"Login attempt or request with invalid authentication" when trying to access remotely

Installation Home Assistant OS
, , ,
1

I set up my Home Assistant VM in Proxmox together with an Nginx Reverse Proxy (that one is running in a separate container with the IP 192.168.178.50). Accessing the login page remotely works with no issues, entering the 2FA code works as well, but then I’m getting the “Unable to connect to Home Assistant” error screen.

The log gives me the following warning:

Login attempt or request with invalid authentication from [Public IP of device I tried logging in with]

This is what my configuration.yaml looks like:

http:
    use_x_forwarded_for: true
    trusted_proxies:
        - 192.168.178.50

Thanks in advance for your help!

4 Likes
2

Was able to fix it. In the corresponding proxy configuration for Nginx you need to add

            proxy_set_header    Upgrade     $http_upgrade;
            proxy_set_header    Connection  "upgrade";

to the “location” tag

13 Likes
3

Hi @dge301 , i used your two lines in previus post in my Nginx proxy manager beacuse i had a similar problem, a lot of logins attempts, until now, it is seem a solution, thanks!

image
image503×606 15.7 KB

2 Likes
4

Thanks @dge301 I was looking for that solution!

5

I’m having the same problem but the above solution didn’t fix the issue. I notice there is a note at the bottom of that custom config page that suggests that set_header won’t work if inputted here?

image
image500×533 16.3 KB

I did as the note suggested:

image
image494×771 14.1 KB

But the issue still persists. Sigh.

4 Likes
6

Same issue here. My Android companion app doesn’t work outside of local LAN. However geo tracking does work (so there is some connection to HA).

Anybody already found how to solve this?

7

Same config, same issue. Works fine if I use the external URL in a browser (request authentication, and loggin in works fine) but fails with the app.
It seems the app doesn’t request authentication.
Internally I use a trusted network value, so no authentication asked, and the app works fine.

8

i fixed this by logging out of the app. Disabling wifi so i was sure i was not accessing locally. Then entered the URL i use for HA (so no auto-detect). And login.

After this everything is working for local and remote through app.

1 Like
9

For me it work went i set the Connection header like this.

proxy_set_header    Upgrade     $http_upgrade;
proxy_set_header    Connection  $connection_upgrade;
1 Like
11

Could you help me with a print screen please? thanks!

12

had similar problem and did it as you mentioned and it worked :slight_smile:

13

For me the solution was to enable Websockets support in the proxy host settings in NGINX.

6 Likes
14

I found the soultion on reddit by iEatSponge:

This took me an hour to fix. I’m running home assistant in a docker container with nginx proxy manager in a separate container. I had everything set up properly, except I needed to check “Enable Webhooks Support” for my proxy host in nginx.

You don’t need to add the custom configuration. Hope it works for you

2 Likes
15

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;

to nginx under location worked for me

16

My solution:

  1. Enable WebSockets in reverse proxy.
  2. Clear browser cache (important!)
  3. Login again

image
image762×837 34.2 KB

8 Likes
17

Thank you! That was the right solution for me.
NGINX running on opnSense Firewall, and HA exposed to the Internet via that.

18

This did it for me! Thanks

19

I don’t have Nginx or duckdns addon and I am getting this error when I’m accessing from my Android app outside of my LAN while connected to Wireguard VPN. Why do I need a certificate if I’m accessing http localhost:8123 URL? I also have a nabu casa URL which should take care of the certificate if I’m not connected to Wireguard. Is there a way to whitelist the wireguard public IP?

1 Like
20

How did you configure this in the opnsense nginx? Where is the setting for websockets?

21

Not sure if this is exactly the same issue, but from nowhere I started to have a similar issue with the same error message in the logs.

Anywhere from just seconds after I logged in to after a minute or two my gateway IP was blocked when I logged in with my regular desktop browser resulting in me being locked out from Home Assistant. The only (temporary) fix was to clear ip_bans.yaml and restart Home Assistant, but the gateway IP would again be blocked as soon as I logged in.

My nginx config already had the proxy_set_header configuration suggestion in this thread, so that didn’t solve. But then I saw this post on GitHub:

I realized that this started to happen after I had logged in to Home Assistant and clicked to save the credentials in the keychain and use Safari autofill. All the login attempts after that using the autofill were IP blocked shortly after login.

I cleared ip_bans.yaml, restarted Home Assistant, logged out and then logged in by entering the login credentials manually instead of using autofill. To my surprise it worked, no more IP banning. One day later and the session/authentication is still working, and I could reproduce this on both my machines that both had this issue.

So using a password manager autofilling the login credentials appear to somehow create a successful login but one that isn’t persistent.

1 Like