difference when reaching HA directly via port forwarding on the host vs. via the LB? Is it because it’s considered an “external” access? What’s the criteria for that? Because even with port forwarding I’m using IPs on different subnets… trying to understand the details behind the issue.
Trusted network auth was just a temporarily test/workaround.
Yes, I restarted the docker container after the changes. No stupid questions!! Double checking is always great
Anything else I could capture, log? Yesterday I enabled debug-log levels but I was unable to identify anything relevant, maybe my eyes are not trained enough for hass logs.
I’ll try with a domain, just in case, and let you know. Wanted to first rule out the basic stuff with the experts here in the forum.