[SOLVED] [HowTo] Home Assistant (VM) behind traefik (Unable to connect to Home Assistant.)

Tags: #<Tag:0x00007fc405216c60>

Hi all, i’m running traefik on my docker host machine (192.168.1.100), HA is running in a VM (192.168.1.101). I try to proxy from outside (smarthome.domain.de) to my HA instance. This is working so far, but i can’t login (even with the right credentials):

Unable to connect to Home Assistant.

what could be the reason that it is not completely passed through?

traefik/config/dynamic.yml

---
tls:
  options:
    default:
      minVersion: VersionTLS13
      sniStrict: true

http:
  middlewares:
    secHeaders:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        frameDeny: true
        sslRedirect: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000
        customFrameOptionsValue: SAMEORIGIN
    https-redirect:
      redirectScheme:
        scheme: https
  routers:
    home-assistant:
      service: home-assistant
      rule: "Host(`smarthome.domain.de`)"
      entryPoints:
        - https
      tls:
        certResolver: http
  services:
    home-assistant:
      loadBalancer:
        servers:
          - url: http://192.168.1.101:8123

traefik/config/traefik.yml

---
api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entrypoint:
          to: https
          scheme: https
  https:
    address: ":443"

log:
  filePath: "/var/log/traefik.log"
  level: DEBUG

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /dynamic.yml
    watch: true

certificatesResolvers:
  http:
    acme:
      email: [email protected]
      storage: /acme.json
      httpChallenge:
        entrypoint: http

HA config.yaml (relevant part)

http:
  ip_ban_enabled: true
  login_attempts_threshold: 5
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.0/24 # Local LAN Subnet
    - 172.18.0.0/24 # Docker Subnet

It’s working now. I missed some IPs in the http config section:

http:
  ip_ban_enabled: true
  login_attempts_threshold: 5
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.0/24
    - 172.18.0.0/24
    - 127.0.0.1
    - ::1
    - fe80::/64
    - fe00::/64
    - fd00::/64