If the proxy is on the same machine then localhost is fine…
When i only use
http:
use_x_forwarded_for: true
trusted_proxies:
- <IP OF NGIX>
It does the same, no more access.
If it’s on the same machine try localhost
David,
127.0.0.1 is localhost…
When i change it to:
http:
use_x_forwarded_for: true
trusted_proxies:
- 127.0.0.1
It starts but i get a message in the log:
A request from a reverse proxy was received from , but your HTTP integration is not set-up for reverse proxies; This request will be blocked in Home Assistant 2021.7 unless you configure your HTTP integration to allow this header.
When i enter that ip in stead of 127.0.0.1 or when i even add that ip than the site does not work.
I get: 400: Bad Request
I am aware of that but localhost also has an IPv6 equivalent so if you specify 127.0.0.1 it won’t find the other!
Good point. Try:
http:
server_host: 0.0.0.0
use_x_forwarded_for: true
trusted_proxies:
- 127.0.0.1
Found it!!!
In my reverse proxy i had to delete:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Good that you’ve solved it, although I’d be interested to understand why that’s fixed it. I still have that line in my nginx
config, although that is running on a remote machine.
I’m also getting this new warning, but I had one question: do I need the NGINX Add-on if I just use the external URL (DuckDNS domain) and rewrite DNS requests with AdGuard? (if I’m outside my network the URL is resolved by DuckDNS to my external IP, if I’m inside it’s resolved to my local address, so I can use only one URL and one certificate)
For now, I just added the following lines to the configuration.yaml file to remove the warning:
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.5 #The IP shown in the warning
and everything is fine now.
I’m running Traefik and HA in Docker. Is there any clean/portable way to add the trusted ips without hard-coding a specific Docker network ip?
Is that the ip of nginx in docker maybe?
You really should find out what that is
Worked for me, but I had to add as well 127.0.0.1 due to having Nginx on local.
Im running hassio on raspberry pi 4.
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.5 #IP Reverse_Proxy Nginx ADGuard
- 127.0.0.1 #IP Reverse_Proxy Nginx
Thanks
I think it’s Nginx, because every time I clicked something the warning counter was going up by 1.
(just clicking refresh in the logs page was enough)
I am using the Nginx Proxy also.
I assume that is where this message is coming from. The IP is different than what the OS is showing. So is the Nginx running in a different VM? If I use that IP could it change in the future? In all my other vhost I had to add the remote address, but not for the HA instance. Should I be able to use 127.0.0.1 then?
Just to complet all the answers, for those who are in docker context even swarm, you can configure a network :
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.0.0.0/8 # example
I had the same issue as well with a local Nginx setup. Reverting from core core-2021.6.0 to my backup from a couple of days ago, I don’t see the error. So I suspect something was changed very recently.
Making changes to configuration.yaml similar to above solved the issue. Hassio with Nginx add-on in Proxmox.
That is not a solution, and actually one of the few cases we can’t detect.
Strongly recommended NOT to delete the X-Forwarded-For, you are creating a security issue for yourself.
Hi. I’m experiencing a similar issue after the upgrade to HA Core 2021.7 (on raspbian OS).
HA reports
`Logger: homeassistant.components.http.forwarded
Source: components/http/forwarded.py:90
Integration: HTTP (documentation, issues)
First occurred: 10:51:04 (771 occurrences)
Last logged: 13:23:36
A request from a reverse proxy was received from 172.17.0.2, but your HTTP integration is not set-up for reverse proxies; This request will be blocked in Home Assistant 2021.7 unless you configure your HTTP integration to allow this header`.
Only recently (less than one month ago) I switched from a simple SSL way to secure HA to Caddy on docker (on the same machine).
Also, that message appears in concidence with the disconnection and reconnection of one of my smart plugs.
So, should I edit the configuration.yaml too?
Is it correct to add the following code?
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.17.0.2
- 127.0.0.1
Thank you!