Hi,
I had the same problem. Getting the external IP address on the backend you have to modify both the reverse proxy and the webserver at the backend. The solution depends on what webserver you are running. I enabled authentication on the reverse proxy of my Synology. When I try to access HA from outside my home I have to login, when I access it from my lan I don’t. It should be possible to enable logging on synology for login attempts and do something with it (fe. fail2ban)
Sorry, I dont have any experience with reverse proxies.
This is working for me on 0.51.1 nice thanks
entity_id: persistent_notification.httplogin
Bob where can I find this entity? It is not in my list. Although you mentioned just the pushbullet entry as additional set up
It’s only there when the persistant norification is shown in your frontend. You can create it by entering a wrong password.
Bedankt het werkt inderdaad smooth 
Graag gedaan landgenoot 
btw pushbullet works nice! It right away takes you to the website. So this is a handy add on!
I took this a step further and forwarded all persistent notifications to Telegram by triggering on the persistent_notification.create service call event:
automation:
- alias: forward_persistent_notifications
initial_state: 'on'
trigger:
- platform: event
event_type: call_service
event_data:
domain: persistent_notification
service: create
action:
- service: notify.telegram
data_template:
message: >-
{% set message = trigger.event.data.service_data.message %}
{% if 'invalid authentication' in message or 'login attempts' in message %}
{{ message }}: http://www.ip-tracker.org/locator/ip-lookup.php?ip={{ message.split('from ')[1] }}
{% else %}
{{ message }}
{% endif %}
@dale3h very nice, thanks !
You might want to change “attempts” to attempt":
{% if 'invalid authentication' in message or 'login attempts' in message %}Thank you for the tip! I have updated it to:
{% if 'login attempt' in message|lower %}
It works great … thanks.
Just got a little problem, trying to log out of the internal network I get a message that there is an attempt to login only that the address shown is 127.0.0.1 - I have https installed on the Pai. What should I do to show the correct address?
just for educational purposes, why did you change that?
cheers,
Marius
Hi all,
I’ve just setup this great implementation (Thank you!) but there’s something I don’t understand.
Besides the expected persistent notification I receive constantly a message on Telegram
We have discovered new devices on your network. Check it out
But there’s no trace of this message on my frontend. Anyone has the same issue?
Thank you
I got it to work. Did someone using NGINX and know how to implement this with Real IP and not the localhost ip,
Because its show my ip 127.0.0.0 anytime
Have a look at the http component configuration HTTP.
Basically you need to define the proper header forwarding (X-Forwarded-For) in your nginx configuration. Something like this:
location / {
proxy_pass http://192.168.1.1:8123;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_redirect http:// https://;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
}
and enable it in Home Assistant
noticed that persistent_notification.httplogin has become persistent_notification.http_login on my configuration which breaks the automation many are using, so anyone using this be sure to validate that it still works after the 0.86 update.
I’d does I have 0.86.2