I’m trying to configure Home Assistant to be forwarded through HAProxy running with the pfSense HAProxy package, with all traffic being proxied from Cloudflare for DDoS protection. However, Home Assistant gives back a 400 bad request error, citing in the logs that there are Too many headers for X-Forwarded-For: ['Real IP', 'Cloudflare Proxy IP'] I’ve tried using this thread to help me, but it doesn’t seem to work. One of the few things that does work is this post in one of the HA GitHub issues, which involves removing the X-Forwarded-For header completely. However, this isn’t an ideal solution given that it now shows the Cloudflare Proxy address instead of the actual address the traffic came from, and I don’t really feel comfortable stripping data like that from a request. Is there any way that I can modify HAProxy in pfSense so that I can just forward the real IP and not the one from Cloudflare?
My current http section in configuration.yaml consists of:
http:
use_x_forwarded_for: true
# You must set the trusted proxy IP address so that Home Assistant will properly accept connections
# Set this to your HAProxy machine IP, or localhost if hosted on the same machine.
trusted_proxies:
- 192.168.1.1
ip_ban_enabled: true
where 192.168.1.1 is the address of the pfSense box.
