HTTP integration is not set-up for reverse proxies?

Hi,

I get a lot (dozens) of these warnings in my HA Logs:

A request from a reverse proxy was received from 172.30.33.3, but your HTTP integration is not set-up for reverse proxies; This request will be blocked in Home Assistant 2021.7 unless you configure your HTTP integration to allow this header

It seems to me that is new since the last update (2021.6.1) but I am not sure. Anyway I am not able to understand what they mean. I am using an Intel NUC installation with NGINX Home Assistant SSL proxy add-on configured this way:

(mydomain : of course, I configured my real domain name here)

I have also the Mosquitto broker add-on, the Zigbee2mqtt add-on and the Let’s Encrypt add-on. All is running fine, both from internal and external access… except these (news ?) warnings above.

NB. I set up the NGINX Home Assistant SSL proxy add-on in order to allow to Nuki bridge to do webhooks without to break my external https access since this bridge uses only http.

Any idea about these warnings and what I can do to remove them ?

Thanks.

1 Like

You can read the release notes.

Click the HTTP header to expand the note you need.

2 Likes

Thanks for the help (next time I will check more deeply the release notes !).

I am not very aware about network configuration but I suppose I have to configure something as:

http:
  - use_x_forwarded_for: true
  - trusted_proxies: <the IP of Nginx add-on>

How can I check the IP of Nginx ? Is the 172.30.33.3 from the warnings ?

Lose the - from the two entries and yes, that IP should work. As per comments in this topic, you may want to add 127.0.0.1 and ::1 as well if your reverse proxy is on the same machine:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.3   # see EDIT below
    - 127.0.0.1
    - ::1

EDIT: I’ve seen this advice repeated in other posts. Note that the 172 address referred to here is specific to the OP of this post and not a “magic” IP address that always works for everyone.

13 Likes

Problem solved, thanks you !

1 Like

I had the same issue, found the http-solution, added use_x_forward_for and trusted_proxies, but first it didn’t worked. I’ve added several proxies, e.g. “localhost”, checked the HA protocol for that error message, added that IP, sniffed arround, googled etc… No change, always the 400-error message in my browser and another entry in HA protocol.

So, what I’ve done wrong was just to reload the yaml-configuration. That does not help. You need to restart HA after changing http-section in configuration.yaml to get that configuration be loaded.

2 Likes

Just an upgrade of Troon solution to make it works for everyone.
According to the documentation https://www.home-assistant.io/integrations/http/, you can use a wildcard, so all addresses from local docker will work.

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1
    - ::1
    - 172.30.33.0/24