If enabled, configure Nginx with a list of IP addresses directly from Cloudflare that will be used for set_real_ip_from directive Nginx config. This is so the ip_ban_enabled feature can be used and work correctly in /config/customize.yaml.
is stated on the Nginx proxy documentation. Really sorry to say, but I dont understand this, other than that any traffic reaching HA will no pass Nginx per definition so the default ip_bans isnt effective any longer?
how to configure that now? I would not know where to start selecting cloudfare ip’s or even understand why this needs cloudfare settings in the first place.,…
this is my current http config:
http:
# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
# base_url: !secret base_url
# ssl_certificate: /ssl/fullchain.pem
# ssl_key: /ssl/privkey.pem
ip_ban_enabled: true
login_attempts_threshold: 5
# cors_allowed_origins:
# - https://www.home-assistant.io
# - https://cast.home-assistant.io
use_x_forwarded_for: true
trusted_proxies:
# - 127.0.0.1
- 172.30.33.7
- 172.30.32.0/24