[solved] "Unable to connect to Home Assistant" from WAN (Duck DNS + NGINX)

Nick4 · July 8, 2021, 9:35am

I upgraded yesterday to 2021.7.0 and before that WAN access was fine.

Now I’m stuck and get that “Unable to connect to Home Assistant” “RETRY” screen with the HA logo.
From the logs:

Logger: homeassistant.components.http.forwarded
Source: components/http/forwarded.py:91
Integration: HTTP (documentation, issues)
First occurred: 11:08:45 AM (12 occurrences)
Last logged: 11:24:53 AM

A request from a reverse proxy was received from 172.30.33.5, but your HTTP integration is not set-up for reverse proxies

Running Home Assistant OS 6.1 with core-2021.7.0

From private session I get “400: Bad Request”

tom_l · July 8, 2021, 9:50am

Did you read the breaking changes?

The first one.

Nick4 · July 8, 2021, 10:10am

Thanks @tom_l for pointing this out!
I have added the local + remote LAN but no difference (of course rebooted)

http:
#  ssl_certificate: /ssl/fullchain.pem
#  ssl_key: /ssl/privkey.pem
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.16.0.0/24 #Remote LAN
    - 192.168.1.0/24 #HA LAN
  ip_ban_enabled: true
  login_attempts_threshold: 5

ludeeus · July 8, 2021, 11:28am

That’s because those are not valid. The IP in the log needs to be included in the range (which it is not with your config)

If you want the full docker network :

http:
#  ssl_certificate: /ssl/fullchain.pem
#  ssl_key: /ssl/privkey.pem
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.16.0.0/16
  ip_ban_enabled: true
  login_attempts_threshold: 5

Or if you want to limit (example from docs)

http:
#  ssl_certificate: /ssl/fullchain.pem
#  ssl_key: /ssl/privkey.pem
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
  ip_ban_enabled: true
  login_attempts_threshold: 5

Nick4 · July 8, 2021, 11:35am

Hi @ludeeus, the remote LAN uses 255.255.255.0 for it’s subnet mask.

Misiukas · July 8, 2021, 11:39am

I had the same problem here, I just added the SSID of my 5g network to the app’s configuration and everything returned to normal.

ludeeus · July 8, 2021, 11:45am

And that matters how?
Do as i said which works or ignore me, that’s up to you 🤷

Nick4 · July 8, 2021, 11:52am

Now I understand!
I misinterpreted trusted_proxies and thought this had to be the LAN segment(s).

Thanks!

Misiukas · July 8, 2021, 1:25pm

True, my solution only worked at home, I’m going to make the modification you indicated. Thanks

Andy_Wismer · July 8, 2021, 5:27pm

@ludeeus

Hi

I have the same issue, using DuckDNS and NGINX.
Which file is this in?

Found it: /config/configuration.yaml

Thanks

Andy

Homard_Vie · July 11, 2021, 8:32pm

Hi
just for information why did it work before (without these parameters) and stopped working one day?
An Ip change?
thanks

Nick4 · July 11, 2021, 8:48pm

It’s a breaking change after installing 2021.7

RUBIKOF · July 11, 2021, 9:50pm

good afternoon, could someone help me? I have had the problem for a few days, I cannot access my home assistant outside the network.
In configuration.yaml I have the following:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.0/24
    - 127.0.0.1
    - ::1

It is the last configuration that I have put without success, I really do not know what IP I have to put it, the one I have in my configuration is the IP that my router assigned to the home assistant, that is the IP that I should use or the IP of my duckdns ?

Nick4 · July 11, 2021, 9:53pm

Hi @RUBIKOF, have you read this thread?
The IP address should be the one of your proxy server (nginx) and should be listed in your log.

RUBIKOF · July 11, 2021, 11:22pm

Hi @Nick4, the ip of nginx is the same as that of my home assistant isn’t it? I installed it from the supervisor of ha, for example the ip within ha within my network is 192.168.1.79 and Nginx I imagine it is the same since it is within ha, now that I get home I check

tom_l · July 11, 2021, 11:42pm

The address will be in the error message in your log.

RUBIKOF · July 12, 2021, 4:18pm

oh! Thank you very much @tom_l , I had not noticed the IP that appeared in the registry, I have put it in the configuration.yaml and everything in order

inutilis · July 12, 2021, 4:51pm

I have the same problem as topic creator and tried many variants but still no luck.
I have hassio and Nginx Proxy Manager addon logs write out following

[12/Jul/2021:19:44:18 +0300] - 400 400 - GET https something.duckdns.org "/" [Client 192.168.0.1] [Length 16] [Gzip -] [Sent-to 192.168.0.2] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.102 Safari/537.36" "-"

however even this one does not help

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.0.2

What is that I am missing out?

raidnet-ms · July 12, 2021, 5:04pm

hello,
what log? ngix log? supervisor log?

If i remove SSL key and cert from config.yaml, I can’t reach homeassistant. not from the ip and not from duckdns.

http:
use_x_forwarded_for: true
trusted_proxies:
 - 172.30.33.0/24

inutilis · July 12, 2021, 5:31pm

Wouf. after several hours fiddling finally got it working. Who could imagine very vague http docs along answers this forum thread will completely mislead me and apparently so many other people in other forums.

It is totally not intuitive but appears 172.30.33.0/24 trusted proxy has to remain for Hassio and not be replaced with whatever is ip in Nginx Proxy Manager addon logs.