Reverse proxy via Synology: error 400

retc · May 26, 2023, 7:50am

I have my HA on a Rpi4, and use my Sinology NAS to manage my SSL certificates and as a reverse proxy.
My goal is to route “https://secure.my-domain-name.com” to “http://local-ip-of-rpi4:8123”
The SSL certificate and reverse proxy settings are correct, but I run into a 400:bad request error from Home Assistant.

My setting in configuration.yaml is:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - <<internal ip-address of synology nas>>

I would expect it to work, but somehow it doesn’t.
All the other solutions I found were for the scenario where HA and the proxyserver were on the same host or docker instance and (obviously) don’t work for my situation where HA and the proxy server have different IP-addresses.
I tried 0.0.0.0/0 as a trusted proxy: also no luck

Does anyone have a clue or an idea I could try?

retc · May 26, 2023, 9:09am

the log states that the http is not setup, but is is…

vingerha · May 26, 2023, 9:12am

Not sure what you setup on the rev-proxy or maybe your router is not helping, many options, check this…it also has a SEPARATE page on setting up rev-proxy on syno
Synology: Home Assistant 400: Bad Request – Marius Hosting

retc · May 26, 2023, 1:29pm

thx!
I discovered that the reverse proxy part works correctly, because this is wat the HA log states after trying to reach https://secure.my-domain-name.com:

Logger: homeassistant.components.http.forwarded
Source: components/http/forwarded.py:114
Integration: HTTP ([documentation](https://www.home-assistant.io/integrations/http), [issues](https://github.com/home-assistant/home-assistant/issues?q=is%3Aissue+is%3Aopen+label%3A%22integration%3A+http%22))
First occurred: 08:54:49 (101 occurrences)
Last logged: 15:25:33

A request from a reverse proxy was received from <<local ip address of proxy server>>, but your HTTP integration is not set-up for reverse proxies

Also thanks for the marius-hosting link: I had read and tried that, but in that example the ip-address of the container and the proxy-server is the same. In my case it isn’t.

The weird thing is: I have put the http configuration in my yamlfile, but the log says it isnt configured ?!

retc · May 26, 2023, 1:38pm

Problem solved:
apparently I had to restart Home Assistant for the configuration to work.
I only reloaded the configuration.yaml, but that’s not enough

ip1234 · January 25, 2024, 2:59pm

Just for the record -
if the proxy server is working correctly, you should be able to see an entry in the home assistant log saying
x-Forwarded-For header from an untrusted Proxy XX.XX.XXX.XXX

where the XXX show the IP address of the reverse proxy as seen by the docker image. Use this address in the allowed proxies

trusted_proxies:
- XX.XX.XXX.XXX