Having problems using ha on android iis redirect and certificate

ino1 · February 3, 2024, 9:24pm

i am trying to access my ha over the net through iss with https and a client certificate
it works fine if i use a bowser like chrome
but the playstrore app does not
it asks me for a certificate and then for the user/pass
entering wrong date and i get a wrong password error entering the right one and i get an error
“unable to connect to home assistant”
there was an error loading home assistant , please …

iis log

W3SVC6 gate 10.2.10.210 GET /auth/providers X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=58857c69&SERVER-STATUS=200 443 - 100.xx.xx.21 HTTP/1.1 Mozilla/5.0+(Linux;+Android+8.0.0;+SM-G930F+Build/R16NW;+wv)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Version/4.0+Chrome/121.0.6167.143+Mobile+Safari/537.36+Home+Assistant/2024.1.5-12102+(Android+8.0.0;+SM-G930F) - - xxx 200 0 0 346 664 489
W3SVC6 gate 10.2.10.210 GET /frontend_latest/4631.CBwlAxGKxXs.js X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=b3a79913&SERVER-STATUS=200 443 - 100.xx.xx.21 HTTP/1.1 Mozilla/5.0+(Linux;+Android+8.0.0;+SM-G930F+Build/R16NW;+wv)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Version/4.0+Chrome/121.0.6167.143+Mobile+Safari/537.36+Home+Assistant/2024.1.5-12102+(Android+8.0.0;+SM-G930F) - - xxx 200 0 0 1545 716 570
W3SVC6 gate 10.2.10.210 POST /auth/login_flow X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=bf84896b&SERVER-STATUS=200 443 - 100.xx.xx.21 HTTP/1.1 Mozilla/5.0+(Linux;+Android+8.0.0;+SM-G930F+Build/R16NW;+wv)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Version/4.0+Chrome/121.0.6167.143+Mobile+Safari/537.36+Home+Assistant/2024.1.5-12102+(Android+8.0.0;+SM-G930F) - - xxx 200 0 0 587 886 102
W3SVC6 gate 10.2.10.210 POST /auth/login_flow/702b5295 X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=c3bf4edc8&SERVER-STATUS=200 443 - 100.xx.xx.21 HTTP/1.1 Mozilla/5.0+(Linux;+Android+8.0.0;+SM-G930F+Build/R16NW;+wv)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Version/4.0+Chrome/121.0.6167.143+Mobile+Safari/537.36+Home+Assistant/2024.1.5-12102+(Android+8.0.0;+SM-G930F) - - xxx 200 0 0 507 886 425
W3SVC6 gate 10.2.10.210 POST /auth/token - 443 - 100.xx.xx.21 HTTP/2 Home+Assistant/2024.1.5-12102+(Android+8.0.0;+SM-G930F) - - ha.xxx.com 403 7 64 0 357 1

the problem is obviously
POST /auth/token 403

just dont know what to do

ino1 · February 3, 2024, 11:12pm

interestingly if i connect my phone to my vpn and access ha eg from the local network and not over the proxy and then turn the vpn off
then it works (probably some caching??? and could stop at any time)
regardless i still cant connect my watch although the app on the phone is working

odwide · February 4, 2024, 3:00am

Did I understand you correctly stating that you are using IIS as a reverse proxy? Why would someone bring such pains into his life? That’d be like browsing with IE.

Caddy and Nginx are incomparable better alternatives.

ino1 · February 4, 2024, 7:51pm

i am unsure which aspect of my question gave you the impression that i am looking for a server alternative but that is not the case
i am simply seeking the reason why i cannot get it to work it appears that the issue stems from using an older phone causing webview not to function as intended

odwide · February 5, 2024, 2:45am

Ditching IIS will be the solution to many problems and will increase the potential of receiving assistance here. Highly doubt that anyone else is doing such a thing as putting that vulnerability-ridden black box in front of HA.

But if that’s what you want to use, go for it and good luck.