Reverse proxy error

This fixed all my web issues but I can’t make it work on the iOS.
Getting NSURLErrorDomain - 1003 error when tried to connect via the App on an iPhone

Weird, if have read everything, and configured it properly, but i still get ERR_CONNECTION_REFUSED.
image
All other reverse proxy rules are working. So it must be something with HA.

Home Assistant relies on websockets, which basically are a “stay open” type of connection, and requires extra configuration on the reverse proxy side to allow websockets to work. Which proxy are you trying to use?

To rule out the block issue on the Home Assistant side, you can TEMPORARILY add this to your config:

http:
    use_x_forwarded_for: true
    trusted_proxies:
      - 0.0.0.0/0 

This will completely open the Home Assistant block and allow any reverse proxy to go through. If this works then the issues is not specifying the right IP for the trusted proxy. If it still doesn’t work even after allowing all IPs, the issue is on your reverse proxy configs and likely not on the Home Assistant side (likely not configuring websockets properly). I say Temporarily set this only for testing because leaving it like this overrides the security and leaves your system vulnerable to attacks, which is the reason specifying this IP was added as a requirement last year.

Update:
Took another look at your post and possibly its just a YAML formatting issue. Move the IP to another line and indent it with a dash instead of putting it right after the colon. Try this instead of what you have:

http:
    use_x_forwarded_for: true
    trusted_proxies:
      - 192.168.178.whatever
1 Like

@mwav3 , thanks for helping out. With this setup i have the same result:
image
Same issue with these settings:
image
these are the reverse proxy settings:
image

image

That appears you are using the NGINX proxy manager - if so checkout this post. You need to go to advanced settings and specify additional info. This user was able to get it working successfully with the config they posted

@mwav3 , thanks again. i don’t use a NGINX reverse proxy. I use the standard build in reverse proxy from synology.


All the setting they are talking about are not in here or in a different location.
What do you use as a reverse proxy?

I’m not too familiar with synology, but I know it’s more locked down then just running on a Linux os like Ubuntu or debian.

I use the SWAG docker container, which sets up nginx and some other tools like ssl and fail2ban. I’m running it on Ubuntu.

The thread I linked in the last post contains a comprehensive setup guide. Pretty sure you can run docker containers on synology, but it might be a little different from the guide. Guide is in the top post (linked below)

@mwav3 thanks again. i will check this setup, but it seems a bit of big change for something that should work with the syno reverse proxy. But many thanks for your help!

I have HA in a docker container on a raspberry pi.
I use remote.it to proxy my network, since I could not edit port forwarding of the router.
SSH works flawless, but I am having problems accessing the web interface.

I added

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.0.0.1

to my config, but now I am getting Received X-Forwarded-For header from an untrusted proxy 127.0.0.1

I saw in this thread, that deleting proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; is the only solution (but with security risk?). But where can I edit my nginx, since I am using remote.it?

This is my config there: image

EDIT: Guess it was just a typo. Thanks @w35l3y

172 or 127 ?

1 Like

Worked for me as well. Thanks!

In order to get my external access working, I had to set the password of the user account again.
Same password, same settings. HomeAssistant just needed propagate the password again(?)

Además, hay que agregar en nginx proxy manager, la opción websockets

Running HassOS 13.2 and HA Core 2024.11.1 and the Nginx Proxy Manager Addon, I found that my Dockers use the 172.30.32/23 network, so I could use either

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.4  # NPM Docker; Docker Network is 172.30.32/23

(the machine, more safe)

—or—

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.32.0/23  # Docker Network; NPM is 172.30.33.4

(the Docker network, less safe)

Thanks to all that have found out things in this long thread!