Reverse proxy error

DavidFW1960 · June 3, 2021, 8:42am

If the proxy is on the same machine then localhost is fine…

dvoijen · June 3, 2021, 9:23am

When i only use

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - <IP OF NGIX>

It does the same, no more access.

DavidFW1960 · June 3, 2021, 9:29am

If it’s on the same machine try localhost

dvoijen · June 3, 2021, 9:34am

David,

127.0.0.1 is localhost…

dvoijen · June 3, 2021, 11:17am

When i change it to:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1

It starts but i get a message in the log:
A request from a reverse proxy was received from , but your HTTP integration is not set-up for reverse proxies; This request will be blocked in Home Assistant 2021.7 unless you configure your HTTP integration to allow this header.

When i enter that ip in stead of 127.0.0.1 or when i even add that ip than the site does not work.
I get: 400: Bad Request

DavidFW1960 · June 3, 2021, 11:33am

I am aware of that but localhost also has an IPv6 equivalent so if you specify 127.0.0.1 it won’t find the other!

Troon · June 3, 2021, 11:34am

Good point. Try:

http:
  server_host: 0.0.0.0
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1

dvoijen · June 3, 2021, 11:55am

Found it!!!
In my reverse proxy i had to delete:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Troon · June 3, 2021, 12:01pm

Good that you’ve solved it, although I’d be interested to understand why that’s fixed it. I still have that line in my nginx config, although that is running on a remote machine.

martymarty004 · June 3, 2021, 2:10pm

I’m also getting this new warning, but I had one question: do I need the NGINX Add-on if I just use the external URL (DuckDNS domain) and rewrite DNS requests with AdGuard? (if I’m outside my network the URL is resolved by DuckDNS to my external IP, if I’m inside it’s resolved to my local address, so I can use only one URL and one certificate)

martymarty004 · June 3, 2021, 4:44pm

For now, I just added the following lines to the configuration.yaml file to remove the warning:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.5    #The IP shown in the warning

and everything is fine now.

breakthestatic · June 3, 2021, 4:59pm

I’m running Traefik and HA in Docker. Is there any clean/portable way to add the trusted ips without hard-coding a specific Docker network ip?

tmjpugh · June 3, 2021, 6:07pm

martymarty004:

For now, I just added the following lines to the configuration.yaml file to remove the warning:

Copy to clipboard
http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.5    #The IP shown in the warning
and everything is fine now.

Is that the ip of nginx in docker maybe?
You really should find out what that is

Cuttysark90 · June 3, 2021, 6:08pm

Worked for me, but I had to add as well 127.0.0.1 due to having Nginx on local.
Im running hassio on raspberry pi 4.

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.5          #IP Reverse_Proxy Nginx ADGuard
    - 127.0.0.1        #IP Reverse_Proxy Nginx

Thanks

martymarty004 · June 3, 2021, 6:30pm

I think it’s Nginx, because every time I clicked something the warning counter was going up by 1.
(just clicking refresh in the logs page was enough)

penright · June 3, 2021, 7:36pm

I am using the Nginx Proxy also.

I assume that is where this message is coming from. The IP is different than what the OS is showing. So is the Nginx running in a different VM? If I use that IP could it change in the future? In all my other vhost I had to add the remote address, but not for the HA instance. Should I be able to use 127.0.0.1 then?

baimard · June 3, 2021, 9:39pm

Just to complet all the answers, for those who are in docker context even swarm, you can configure a network :

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.0.0.0/8 # example

Bohemian · June 3, 2021, 11:31pm

I had the same issue as well with a local Nginx setup. Reverting from core core-2021.6.0 to my backup from a couple of days ago, I don’t see the error. So I suspect something was changed very recently.

Making changes to configuration.yaml similar to above solved the issue. Hassio with Nginx add-on in Proxmox.

frenck · June 3, 2021, 11:41pm

That is not a solution, and actually one of the few cases we can’t detect.
Strongly recommended NOT to delete the X-Forwarded-For, you are creating a security issue for yourself.

Topolynx · June 4, 2021, 11:44am

Hi. I’m experiencing a similar issue after the upgrade to HA Core 2021.7 (on raspbian OS).
HA reports
`Logger: homeassistant.components.http.forwarded
Source: components/http/forwarded.py:90
Integration: HTTP (documentation, issues)
First occurred: 10:51:04 (771 occurrences)
Last logged: 13:23:36

A request from a reverse proxy was received from 172.17.0.2, but your HTTP integration is not set-up for reverse proxies; This request will be blocked in Home Assistant 2021.7 unless you configure your HTTP integration to allow this header`.
Only recently (less than one month ago) I switched from a simple SSL way to secure HA to Caddy on docker (on the same machine).
Also, that message appears in concidence with the disconnection and reconnection of one of my smart plugs.
So, should I edit the configuration.yaml too?
Is it correct to add the following code?

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.17.0.2
    - 127.0.0.1

Thank you!