NGINX Home Assistant SSL proxy - your HTTP integration is not set-up for reverse proxies

bviktor · March 21, 2022, 6:33am

Hi,

So I installed HAOS, then the Let’s Encrypt addon, obtained my cert and private key from my DNS registrar, all is well.

Then installed NGINX Home Assistant SSL proxy, aaaand all it gives me in a browser is:

400: Bad Request

Then if I check the Home Assistant logs, it’s full of:

A request from a reverse proxy was received from 172.30.33.0, but your HTTP integration is not set-up for reverse proxies

Yes, I added these lines to my config:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24

But it does not solve anything. Tried adding the various “magic” random IP addresses others suggested on these forums, even 0.0.0.0/0, but I still receive the same error every time.

Any ideas?

Tinkerer · March 21, 2022, 7:21am

After you made those changes did you run

ha core check

Then, after that returned with no errors, did you restart Home Assistant?

bviktor · March 21, 2022, 10:06pm

Hi,

I ran that command, it said all is well.

Then restarted HA from the web UI, no change. Then rebooted the VM altogether, no change.

Then I reinstalled the Nginx addon, applied my config again, and no change, still. This is the log:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[23:02:57] INFO: Generating dhparams (this will take some time)...
Generating DSA parameters, 4096 bit long prime
.+.........+................+.+...........+.+...................+...........+.+...............................+.+..+.+.....+.......................................+.+..+......+.........+...+..............+...........+...+.+.....+..........+........+...............+...........+....+...............+.............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*
........+................+..+..+.+.........+....+..+....+.......+......+........+..............+.....+......+.+.......+.....+....+...........+.....+......+............+..+........+.....+...+..+...+.+..+.................................+.....+..............+....+............+................+............+......+.........+.....+........................+...+............+.....+.+.+....+..+.........+.................+...................+.....+...........+....................+.+..............+.............+.....+.+........+..+..........+.......+.............+....+...+..........+.......................................................+................+......+...........+...+.........+.......+............+............+....+...+..................+........+......+...................+......+.+...........+...+.+............+......+......+...+.............+..+....+.+.......+............+.................+......+.....+.................+....+.....+.....+....+...+.......+...+...........+......+..........+..........+..................+.......+..............................+...+.+...+.......+...+.+.+........+......................+........+...+.+.+.+..................+...............+............+..................................+.+.......+................+.........+..+.........+......................+......+..........+....+..+....................+....+..+.....+.............................+.............+....+...............+..+.............+..............+..+.+.......................+..+...+..+.......+...............+.+.....+.....+.......+.............+.+....+.............+..........+...............................+..+........+...+.+......+......+.......+...+........+......................................+.........+.......................+....+...+...+............................................+............+..+.............+..+.....+.+.+..+..+....+.+..+..+...........................+.........+......+...+..................+.......+......................+.................+...............+.+..+..............+........+.....+..............................+..+....+..+........+..........+.+..+..+.................+............+..+.......+..+...+..........+..+....+................................+..+................+.+.............+..+...........+....+..........................................+.........+..+...+.......+......+.......+............+..........................+......................................+...+...+......+..........+.+.........+........+..................+...............................+.......+.+..................................+..............+.....+.+...+...........+.....+......+.............+.........+.+.......+...................+....+...........+.....+.+...................................+...............+...+.............................+.....+..........+....+.+.......+..+.........+.......+........+.+..+.................+.........+...............+...+......+.................+.....+.+....................+.+....+.................................+.........+.+.+..+..........+..+..........+...+...+.....+.......+............+...+..+.........+.+.........+.................+..+....+........+.............+..+..................+.............+.....+..+....+........+...+.........+..+.........+....+.+.+..+.......+...+.+.+.........+....................+..........+.........+....................................+................+.......+..................+............+..+.+....+...........+.............+..+.+.......+..+..........................+...+......+...+.......+....+..........+..+.....................................+..........+.....+...+.................+.............+.+......+.........+..............+.................+......+............+......+...............+........+.......+.......................+.+.+.............+...............+......+.......................+......+.+.....+.+..........+..+............+.+...+.......................+....+...............+....+..+........+.+...+.....+.........+...............................+........+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*
[23:03:27] INFO: Creating 'snakeoil' self-signed certificate...
Generating a RSA private key
............+++++
.........+++++
writing new private key to '/data/ssl-cert-snakeoil.key'
-----
[23:03:27] INFO: Running nginx...

(Btw it’s pretty hard to debug when these logs don’t seem to be available after the next restart of the addon. Unless I’m missing something. I remember reading some “snake-oil” initially, but could never get it to show ever again. Until now, with a reinstall.)

bviktor · March 21, 2022, 10:07pm

I’m also not sure why it generates a self-signed cert if the Let’s Encrypt cert is allegedly there.

I’d check manually, but I don’t have terminal access to this “appliance”.