[SOLVED] Remote Access through Packetriot and Reverse Proxy (CGNAT) - Unabe to Connect to Home Assistant

Tags: #<Tag:0x00007f3268afa590> #<Tag:0x00007f3268afa310> #<Tag:0x00007f3268afa068>

I am trying to remotely access my home assistant which sits behind a CGNAT. Apart from the remote access, my HA installation works perfectly well.

My Setup:
Home Assistant 0.116.4 using official docker container in Unraid
Nginx Proxy Manager running in docker container on Unraid
Packetriot running in docker container on Unraid

HA Configuration I have included the following in my HA configuration (I added to trusted proxies because I tried both directly from packetriot into HA as well as from packetriot>Nginx>HA).

  use_x_forwarded_for: true

Nginx setup following this setup. Not enabled any https/LetsEncrypt yet. Enabled Websocket support in Nginx

Packetriot setup has an http tunnel to my domain home.example.nl with --destination NginxProxyManager, and redirect=false (so no redirecting of http to https). Exact command below, in case someone is familiar with Packetriot

pktriot tunnel http add --destination NginxProxyManager --redirect=false --http 8080 --domain home.example.nl

I am prompted with the login screen, if I supply the wrong credentials it tells me the credentials are wrong. If I enter the correct credentials it redirects to home.example.nl/lovelace with the message “Unable to connect to Home Assistant.” and a button to Retry.

In my Home Assistant logs I find:

[homeassistant.components.websocket_api.http.connection.22593065770000] Disconnected: Did not receive auth message within 10 seconds

I have found many similar questions and issues, but none of the solutions suggested there have helped me. Has anyone else encountered this problem?

Let me start with a huge thanks to John at Packetriot, who went above and beyond by replicating my setup, finding a fix and pushing it in a new update of Packetriot.

Long story short, there seemed to be a bug in the httputil.ReverseProxy websocket upgrading. Now from Packetriot v0.10.2 it works flawlessly with the following:

packetriot tunnel
pktriot tunnel http add --domain <domain> --letsencrypt --destination <HA Container IP> --http 8123

HA Configuration

  use_x_forwarded_for: true
    - <Packetriot docker IP>