I am having a hard time configuring my HA setup for external use.
I have installed NGINX Home Assistant SSL proxy add-on, I have created a certificate through the letsencrypt add-on and I have configured NGINX to my external domain.
So far so good.
After that I have configured the configuration.yaml with the needed lines of code:
Now when I try to access my website through the external url, I am getting the following error:
ERROR (MainThread) homeassistant.components.http.forwarded Received X-Forwarded-For header from an untrusted proxy 172.30.33.11
As you can see I have trusted this ipaddress as trusted_proxy, but I still get this error message and the browser comes up with the 440: bad request error.
i have tried to whitelist the whole subnet: 172.30.33.0/24, I have even tried to whitelist all subnets: 0.0.0.0/0
Nothing is working, I always end up with the same error:
ERROR (MainThread) homeassistant.components.http.forwarded Received X-Forwarded-For header from an untrusted proxy 172.30.33.11
Please note that I have also tried to get it working with the customize active setting set to false.
I have already tried to add the whole subnet (172.30.33.0/24) to the trusted_proxies, like in your configuration. But that also resulted in the bad request error.
I have tried it with the indentation you sent me, but it still gives me the same error.
I have installed HA as standard (i used the ova for esxi). HA is running on my esx 7.0U2 standalone host with local storage.
I dont have any VLAN’s in use and HA is only using a single IP address with ipv6 disabled (from the HA webinterface).
I have checked the logs and i can only find a connection being setup over ipv4.
I have already disabled ipv6 via settings > system > network.
Eventhough ipv6 is disabled i have also tried the setup with ipv6 in the trusted_proxies list, but this also does not work.
I have restarted HA after an update and now it is broken again.
However, instead of getting the error untrusted proxy 172.30.33.11 I am not getting untrusted proxy 172.30.33.10. So the NGINX plugin ip address seems to have been renewed/changed after the reboot.
I have added 172.30.33.10 to the trusted_proxies list, but I still get the error.
I also tried to add the whole subnet (172.30.33.0/24) to the trusted_proxies list, but this also does not work.
Another update (haha).
External access is working again at the moment.
I have rebooted HA a couple of times, each time it seems that the Nginx addon gets a new ipaddress.
After the first reboot, I was still getting the error, but now from ip 172.30.33.4.
I was sick of it, so I have added 172.30.33.1 through 172.30.33.11 to the trusted_proxies list (I accidentally forgot to add 127.0.0.1 back to the list) and rebooted HA after.
Guess what? External access was working again.
It goes beyond my knowledge what is happening here, to me it seems like sometimes the configuration.yaml is not read as intended.
I would suggest you put a comment in you conf.yaml file referencing this thread as I’m sure you’ll be pulling your hair again in the future trying to phathom how you got working by trial and error