Issues with "login" from docker container running nginx/letsencrypt with new "trusted_networks"

Configuration
1

Since upgrading to 0.89.1, I have been getting error messages in the front end. I am running in Docker. I get the following:

Login attempt or request with invalid authentication from 127.18.0.6

127.18.0.6 is my NGINX/let’s encrypt container.

I have moved the trusted_networks up under homeassistant->auth_providers:

homeassistant:
  auth_providers:
    - type: homeassistant
    - type: trusted_networks
      trusted_networks:
        - 127.0.0.1
        - ::1

Since I did that, I have been routinely getting those errors.

If I restart my docker containers, I can access through my DuckDNS address, but at some point, it starts throwing those errors, and I get a 403 error if I navigate to my DuckDNS address.

If I restart my containers after that, I can access again. For a while. Then the whole thing repeats.

Maybe there’s just something I’m not getting about this new way, but it certainly isn’t working for me (I’ve tried removing trusted_networks from under http, and I’ve tried leaving it there, as well as having it under auth_providers, the result is the same).

I used this guide for setting up nginx: Nginx Reverse Proxy Set Up Guide – Docker.

2

I suggest you assign letsencrypt docker a static address and then add it to trusted networks:
In docker compose you add something like this:

networks:
  mynet:  # set up static ip to prevent HA blocking
    driver: bridge
    driver_opts:
      com.docker.network.enable_ipv6: "false"
    ipam:
      driver: default
      config:
      - subnet: 172.10.0.0/24 #

for the subnet pick a value it’s not currently being automatically used by docker. i.e. if your dockers have addresses 172.10.0.xx then use 172.11.0.0/24

add this part at the end of the letsencrypt docker-compose section

networks:
  mynet:
    ipv4_address: 172.10.0.10    # set up static ip to prevent HA blocking

Here I picked the address 172.10.0.10 for letesncrypt.

then add that to your trusted networks.

2 Likes
3

Thanks, I think that did the trick. I had tried putting the let’s encrypt container IP under trusted_networks, but then I didn’t notice (know) that it changed when I restarted them.

4

excellent, glad It helped