Help with Error 400: Bad Request

steveothesane · September 25, 2021, 6:52am

Please help. I have scoured the blogs for anything that might help and tried everything I can understand to try and I still end up with the same problem. 400: Bad Request everytime I try to access my Home Assitant from my domain. I am using AdGuard for DNS and DHCP, NGINX Proxy Manager for proxy, Let’s Encrypt for the certificarte, and cloudflare for my host. I have added in to my configuration.yaml:

http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.32.1
- 127.0.0.1
- 10.0.0.2

and nothing seems to work. I am at my rope’s end. I don’t know what logs I should post here to help show what’s going on so any direction would be helpful. I know I’m not the only one who has faced this issue and it seems that for most everyone adding in the above has solved the problem. I am using a RPi 4 8GB with a 500 GB SSD connected to my TP-Link router with the appropriate ports open. I have followed all the instructions and everything was working perfetly until the need to add the trusted_proxies section to configuration.yaml. Thank you for your time.

francisp · September 25, 2021, 7:34am

Show the error in your home-assistant.log. It contains the IP you need to add to trusted_proxies.

steveothesane · September 26, 2021, 2:27am

Here is a copy of the log entry when I tried to access form the outside:

2021-09-25 19:25:54 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy 172.70.98.43
2021-09-25 19:25:54 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy 172.70.98.135
2021-09-25 19:25:55 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy 172.69.35.164

As you can see they are all from different IP Addresses and one from another subnet.
Here’s another one a little later:

2021-09-25 19:42:09 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy 108.162.215.105
2021-09-25 19:42:09 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy 172.69.35.164
2021-09-25 19:42:11 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy 108.162.215.105
2021-09-25 19:42:11 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy 172.69.35.164
2021-09-25 19:42:11 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy 172.70.98.43

So, yeah. No one else has run across this before from my research. I hope this means something to someone because I’m stumped.

francisp · September 26, 2021, 3:22am

You use the

proxies ?

use_x_forwarded_for: true
trusted_proxies:
  - 172.30.32.1
  - 127.0.0.1
  - 10.0.0.2
#log reported ipv4
  - 162.158.159.139
  - 172.69.55.59
  - 141.101.76.195
  - 141.101.98.91
  - 141.101.99.102
  - 141.101.105.87
  - 141.101.105.99
#cloudflare ipv4
  - 103.21.244.0/22
  - 103.22.200.0/22
  - 103.31.4.0/22
  - 104.16.0.0/13
  - 104.24.0.0/14
  - 108.162.192.0/18
  - 131.0.72.0/22
  - 141.101.64.0/18
  - 162.158.0.0/15
  - 172.64.0.0/13
  - 173.245.48.0/20
  - 188.114.96.0/20
  - 190.93.240.0/20
  - 197.234.240.0/22
  - 198.41.128.0/17
#cloudflare ipv6
  - 2400:cb00::/32
  - 2606:4700::/32
  - 2803:f800::/32
  - 2405:b500::/32
  - 2405:8100::/32
  - 2a06:98c0::/29
  - 2c0f:f248::/32

steveothesane · September 27, 2021, 11:37pm

Thanks, @francisp. I’ll give anything a try at. This point. I’ll let you know.

steveothesane · September 28, 2021, 3:02am

@francisp that did the trick! Thank you so very much. It never occured to me that the revers proxy could also be on the host’s side too.

technikhaus · January 9, 2022, 10:14pm

Just wanted to jump in here and also say thanks @francisp too, as that sorted it for me as well!

GoblinRules · March 12, 2022, 2:28pm

Thank you, this has had me chasing my tail for the last 24hrs.

The only change I had to make was this though.

trusted_proxies:

172.30.32.0/23
127.0.0.1
10.0.0.2
internal ip

alexboss · May 25, 2022, 6:16am

Also wanted to say thank you, this saved me time and a lot of hassle identifying what was wrong with my apache proxy. Thank you.

kmanan · February 27, 2023, 6:20pm

I am going to cry. I can’t get this to work no matter what I try. here’s my setup:

TrueNAS HomeLab on 192.168.61.41
Nginx installed within TrueNAS, accessible through 192.168.61.41:10583 (for port 80 and 10584 for port 443
HA installed on RPI at 192.168.61.154:8123
HA config.yaml includes:

  use_x_forwarded_for: true
  trusted_proxies: 
    - 173.245.48.0/20
    - 103.21.244.0/22
    - 103.22.200.0/22
    - 103.31.4.0/22
    - 141.101.64.0/18
    - 108.162.192.0/18
    - 190.93.240.0/20
    - 188.114.96.0/20
    - 197.234.240.0/22
    - 198.41.128.0/17
    - 162.158.0.0/15
    - 104.16.0.0/13
    - 104.24.0.0/14
    - 172.64.0.0/13
    - 131.0.72.0/22

Nginx UI panel config:

ha.domain.com → 192.168.61.154:8123
No SSL settings

Keep getting 400 bad request. If I enable SSL settings then I get too many redirects.

I will pay someone to solve this problem of mine, that’s how desperate I am.

calvolson · March 17, 2023, 11:35am

have you tried adding - 192.168.61.41 to the trusted proxy list? That should work as it’s your LAN proxy IP if I’m following you correctly.

kmanan · March 18, 2023, 8:50pm

I had to add ::1 for IPv6. I had the IPv4 IP you mentioned and the moment I added the IPv6 redirect, it magically started working