Repeated "Login attempt failed" from 127.0.0.1

mdezzi · January 14, 2020, 3:55pm

I am running Hass.io in Virtualbox on a spare laptop, and a few times a day I receive this message as a persistent notification. I’m assuming that the request is not actually coming from 127.0.0.1, and I’d like to see the actual IP address that is logging in (i am using HA Cloud via Nabu Casa).

I was looking through this page and i think i want to set up “use_x_forwarded_for” and “trusted_proxies”, but the note in the trusted proxies section has me worried:

"This is required when using use_x_forwarded_for because all requests to Home Assistant, regardless of source, will arrive from the reverse proxy IP address. Therefore in a reverse proxy scenario, this option should be set with extreme care."

Since I migrated my setup from a Rpi3 to a PC and basically started over, my assumption is it is one of my devices trying to log in and being denied (as opposed to a bot hitting the nabu casa URL). I’d like to see the IP address (internal or external) to try to determine what device I need to fix.

I already tried to set use_x_forwarded_for to true and set my trusted_proxies to my Hass.io machine’s internal IP address. When i deliberately logged in with an incorrect password, it still shows up as 127.0.0.1

Any ideas?

EDIT: Additionally, it seems that even without “use_x_forwarded_for” if I purposely log in with an incorrect password from within my home network the correct internal IP address is displayed. It seems this 127.0.0.1 address only appears when accessing via HA cloud. I’d really like to see the real IP address so i can potentially ban if necessary.

Dielee · January 21, 2020, 7:02am

Having this, too. But not from 127.0.0.1. Every internal device gets blocked some times…

auth_providers:

  auth_providers:
    - type: homeassistant
    - type: trusted_networks
      trusted_networks:
         - 192.168.50.0/24
      trusted_users:
        192.168.50.103: XXXUserIDXXX
      allow_bypass_login: true

http:

http:
  server_port: 5010
  base_url: https://xxx.subdomain.de
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.50.3
    - 127.0.0.1
  ip_ban_enabled: true
  login_attempts_threshold: 2

Nginx Config:

server {
        listen 443 ssl;
        server_name XXX.subdomain.de; # Domain für die erste Web-Applikation

        ssl on;
        ssl_certificate /etc/letsencrypt/live/XXX.subdomain.de/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/XXX.subdomain.de/privkey.pem; # managed by Certbot

        error_page 497 = https://$server_name:$server_port$request_uri;

        location /
               {
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header Host $host;
                proxy_http_version 1.1;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://192.168.50.4:5010; # Interne IP und Port
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
               }

}

Any Ideas ?

kg23 · May 22, 2020, 9:50pm

I used the example nginx location block above and it solved my “always logging 127.0.0.1” issue with ip_ban_enabled. I am running Home Assistant on a Mac with nginx. My http block is

http:
  trusted_proxies: 127.0.0.1
  use_x_forwarded_for: true
  ip_ban_enabled: true
  login_attempts_threshold: 5
  server_port: 8123