"Login attempt or request with invalid authentication" when trying to access remotely

Installation Home Assistant OS
, , ,
#1

I set up my Home Assistant VM in Proxmox together with an Nginx Reverse Proxy (that one is running in a separate container with the IP 192.168.178.50). Accessing the login page remotely works with no issues, entering the 2FA code works as well, but then I’m getting the “Unable to connect to Home Assistant” error screen.

The log gives me the following warning:

Login attempt or request with invalid authentication from [Public IP of device I tried logging in with]

This is what my configuration.yaml looks like:

http:
    use_x_forwarded_for: true
    trusted_proxies:
        - 192.168.178.50

Thanks in advance for your help!

4 Likes
#2

Was able to fix it. In the corresponding proxy configuration for Nginx you need to add

            proxy_set_header    Upgrade     $http_upgrade;
            proxy_set_header    Connection  "upgrade";

to the “location” tag

9 Likes
#3

Hi @dge301 , i used your two lines in previus post in my Nginx proxy manager beacuse i had a similar problem, a lot of logins attempts, until now, it is seem a solution, thanks!

image
image503×606 15.7 KB

1 Like
#4

Thanks @dge301 I was looking for that solution!

#5

I’m having the same problem but the above solution didn’t fix the issue. I notice there is a note at the bottom of that custom config page that suggests that set_header won’t work if inputted here?

image
image500×533 16.3 KB

I did as the note suggested:

image
image494×771 14.1 KB

But the issue still persists. Sigh.

3 Likes
#6

Same issue here. My Android companion app doesn’t work outside of local LAN. However geo tracking does work (so there is some connection to HA).

Anybody already found how to solve this?

#7

Same config, same issue. Works fine if I use the external URL in a browser (request authentication, and loggin in works fine) but fails with the app.
It seems the app doesn’t request authentication.
Internally I use a trusted network value, so no authentication asked, and the app works fine.

#8

i fixed this by logging out of the app. Disabling wifi so i was sure i was not accessing locally. Then entered the URL i use for HA (so no auto-detect). And login.

After this everything is working for local and remote through app.

1 Like
#9

For me it work went i set the Connection header like this.

proxy_set_header    Upgrade     $http_upgrade;
proxy_set_header    Connection  $connection_upgrade;
1 Like
#11

Could you help me with a print screen please? thanks!

#12

had similar problem and did it as you mentioned and it worked :slight_smile:

#13

For me the solution was to enable Websockets support in the proxy host settings in NGINX.

4 Likes
#14

I found the soultion on reddit by iEatSponge:

This took me an hour to fix. I’m running home assistant in a docker container with nginx proxy manager in a separate container. I had everything set up properly, except I needed to check “Enable Webhooks Support” for my proxy host in nginx.

You don’t need to add the custom configuration. Hope it works for you

2 Likes
#15

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;

to nginx under location worked for me

#16

My solution:

  1. Enable WebSockets in reverse proxy.
  2. Clear browser cache (important!)
  3. Login again

image
image762×837 34.2 KB

6 Likes
#17

Thank you! That was the right solution for me.
NGINX running on opnSense Firewall, and HA exposed to the Internet via that.

#18

This did it for me! Thanks

#19

I don’t have Nginx or duckdns addon and I am getting this error when I’m accessing from my Android app outside of my LAN while connected to Wireguard VPN. Why do I need a certificate if I’m accessing http localhost:8123 URL? I also have a nabu casa URL which should take care of the certificate if I’m not connected to Wireguard. Is there a way to whitelist the wireguard public IP?

#20

How did you configure this in the opnsense nginx? Where is the setting for websockets?