Reverse Proxy with Nginx - HA rejects request

robotapocalypse · August 18, 2022, 4:13pm

I know there have been a ton of posts on this topic, but none of them quite answer my questions, and I still cannot get this to work. I have set up a docker compose file that runs HA behind NGINX, and run it on my raspberry pi 4:

docker-compose.yml

version: '3'
services:
  homeassistant:
    container_name: homeassistant
    image: "ghcr.io/home-assistant/home-assistant:stable"
    volumes:
      - /home/ian/development/home-assistant:/config
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    privileged: true

  nginx:
    image: nginx
    ports:
      - 443:443
    volumes:
      - ./nginx:/etc/nginx/conf.d/:ro
      - ./certs:/etc/ssl/private/

nginx.conf

	upstream homeassistant {
  		server        homeassistant:8123;
	}

	server {
  		listen 443 ssl;
	  	server_name home.<redacted>.com

		include       /etc/nginx/conf.d/common.conf;
 		include       /etc/nginx/conf.d/ssl.conf;
  		location / {
    		proxy_pass  http://homeassistant;
			include     /etc/nginx/conf.d/common_location.conf;
  		}
	}

I’m reasonably confident in this part. However, when I go to my pi’s internal IP address I get the 400: Bad Request error, and see the following in the HA logs:

2022-08-18 09:55:37.804 ERROR (MainThread) [homeassistant.components.http.forwarded] A request from a reverse proxy was received from 172.19.0.2, but your HTTP integration is not set-up for reverse proxies

Which leads me to believe the problem is in my trusted_proxy config in HA. However, I’ve added every IP address I can find, including the one in the error message and the 172.x.x.x subnet, as well as the ip of the PI, all to no avail.

configuration.yaml

# Loads default set of integrations. Do not remove.
default_config:

# Text to speech
tts:
  - platform: google_translate

automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

homeassistant:
  external_url: https://home.<redacted>.com
  internal_url: http://localhost:8123

http:
    use_x_forwarded_for: true
    trusted_proxies:
        - 172.19.0.0/16
        - 172.0.0.0/8
        - ::1
        - 127.0.0.1
        - 172.16.0.7
        - 172.19.0.2
logger:
   default: debug

Am I missing something related to this config? As an aside, it doesn’t seem like the logger section does anything either, which is frustrating. Perhaps my config file is malformed?

tmjpugh · August 19, 2022, 1:44pm

    location / {
        proxy_pass http://127.0.0.1:8123;
        proxy_set_header Host $host;
        proxy_redirect http:// https://;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }

Internal IP will not use proxy. Only web domain.
Something is likely not correct with IP you set in HA config. Portainer has live log for docker. Maybe use that to watch messages from HA. May be more useful

Error you receiving does not look like proxy error and shouldn’t be since internal ip