[solved] "Unable to connect to Home Assistant" from WAN (Duck DNS + NGINX)

Tags: #<Tag:0x00007fc3de0e7348>

I upgraded yesterday to 2021.7.0 and before that WAN access was fine.

Now I’m stuck and get that “Unable to connect to Home Assistant” “RETRY” screen with the HA logo.
From the logs:

Logger: homeassistant.components.http.forwarded
Source: components/http/forwarded.py:91
Integration: HTTP (documentation, issues)
First occurred: 11:08:45 AM (12 occurrences)
Last logged: 11:24:53 AM

A request from a reverse proxy was received from 172.30.33.5, but your HTTP integration is not set-up for reverse proxies

Running Home Assistant OS 6.1 with core-2021.7.0

From private session I get “400: Bad Request”

Did you read the breaking changes?

The first one.

2 Likes

Thanks @tom_l for pointing this out!
I have added the local + remote LAN but no difference (of course rebooted)

http:
#  ssl_certificate: /ssl/fullchain.pem
#  ssl_key: /ssl/privkey.pem
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.16.0.0/24 #Remote LAN
    - 192.168.1.0/24 #HA LAN
  ip_ban_enabled: true
  login_attempts_threshold: 5

That’s because those are not valid. The IP in the log needs to be included in the range (which it is not with your config)

If you want the full docker network :

http:
#  ssl_certificate: /ssl/fullchain.pem
#  ssl_key: /ssl/privkey.pem
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.16.0.0/16
  ip_ban_enabled: true
  login_attempts_threshold: 5

Or if you want to limit (example from docs)

http:
#  ssl_certificate: /ssl/fullchain.pem
#  ssl_key: /ssl/privkey.pem
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
  ip_ban_enabled: true
  login_attempts_threshold: 5
2 Likes

Hi @ludeeus, the remote LAN uses 255.255.255.0 for it’s subnet mask.

I had the same problem here, I just added the SSID of my 5g network to the app’s configuration and everything returned to normal.

And that matters how?
Do as i said which works or ignore me, that’s up to you 🤷

1 Like

Now I understand! :+1:
I misinterpreted trusted_proxies and thought this had to be the LAN segment(s).

Thanks!

True, my solution only worked at home, I’m going to make the modification you indicated. Thanks

@ludeeus

Hi

I have the same issue, using DuckDNS and NGINX.
Which file is this in?

Found it: /config/configuration.yaml

Thanks

Andy

Hi
just for information why did it work before (without these parameters) and stopped working one day?
An Ip change?
thanks

It’s a breaking change after installing 2021.7

good afternoon, could someone help me? I have had the problem for a few days, I cannot access my home assistant outside the network.
In configuration.yaml I have the following:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.0/24
    - 127.0.0.1
    - ::1

It is the last configuration that I have put without success, I really do not know what IP I have to put it, the one I have in my configuration is the IP that my router assigned to the home assistant, that is the IP that I should use or the IP of my duckdns ?

Hi @RUBIKOF, have you read this thread?
The IP address should be the one of your proxy server (nginx) and should be listed in your log.

Hi @Nick4, the ip of nginx is the same as that of my home assistant isn’t it? I installed it from the supervisor of ha, for example the ip within ha within my network is 192.168.1.79 and Nginx I imagine it is the same since it is within ha, now that I get home I check

The address will be in the error message in your log.

oh! Thank you very much @tom_l , I had not noticed the IP that appeared in the registry, I have put it in the configuration.yaml and everything in order

I have the same problem as topic creator and tried many variants but still no luck.
I have hassio and Nginx Proxy Manager addon logs write out following

[12/Jul/2021:19:44:18 +0300] - 400 400 - GET https something.duckdns.org "/" [Client 192.168.0.1] [Length 16] [Gzip -] [Sent-to 192.168.0.2] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.102 Safari/537.36" "-"

however even this one does not help

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.0.2

What is that I am missing out?

1 Like

hello,
what log? ngix log? supervisor log?

If i remove SSL key and cert from config.yaml, I can’t reach homeassistant. not from the ip and not from duckdns.

http:
use_x_forwarded_for: true
trusted_proxies:
 - 172.30.33.0/24
1 Like

Wouf. after several hours fiddling finally got it working. Who could imagine very vague http docs along answers this forum thread will completely mislead me and apparently so many other people in other forums.

It is totally not intuitive but appears 172.30.33.0/24 trusted proxy has to remain for Hassio and not be replaced with whatever is ip in Nginx Proxy Manager addon logs.

2 Likes