[solved] "Unable to connect to Home Assistant" from WAN (Duck DNS + NGINX)

tom_l · July 13, 2021, 7:26am

There are links to edit the document or suggest improvements at the bottom of the page.

skillx · July 13, 2021, 10:45am

trusted_proxies:
  - 172.30.33.0/24  # Add the IP address of the proxy server

Adding this in place of the trusted proxies IP magically fixed this issue for me completely, including remote access for other addons such as WireGuard.

My final configuration:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
  ip_ban_enabled: true
  login_attempts_threshold: 5

raidnet-ms · July 13, 2021, 12:31pm

Hass Os - Hass i O.
Yeah it’s very confusing, i make mistakes everyday.

What about a public contest to choose more clear names?

raidnet-ms · July 13, 2021, 12:36pm

Mmmm and did you remove

ssl_Key
Ssl_certificate

from hass os config.yaml ?

If I do remove them as suggested into docs, I can’t reach anymore the webserver.

skillx · July 13, 2021, 12:52pm

I didn’t include it in the http component of my configuration.yaml. That makes Home Assistant inaccessible via http on my local network.

dankrill · July 13, 2021, 1:54pm

Woke up this morning, updated ha on my pi, WAN facing web interface got borked, googled, found this forum, pieced together my own solution, fixed.

Also, I swear, I must be the only person on earth who uses Apache as my reverse proxy. Which works fantastic btw.

Here was my error in home-assistant.log:

2021-07-13 08:37:52 ERROR (MainThread) [homeassistant.components.http.forwarded] A request from a reverse proxy was received from 192.168.1.192, but your HTTP integration is not set-up for reverse proxies

Here are the lines of code I added to configuration.yaml:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
    - 192.168.1.192
  ip_ban_enabled: true
  login_attempts_threshold: 5

Note the “-172…” address needs to remain because this is used internally between the OS and the container. Add the IP of your proxy server as a new line directly below it.

I did nothing with the SSL key or certificate stuff.

This fixed it for me.

JorgeMoreira · July 13, 2021, 7:49pm

Thanks for your replay.
Works for me!!!
Regards,

kiwijunglist · July 14, 2021, 1:17am

I had the same problem, and used the same solution of getting the proxy IP address from the HA log file. However I didn’t need to add the second local IP address (- 192.168.1.192).

Reference - Home assistant (400 Bad Request) Docker + Proxy - Solution

TRusselo · July 14, 2021, 3:04am

no. no I did not. i just hit the update button like always.
thanks for pointing out my idiocy. RTFM

DikkenDweis · July 14, 2021, 2:18pm

None of this is working for me, I’m starting to feel really dumb…

GaryK · July 14, 2021, 2:43pm

You’re not alone.

JorgeMoreira · July 14, 2021, 5:25pm

In my case I put:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.6       #Remote LAN 
    - 192.168.1.XX    #Your Home assistant IP only
  ip_ban_enabled: true
  login_attempts_threshold: 5

And it works for me!

Revadak · July 14, 2021, 7:23pm

Finally, the answer! External access was working fine until I updated.
Struggling with this for a week or so and finally found this thread… This one is working for me after adding it to http: in the configuration.yaml:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
ip_ban_enabled: true
login_attempts_threshold: 5
Thanks everybody!

Dani_Leal · July 15, 2021, 7:20am

Hi! check that in the url of the browser you are putting https://dominio.duckdns.org if you have SSL activated, it is what was happening to me. As the browser hides what is in front of the domain.duckdns.org I did not see that it was trying to enter http://domain.duckdns.org.
Hope this can help you

thewolf56 · July 17, 2021, 4:10am

I can’t for the life of me figure this out.

Setup Nginx on my OPNsense firewall and followed the guides with using Let’s Encrypt with another ddns service. Use my browser to go to the external url (https: with valid cert showing on the browser) and can get to the login screen. Enter my credentials and get the “Unable to connect to Home Assistant”… If I enter the wrong credentials, I get a message that it was an invalid user name or password.

My config.yaml applicable sections

homeassistant:
  internal_url: http://192.168.xxx.yyy:9123
  external_url: https://xxx.xxxxxxx.net:9123

http:
  server_port: 9123
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
    - 192.168.xxx.0/24 # network range of nginx proxy server location

Would love to figure this out. Thanks

thewolf56 · July 17, 2021, 4:59am

Well, now I feel dumb. Looked through a few other threads here and someone mentioned that if the proxy server did not support web sockets, there would be an issue.

So, if anyone uses OPNsense and wants to run NGINX on the firewall, you have to make sure this box for WebSocket Support is checked in the advanced options of NGINX–> Configuration → HTTP(s) → Location for your HomeAssistant instance.

Once I did that, it worked great.

edit to include link to other thread that helped me.

raidnet-ms · July 18, 2021, 4:36pm

Shall i leave 443 for host in ngix supervisor settings if i use a non standard external port?

raidnet-ms · July 19, 2021, 11:56am

@JorgeMoreira Does it work if you remove home assistant ip? I’m asking because in the documentation is not reported to config like that.

raidnet-ms · July 19, 2021, 12:00pm

@thewolf56 i can reach internal url with https://192.168.xx.xx
While with http:// won’t open.
I know that it is the opposite way it should work.

JorgeMoreira · July 19, 2021, 12:50pm

At the end of the day I will test and comment. At the time I saw this configuration on the net and adapted it to my case. It probably won’t be necessary, but soon I’ll test and comment.