Settings for HA OS reverse proxy

This is a basic question, but I can’t find an answer.

I have an Unraid, PFsense with Let’s Encrypt and HAProxy. This works as I have other services running like this without any issues. I have already setup my domain for HA and setup HAproxy, etc.

I want to know what to change on HA side as all I get is “503 Service Unavailable” No server is available to handle this request.

All the instructions is mainly for DuckDNS and running the Let’sEncryp addon which I don’t use.

Solved: Nowhere is it mentioned, but you have to get your cert and key from your certificate from pfsense. Then you convert those two files using these commands:
openssl x509 -in fullchain.crt -out fullchain.pem
openssl rsa -in privkey.key -text > privkey.pem

Then copy those files to your ssl directory and add this to your configuration.yaml file.

So my configuration.yaml files looks like this:

http:
    ssl_certificate: /ssl/fullchain.pem
    ssl_key: /ssl/privkey.pem
    use_x_forwarded_for: true
    trusted_proxies:
        - xxx.xxx.xxx.xxx

Thank you for posting the solution; I have the exact problem that I am trying to fix for a long time. One question though: what is the IP address you put under the “trusted_proxies:”?

thank you in advance for helping.

That would really depend on how you setup your reverse proxy as there are a few ways of doing this.

For instance my pfSense runs on 10.10.0.1 and normally you would use that as a trusted proxy, but I did it another way by following the two youtube vidieos posted by “SystemaD” so my proxy is 10.10.0.201 as that is the ip I chose.

Hope that helps.

I also use virtual IP using instructions from “SystemaD” but no matter what IP I put under trusted_proxies in HA, I have the same warning error:

“Received X-Forwarded-For header from untrusted proxy 192.168.40.1, headers not processed; This request will be blocked in Home Assistant 2021.7 unless you configure your HTTP integration to allow this proxy to reverse your Home Assistant instance”

My question for you is what is the IP 10.10.0.201? is that the virtual IP? is this the only IP you used under trusted_proxies?

BTW: my home assistant system does not work after updating to 2021.7 Core so I have to restore the system to 2021.6.X

Also had the issue after upgrading today, there’s an issue with reverse proxy. All I did to fix it was to check my home-assistant.log, which showed 10.10.0.1 as an untrusted proxy so I just added my pfsense proxy 10.10.0.1 to trusted_proxies and it worked after restarting.

http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
use_x_forwarded_for: true
trusted_proxies:
- 10.10.0.1 (this is the IP/proxy from my pfSense, not virtual)
- 10.10.0.201 (this is my virtual IP as created with “SystemaD” intructions)

Double check the log file for home-assistant to make sure there are no other untrusted proxies, if there are, just add them to trusted proxies if they are relevant.

This “might” also help, I disabled Use “forwardfor” option under HAProxy/Frontend, HTTP_80 and HTTP_443. It’s right at the bottom, just unsellect it for both.

@GalacticSpines, thank you for your help. I am finally able to fix my problem. I think what happen is that I have Cloudflare as my proxy and also have HAproxy; so they are basically are double proxies and home assistant was not getting the correct client IP.

So I followed this post below to add all Cloudflare IPs under home assistant trusted_proxies and turn off pfsense HAproxy’s x-forwarded-for. That is all it take to fix my problem and now I can upgrade back to 2021.7.x

this is the link I followed: Reverse proxy error - #63 by matthewjporter

Very strange, I also use Cloudflare but don’t have any of their ip’s under trusted proxies.

Well, go figure. Glad you got it resolved.