Reverse proxy error

If the proxy is on the same machine then localhost is fine…

1 Like

When i only use

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - <IP OF NGIX>

It does the same, no more access.

If it’s on the same machine try localhost

David,

127.0.0.1 is localhost…

When i change it to:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1

It starts but i get a message in the log:
A request from a reverse proxy was received from , but your HTTP integration is not set-up for reverse proxies; This request will be blocked in Home Assistant 2021.7 unless you configure your HTTP integration to allow this header.

When i enter that ip in stead of 127.0.0.1 or when i even add that ip than the site does not work.
I get: 400: Bad Request

I am aware of that but localhost also has an IPv6 equivalent so if you specify 127.0.0.1 it won’t find the other!

Good point. Try:

http:
  server_host: 0.0.0.0
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1

Found it!!!
In my reverse proxy i had to delete:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

3 Likes

Good that you’ve solved it, although I’d be interested to understand why that’s fixed it. I still have that line in my nginx config, although that is running on a remote machine.

I’m also getting this new warning, but I had one question: do I need the NGINX Add-on if I just use the external URL (DuckDNS domain) and rewrite DNS requests with AdGuard? (if I’m outside my network the URL is resolved by DuckDNS to my external IP, if I’m inside it’s resolved to my local address, so I can use only one URL and one certificate)

For now, I just added the following lines to the configuration.yaml file to remove the warning:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.5    #The IP shown in the warning

and everything is fine now.

2 Likes

I’m running Traefik and HA in Docker. Is there any clean/portable way to add the trusted ips without hard-coding a specific Docker network ip?

3 Likes

Is that the ip of nginx in docker maybe?
You really should find out what that is

Worked for me, but I had to add as well 127.0.0.1 due to having Nginx on local.
Im running hassio on raspberry pi 4.

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.5          #IP Reverse_Proxy Nginx ADGuard
    - 127.0.0.1        #IP Reverse_Proxy Nginx

Thanks

I think it’s Nginx, because every time I clicked something the warning counter was going up by 1.
(just clicking refresh in the logs page was enough)

I am using the Nginx Proxy also.
image

I assume that is where this message is coming from. The IP is different than what the OS is showing. So is the Nginx running in a different VM? If I use that IP could it change in the future? In all my other vhost I had to add the remote address, but not for the HA instance. Should I be able to use 127.0.0.1 then?

Just to complet all the answers, for those who are in docker context even swarm, you can configure a network :

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.0.0.0/8 # example
9 Likes

I had the same issue as well with a local Nginx setup. Reverting from core core-2021.6.0 to my backup from a couple of days ago, I don’t see the error. So I suspect something was changed very recently.

Making changes to configuration.yaml similar to above solved the issue. Hassio with Nginx add-on in Proxmox.

That is not a solution, and actually one of the few cases we can’t detect.
Strongly recommended NOT to delete the X-Forwarded-For, you are creating a security issue for yourself.

1 Like

Hi. I’m experiencing a similar issue after the upgrade to HA Core 2021.7 (on raspbian OS).
HA reports
`Logger: homeassistant.components.http.forwarded
Source: components/http/forwarded.py:90
Integration: HTTP (documentation, issues)
First occurred: 10:51:04 (771 occurrences)
Last logged: 13:23:36

A request from a reverse proxy was received from 172.17.0.2, but your HTTP integration is not set-up for reverse proxies; This request will be blocked in Home Assistant 2021.7 unless you configure your HTTP integration to allow this header`.
Only recently (less than one month ago) I switched from a simple SSL way to secure HA to Caddy on docker (on the same machine).
Also, that message appears in concidence with the disconnection and reconnection of one of my smart plugs.
So, should I edit the configuration.yaml too?
Is it correct to add the following code?

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.17.0.2
    - 127.0.0.1

Thank you!

2 Likes