Invalid authentication with nginx and HA in docker from internal LAN (Rhasspy)

Hey there,

I have the following setup. I run HomeAssistant in Docker on a Raspberry PI. I use the DuckDNS-Addon and NGINX-Addon to reach HA remotely via SSL and with HTTP from my LAN. These are my relevant configuration snippets:

configuration.yaml

http:
  use_x_forwarded_for: true
  trusted_proxies: 
    - 127.0.0.1
    - 172.30.33.0/24

NGINX

domain: xxxx.duckdns.org
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
customize:
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf

I am now trying to set up Rhasspy for Voice Control Intent handling. I followed the official documentation and created a long lived access token. I am certain that I did not copy leading or trailing spaces. However, whenever my Rhasspy-setup sends an intent to the HA intent API I receive the following notification in HA:

Login attempt or request with invalid authentication from raspberrypi.fritz.box (192.168.178.37). See the log for details.

Rhasspy runs on a second raspberry pi within a portainer-managed docker container within the same LAN as HA. Alternatively, I also tried using the HA Rhasspy-Addon, which gave me a similar authentication error:

Login attempt or request with invalid authentication from 75f2ff60-rhasspy.local.hass.io (172.30.33.6). See the log for details.

This brings me to the conclusion that something with my nginx/http setup seems to block the incoming requests even though “normal” browser-based access to the HA frontend works within the LAN. Unfortunately, I am not an expert on ip-routing, proxies and such, so that I hope I am simply missing a key concept.

I searched the forum and google but could not find a matching problem. If you need additional input to help me out, please let me know.

Thanks and looking forward to your input!
Jens