Reverse proxy - invalid authentication error in HA log

Home Assistant 2023.4.6, Frontend 20230411.1.
Docker using latest official image.

I’m setting up a HA system. The basic system is up and functional and now I am provisioning secure remote access. I have a TLS based remote proxy setup already working and used for several other systems so I have added a configuration there for the HA system and I have done the necessary in the ‘http:’ settings in HA (adding the required entries). I have also enabled external access (by specifying the external https:// URL) in the Settings > System > Network.

When I try to connect via the HTTPS URL I get the HA login screen but when I enter my credentials it then displays a screen with the HA logo in the middle which says it is unable to connect and with a retry countdown / Link. No amount of retrying works.

The same credentials work fine via the local http:// URL. The user is an admin and is not set to ‘only login from the local network’.

The log shows (only) the following:

2023-05-01 09:24:51.678 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from xxx.yy.zz (1.2.3.4). Requested URL: ‘/auth/token’. (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15)

Note that this message only appears in the log when you retry; the initial login attempt does not seem to generate any log messages at all (which is kind of strange…).

Can anyone suggest how to further troubleshoot this? I’m rather out of ideas and I need to get this working.

Thanks.

Any additional luck? I was playing around with adding a SSL reverse proxy and ran into the same exact issue. I was also wondering what to look into next.

On the initial login I noticed a 400 response on: wss://{proxy_ip}:{proxy_port}/api/websocket - not sure if this is related or not.

Ahh - it was related: my nginx setting did not support websockets. Everything works after I added :

location / {
        proxy_pass http://ipaddr:  
        ...... rest of the config

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
1 Like

Thank you! This was also my problem. Enabling web sockets for this proxy connection allows it to work.

1 Like

thanks a lot!

1 Like