RASBR
November 6, 2025, 6:05pm
1
Hi,here a couple of days ago but I think the thread is too old for anyone to seem so I am posting as a new topic but a follow up also.
Hi,ha.example.com
While everything is still running perfectly as I am used to, only Home Assistant is not when I try to access it through my PC’s web browser, unless I access it via http://<ip-address>:8123. When I try with my sub domain I get:
And it ends with 400: Bad Request
I have:
Unifi UDM running Unifi Network 9.5.21
Nginx Proxy Manager in a Docker container with the below network settings in its stack
networks:
npm-network:
ipv4_address: 192.168.x.2
networks:
npm-network:
external: true
In HA config I have the following:
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.0.0/24
- 172.16.0.0/24
ip_ban_enabled: true
login_attempts_threshold: 5
# I tried everything here, explicit IP and all VLANs untill I ran out of options.
Anyone got this problem!!!
Sir_Goodenough
November 6, 2025, 6:24pm
2
This
RASBR:
- 172.16.0.0/24
might need to be
- 172.16.0.0/16
Otherwise depending on where your Docker IP numbers are they could be missed.might not fix your problem, but my OCD kicked in there.
Also
- 192.168.0.0/24
Actually means 192.168.0.x/24, not 192.168.0.0 because the /24 allows only 0-254 in the last octet. This is clashing with the
you have in NPM unless that x is a 0.
Please read up on what the /24 and /16 means. I’m guessing this is the problem (maybe).
RASBR
November 7, 2025, 2:45pm
3
Hi,
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.0.0/16
- 172.16.0.0/16
ip_ban_enabled: true
login_attempts_threshold: 5
So that’s not the problem I guess!!
Sir_Goodenough
November 7, 2025, 3:43pm
4
Reboot the host after changing that to make sure it all propagates. If that didn’t help I can’t think of anything else.
francisp
November 7, 2025, 4:12pm
5
Did you enable websockets in nginx?
RASBR
November 8, 2025, 6:20am
6
NPM is working fine with every other sub domain, even with multiple domains!! and I am reaching HA but it is not passing to the inside of HA
francisp
November 8, 2025, 6:21am
7
Not every domain uses websockets.
RASBR
November 8, 2025, 6:21am
8
If you mean HA Host, I have HA OS on a dedicated Intel NUC and I did restart it so many times recently with every suggested solution.
francisp
November 8, 2025, 6:24am
9
Using the SWAG (linux.io ) container, if I don’t define websockets I get exactly what you describe in your opening post.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name ha.mydomain.com;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app homeassistant;
set $upstream_port 8123;
set $upstream_proto http;
proxy_pass http://10.0.0.67:$upstream_port;
}
location ~ ^/(api|local|media)/ {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app homeassistant;
set $upstream_port 8123;
set $upstream_proto http;
proxy_pass http://10.0.0.67:$upstream_port;
}
}
Sjoerd
November 8, 2025, 10:10am
12
Hi - I got exact same problem - HA behind NPM was running fine for the last 5 years orso till last night. Around 19h50 (cet) things started to go south.
It just stopped… lets encrypt certs are up-to-date
Here is the long from my npm - I masked the ip-adresses and tokens. 192.168.0.42 is where my homeautomation VM is running on. People might say - you got an old version of HA - Indeed - If i update zigbee2mqtt and nodered will break but dont worry - I made a new vm this morning to test, same npm settings but a fresh ha with latest updates - same issue - same logging in npm…
Things should not stop without proper errormessages - which I cannot find… (I have no clue which logfile in HA i must check)
This log is a section from last night from the NPM
[07/Nov/2025:19:47:52 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/dae35f74290f860719abc60*************************" [Client ww.xx.yy.zz] [Length 2] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.8.7-17352 (Android 11; moto g(9) plus)" "-"
[07/Nov/2025:19:47:52 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/dae35f74290f860719abc60*************************" [Client ww.xx.yy.zz] [Length 2] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.8.7-17352 (Android 11; moto g(9) plus)" "-"
[07/Nov/2025:19:48:03 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/dae35f74290f860719abc60*************************" [Client ww.xx.yy.zz] [Length 5389] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.8.7-17352 (Android 11; moto g(9) plus)" "-"
[07/Nov/2025:19:48:03 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/dae35f74290f860719abc60*************************" [Client ww.xx.yy.zz] [Length 38] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.8.7-17352 (Android 11; moto g(9) plus)" "-"
[07/Nov/2025:19:48:04 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/dae35f74290f860719abc60*************************" [Client ww.xx.yy.zz] [Length 2] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.8.7-17352 (Android 11; moto g(9) plus)" "-"
[07/Nov/2025:19:48:07 +0000] - 101 101 - GET https ha.mydomain.com "/api/websocket" [Client ww.xx.yy.zz] [Length 1011] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.8.7-17352 (Android 11; moto g(9) plus)" "-"
[07/Nov/2025:19:48:20 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/dae35f74290f860719abc60*************************" [Client ww.xx.yy.zz] [Length 2] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.8.7-17352 (Android 11; moto g(9) plus)" "-"
[07/Nov/2025:19:48:20 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/dae35f74290f860719abc60*************************" [Client ww.xx.yy.zz] [Length 2] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.8.7-17352 (Android 11; moto g(9) plus)" "-"
[07/Nov/2025:19:48:48 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/dae35f74290f860719abc60*************************" [Client ww.xx.yy.zz] [Length 5389] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.8.7-17352 (Android 11; moto g(9) plus)" "-"
[07/Nov/2025:19:51:21 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/dae35f74290f860719abc60*************************" [Client ww.xx.yy.zz] [Length 726] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.10.0 (io.robbie.HomeAssistant; build:2025.1443; iOS 18.6.2)" "-"
[07/Nov/2025:19:51:21 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/8f40870e11665ae0f55ded9*************************" [Client ww.xx.yy.zz] [Length 3726] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.10.0 (io.robbie.HomeAssistant; build:2025.1443; iOS 18.6.2)" "-"
[07/Nov/2025:19:51:21 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/8f40870e11665ae0f55ded9*************************" [Client ww.xx.yy.zz] [Length 1030] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.10.0 (io.robbie.HomeAssistant; build:2025.1443; iOS 18.6.2)" "-"
[07/Nov/2025:19:51:21 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/8f40870e11665ae0f55ded9*************************" [Client ww.xx.yy.zz] [Length 2] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.10.0 (io.robbie.HomeAssistant; build:2025.1443; iOS 18.6.2)" "-"
[07/Nov/2025:19:51:21 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/8f40870e11665ae0f55ded9*************************" [Client ww.xx.yy.zz] [Length 2] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.10.0 (io.robbie.HomeAssistant; build:2025.1443; iOS 18.6.2)" "-"
[07/Nov/2025:19:51:32 +0000] - 101 101 - GET https ha.mydomain.com "/api/websocket" [Client ww.xx.yy.zz] [Length 102267] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (iPhone; CPU iPhone OS 18_6_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Home Assistant/2025.10.0 (io.robbie.HomeAssistant; build:2025.1443; iOS 18.6.2) Mobile/HomeAssistant, like Safari" "-"
[07/Nov/2025:19:51:33 +0000] - 101 101 - GET https ha.mydomain.com "/api/websocket" [Client ww.xx.yy.zz] [Length 14866] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.10.0 (io.robbie.HomeAssistant; build:2025.1443; iOS 18.6.2)" "-"
[07/Nov/2025:19:52:44 +0000] - 200 200 - GET https ha.mydomain.com "/lovelace" [Client ww.xx.yy.zz] [Length 2346] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:52:45 +0000] - 200 200 - GET https ha.mydomain.com "/sw-modern.js" [Client ww.xx.yy.zz] [Length 27370] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:53:07 +0000] - 200 200 - POST https ha.mydomain.com "/api/webhook/36c727b5574139e4973ca72603bb****************" [Client ww.xx.yy.zz] [Length 2] [Gzip -] [Sent-to 192.168.1.42] "Home Assistant/2025.8.7-17352 (Android 15; moto g54 5G)" "-"
[07/Nov/2025:19:53:46 +0000] - 200 200 - GET https ha.mydomain.com "/lovelace" [Client ww.xx.yy.zz] [Length 2346] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:53:48 +0000] - 304 304 - GET https ha.mydomain.com "/sw-modern.js" [Client ww.xx.yy.zz] [Length 0] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:54:48 +0000] - 200 200 - GET https ha.mydomain.com "/lovelace" [Client ww.xx.yy.zz] [Length 2346] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:54:49 +0000] - 304 304 - GET https ha.mydomain.com "/sw-modern.js" [Client ww.xx.yy.zz] [Length 0] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:55:50 +0000] - 200 200 - GET https ha.mydomain.com "/lovelace" [Client ww.xx.yy.zz] [Length 2346] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:55:50 +0000] - 101 101 - GET https ha.mydomain.com "/api/websocket" [Client ww.xx.yy.zz] [Length 325] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:55:50 +0000] - 200 200 - GET https ha.mydomain.com "/auth/authorize?response_type=code&redirect_uri=https%3A%2F%2Fha.mydomain.com%2Flovelace%3Fauth_callback%3D1&client_id=https%3A%2F%2Fha.mydomain.com%2F&state=eyJoYXNzVXJsIjoia*********************************************90aHVpcy52YW5kZXJrb29pai5udS8ifQ%3D%3D" [Client ww.xx.yy.zz] [Length 1134] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "https://ha.mydomain.com/lovelace"
[07/Nov/2025:19:55:51 +0000] - 200 200 - GET https ha.mydomain.com "/auth/providers" [Client ww.xx.yy.zz] [Length 103] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:55:51 +0000] - 200 200 - POST https ha.mydomain.com "/auth/login_flow" [Client ww.xx.yy.zz] [Length 199] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:55:51 +0000] - 304 304 - GET https ha.mydomain.com "/sw-modern.js" [Client ww.xx.yy.zz] [Length 0] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:56:36 +0000] - 200 200 - GET https ha.mydomain.com "/" [Client ww.xx.yy.zz] [Length 2346] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "http://10.34.51.3:81/"
[07/Nov/2025:19:56:36 +0000] - 200 200 - GET https ha.mydomain.com "/auth/authorize?response_type=code&redirect_uri=https%3A%2F%2Fha.mydomain.com%2F%3Fauth_callback%3D1&client_id=https%3A%2F%2Fha.mydomain.com%2F&state=eyJoYXNzVXJsIjoia*********************************************90aHVpcy52YW5kZXJrb29pai5udS8ifQ%3D%3D" [Client ww.xx.yy.zz] [Length 1134] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "https://ha.mydomain.com/"
[07/Nov/2025:19:56:36 +0000] - 200 200 - GET https ha.mydomain.com "/auth/providers" [Client ww.xx.yy.zz] [Length 103] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:56:36 +0000] - 200 200 - POST https ha.mydomain.com "/auth/login_flow" [Client ww.xx.yy.zz] [Length 199] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:56:37 +0000] - 304 304 - GET https ha.mydomain.com "/sw-modern.js" [Client ww.xx.yy.zz] [Length 0] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:56:40 +0000] - 200 200 - POST https ha.mydomain.com "/auth/login_flow/0ca076a3feb99227f23b6f86373c7cb9" [Client ww.xx.yy.zz] [Length 160] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
[07/Nov/2025:19:56:40 +0000] - 200 200 - GET https ha.mydomain.com "/?auth_callback=1&code=134ca6e70170488b817151281f453307&state=eyJoYXNzVXJsIjoia*********************************************90aHVpcy52YW5kZXJrb29pai5udS8ifQ%3D%3D" [Client ww.xx.yy.zz] [Length 2346] [Gzip -] [Sent-to 192.168.1.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
RASBR
November 10, 2025, 3:15pm
13
Mine was working for about 6 years but suddenly this problem came about two weeks ago. I could not find any indication of the problem, I even went through setting my Network and Vlans all over again (I hope I didn’t break any other thing that was working!!)
