I have my HA on a Rpi4, and use my Sinology NAS to manage my SSL certificates and as a reverse proxy.
My goal is to route “https://secure.my-domain-name.com” to “http://local-ip-of-rpi4:8123”
The SSL certificate and reverse proxy settings are correct, but I run into a 400:bad request error from Home Assistant.
My setting in configuration.yaml is:
http:
use_x_forwarded_for: true
trusted_proxies:
- <<internal ip-address of synology nas>>
I would expect it to work, but somehow it doesn’t.
All the other solutions I found were for the scenario where HA and the proxyserver were on the same host or docker instance and (obviously) don’t work for my situation where HA and the proxy server have different IP-addresses.
I tried 0.0.0.0/0 as a trusted proxy: also no luck
thx!
I discovered that the reverse proxy part works correctly, because this is wat the HA log states after trying to reach https://secure.my-domain-name.com:
Logger: homeassistant.components.http.forwarded
Source: components/http/forwarded.py:114
Integration: HTTP ([documentation](https://www.home-assistant.io/integrations/http), [issues](https://github.com/home-assistant/home-assistant/issues?q=is%3Aissue+is%3Aopen+label%3A%22integration%3A+http%22))
First occurred: 08:54:49 (101 occurrences)
Last logged: 15:25:33
A request from a reverse proxy was received from <<local ip address of proxy server>>, but your HTTP integration is not set-up for reverse proxies
Also thanks for the marius-hosting link: I had read and tried that, but in that example the ip-address of the container and the proxy-server is the same. In my case it isn’t.
The weird thing is: I have put the http configuration in my yamlfile, but the log says it isnt configured ?!
Problem solved:
apparently I had to restart Home Assistant for the configuration to work.
I only reloaded the configuration.yaml, but that’s not enough
Just for the record -
if the proxy server is working correctly, you should be able to see an entry in the home assistant log saying
x-Forwarded-For header from an untrusted Proxy XX.XX.XXX.XXX
where the XXX show the IP address of the reverse proxy as seen by the docker image. Use this address in the allowed proxies
Thank you @ip1234 and @retc for the restart and logs tips! It resolved my case. Apparently, when instaling HAOS in VM on Synolgy, the trusted_proxies ip is not 127.0.0.1 anymore, as stated in Marius Hosting guide, but the internal ip.