Invalid IP address in X-Forwarded-For: XX.XXX.XXX.XX:14883, 127.0.0.1

So I have been running HA for a while now. Since I’m in an apartment building where I cannot forward ports, I’m running a reverse proxy.

To do this, I’m using inlets and a separate server from azure with a fixed IP and the ability to forward ports. My configuration is as following

HA on RPi 4 <–(inlet)–> Azure server (running caddy server for reverse proxy) with fixed IP

This all used to work fine, but after updating to the latest version of HA today, I can no longer reach my home assistant via my domain that points to the azure server.

Assume that my domain is called mydomain.com and points to the azure servers IP.

Part of my HA config:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - YY.YY.YY.YY  # address of the azure server
    - 127.0.0.1

My inlet-client config (on the Pi)

inlets client --remote=wss://mydomain.com --token=XXXXX
--upstream=mydomain.com=http://localhost:8123

My server inlet config (on the azure server)

inlets server --port=8888 --token=XXXXX

And finally, my Caddyfile on the azure server:

mydomain.com

reverse_proxy /* 127.0.0.1:8888 {
  header_up Host {http.request.host}
  header_up X-Real-IP {http.request.remote}
  header_up X-Forwarded-For {http.request.remote}
#  header_up X-Forwarded-Port {http.request.port}
  header_up X-Forwarded-Proto {http.request.scheme}
}

reverse_proxy /tunnel 127.0.0.1:8888 {
  header_up Host {http.request.host}
  header_up X-Real-IP {http.request.remote}
  header_up X-Forwarded-For {http.request.remote}
#  header_up X-Forwarded-Port {http.request.port}
  header_up X-Forwarded-Proto {http.request.scheme}
}

The error I’m getting is the following:

Invalid IP address in X-Forwarded-For: XX.XXX.XXX.XX:14883, 127.0.0.1

with XX.XXX.XXX.XX being the ip of whatever device I’m trying to reach HA with.

From the other threads on this issue (Update broke Apache Reverse Proxy - #16 by delzear), it seems that the port being part of the X-Forwarded-For is the issue. As such, I already tried to uncomment those regions in the Caddyfile, yet the issue persists.

Any idea what I could do?

Edit:
Trying to reverse the code alone, it is indeed the port that is giving the issue:

Calling forwarded_for = [ip_address(addr.strip()) for addr in forwarded_for_split] gives me:
ValueError: 'XX.XXX.XXX.XX:14883' does not appear to be an IPv4 or IPv6 address

Did you ever get this working through Azure? I’m trying to setup a reverse proxy on Azure and seeing the same error.

The IP address that is reported is my router’s address that is doing the port forwarding. Adding that to the trusted_proxies has no effect.

X-Forwarded-For should contain IP-addresses only, not IP-addresses with :PORT concatenated.

1 Like

Yeah I’ve tried to disable that in Azure

<?xml version="1.0" encoding="UTF-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <system.webServer>
    <proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" xForwardedForHeaderName="X-Forwarded-For" includePortInXForwardedFor="false"  />
  </system.webServer>
</configuration>

not sure if I have the right config. Or if it’s the port forwarding that my router is doing, since the error message that is reported is my router address.

Hi Eric, I ran into the same issue on Azure, the includePortInXForwardedFor attribute doesn’t seem to do much. Did you manage to solve it in another way?

@SierraNL sorry I never was able to get it working. It sucks my ISP blocks 80 & 443