So I’ve been using home assistant for a very long time without issues but recently upgraded the SSD in my NUC so had to transfer everything over and also got a new router so had to redo a lot of configuration, most of it has been straight forward but this is making me pull my hair out.
Basically over the local network/http everything works flawlessly but I have a domain name to access home assistant remotely and securely over https and this is where the problem now lies
I can access home assistants logon screen through my domain but if I put my username and password in I just get another screen with a button saying “start over” and if I press it I just get back to the logon screen so I cannot access home assistant remotely
I’ve been searching/playing/tweaking for hours now and got no where, this is everything I know so far:
Looking in my browser its got an error “Failed to load resource: the server responded with a status of 403 () /auth/login_flow/…”
Home assistant gives the error “Login attempt or request with invalid authentication from 172… (172…). See the log for details.”
I use nginx proxy manager and cloudflare for SSL (even tried “NGINX Home Assistant SSL proxy” addon but had the same problem)
What’s weird is I believe all my settings are the same as previous, I am using the same configuration for home assistant, I’ve setup nginx the same, I’ve not made changes to cloudflare
So what give’s?
It’s odd that I can access home assistants logon screen but not get any further, this must be some stupid setting I’ve missed somewhere…
I really don’t know what to do or what to try next but this really is driving me mad, I hope someone can help…
First thought (and I could be completely wrong) would be the trusted_proxy setting in HA. Is nginx proxy manager running on the same system as HA, or a different system? Do the IP addresses still match?
Trusted proxy seems to be correct because if I remove it I can’t even access the login screen (400 error), I’ve made sure it matches the nginx ip, everything runs on the same NUC/system
EDIT: even tried trusted_proxies: - 0.0.0.0/0 to no avail
I’ve definitely had this and you aren’t crazy.
This happens when websockets fails.
If you have a look at the browser console (usually F12) and go to the “Network” tab you should see sockets failing and highlighted in red.
I’ve used NPM and I am trying to recall what I might have had to do to get around this.
This makes me suspicious as it shouldn’t say “172.x.x.x” as that is a docker network address. If proxying is on correctly, HA should use the provided proxied host IP and not the IP of your NPM container.
This is what my subsection for configuration.yaml looks like if it helps?
# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
http:
use_x_forwarded_for: true # **NOTE:** I think you need this but aren't using it
trusted_proxies:
- 172.27.0.0/16
Not sure about websockets, I know its support is enabled in nginx proxy manager but that tab you say about showed “Login blocked: User cannot authenticate remotely”
I don’t think its configuration.yaml, I’ve tried everything I can think of there with the same result
Did a dirty straight through test and opening up the ports and using http works perfectly fine so the problem is something to do with ssl/nginx or something…
After playing with it all night I finally found the problem
The issue was with the .storage\auth file
I deleted this file and it worked! I had to do a few modifications to users to get it up and running but I didn’t mind that as its now working 100% and even got a A+ SSL rating