mkanet
July 19, 2021, 6:35pm
1
I just upgraded from Home Assistant 2021.4.6 —> Home Assistant 2021.7.
Immediately after doing this, when I try to login to the web interface, I get the error message below:
My Home assistant instance (Virtualbox VM runnning on a Windows 10 host) is behind a Nginx reverse proxy.
I’ve never had this issue before. Nothing has changed on my network or setup other than upgrading Home Assistant.
Configuration.yaml:
http:
use_x_forwarded_for: True
trusted_proxies:
- 192.168.1.1
- 192.168.1.2
api:
homeassistant:
auth_providers:
- type: trusted_networks
trusted_networks:
- 192.168.1.0/24
- 172.16.0.0/12
- fe00::/8
Nginx.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate ./ssl/fullchain.cer;
ssl_certificate_key ./ssl/cert.key;
server_name ha.myurl.com;
location / {
proxy_pass http://192.168.1.101:8123;
proxy_set_header Accept-Encoding "";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
Thanks in advance for your help.
rccoleman
July 19, 2021, 8:09pm
2
You probably need to add this to your `auth_providers:
- type: homeassistant
Is your proxy server address one of these?
What do you see in the HA logs?
Your proxy also needs to add the “X-Forwarded-For:” header, but I don’t know exactly what triggers that in the NGINX config.
mkanet
July 19, 2021, 8:30pm
3
Thanks for the suggestions. It doesn’t make any difference when making these changes (below) after restarting nginx/home assistant. Whatever the problem is, my configuration was just fine for all previous versions of Home Assistant in the last couple of years.
The only thing I can do is log in with: Home Assistant Local username/password. I’m curious what changed in Home Assistant in the last couple of versions to break trusted network for nginx.
configuration.yaml
homeassistant:
auth_providers:
- type: trusted_networks
trusted_networks:
- 192.168.1.0/24
- 172.16.0.0/12
- fe00::/8
- type: homeassistant
nginx.conf:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate ./ssl/fullchain.cer;
ssl_certificate_key ./ssl/cert.key;
server_name ha.myurl.com;
location / {
proxy_pass http://192.168.1.101:8123;
proxy_set_header Accept-Encoding "";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
No related errors or warnings in the log.
rccoleman
July 19, 2021, 8:43pm
4
mkanet
July 19, 2021, 10:47pm
5
Thanks for the link. sigh I’m really having a hard time keeping up with all the things that break with each update.
Babble
August 8, 2021, 2:10pm
6
I just ran into this same issue while trying to update from an older release to 2021.8. Did you ever find a fix/workaround?
mkanet
August 12, 2021, 10:39pm
7
So sorry for the late response. My issue was because I had proxy_set_header X-Forwarded-Proto $scheme; missing in my nginx configuration for Home Assistant. Thanks to @rccoleman for the tip! Below is what my the configuration looks like now:
configuration.yaml
http:
use_x_forwarded_for: True
trusted_proxies:
- 192.168.1.2
api:
homeassistant:
auth_providers:
- type: trusted_networks
trusted_networks:
- 192.168.1.0/24
- 172.16.0.0/12
- fe00::/8
- type: homeassistant
nginx.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate ./ssl/fullchain.cer;
ssl_certificate_key ./ssl/cert.key;
server_name ha.myurl.com;
location / {
proxy_pass http://192.168.1.101:8123;
proxy_set_header Accept-Encoding "";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
1 Like
