I am using the Home Assistant image for my RaspberryP1 3B. I have configured remote access using DuckDNS and NGINX and it has been running fine until I recently upgraded to core-2021.7.0.
While looking into this issue I did find the information about the breaking changes around the reverse proxy. I also found a lot of messages related to this topic and for most the resolution seems simply to add the following two lines under the http: section in the configuration file.
http: use_x_forwarded_for: true trusted_proxies: - 172.30.33.0/24
Unfortunately that did not work for me and I have tried all other suggested subnets and ip addresses to be added to the trusted_proxies as well. But so far no luck and it is driving me mad.
I have now rolled back to core core-2021.6.6 and I have at least regained my external access again. However I need to fix the issue in order to make sure I can keep up with the newer core releases. And of course to stay as secure as possible.
In the Home Assistant logs I can still see the warning messages as below:
Logger: homeassistant.components.http.forwarded Source: components/http/forwarded.py:90 Integration: HTTP ([documentation](https://www.home-assistant.io/integrations/http), [issues](https://github.com/home-assistant/home-assistant/issues?q=is%3Aissue+is%3Aopen+label%3A%22integration%3A+http%22)) First occurred: 14:41:26 (6 occurrences) Last logged: 14:42:33 A request from a reverse proxy was received from 172.30.33.6, but your HTTP integration is not set-up for reverse proxies; This request will be blocked in Home Assistant 2021.7 unless you configure your HTTP integration to allow this header
Based on what else I could find on the internet I have the impression it is caused by the actual NGINX configuration but have no clue how and where I can validate this. I have even uninstalled NGINX and re-installed again to make sure I have a clean setup. So far still no luck and as said it is driving me mad!
Any ideas how I can troubleshoot this further or how I can check the NGINX config itself?
My current http section in the Home Assisatnt configuration file looks like this:
http: ip_ban_enabled: true login_attempts_threshold: 3 use_x_forwarded_for: true trusted_proxies: - 172.30.32.0/23 - 172.16.0.0/12 - 192.168.54.0/24 - 192.168.56.0/24 - 127.0.0.1
And my NGINX add-on configuration looks like this:
domain: <my subdomain>.duckdns.org certfile: fullchain.pem keyfile: privkey.pem hsts: max-age=31536000; includeSubDomains cloudflare: false customize: active: false default: nginx_proxy_default*.conf servers: nginx_proxy/*.conf