[solved] "Unable to connect to Home Assistant" from WAN (Duck DNS + NGINX)

There are links to edit the document or suggest improvements at the bottom of the page.

trusted_proxies:
  - 172.30.33.0/24  # Add the IP address of the proxy server

Adding this in place of the trusted proxies IP magically fixed this issue for me completely, including remote access for other addons such as WireGuard.

My final configuration:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
  ip_ban_enabled: true
  login_attempts_threshold: 5

Hass Os - Hass i O.
Yeah it’s very confusing, i make mistakes everyday.

What about a public contest to choose more clear names? :wink:

Mmmm and did you remove

ssl_Key
Ssl_certificate

from hass os config.yaml ?

If I do remove them as suggested into docs, I can’t reach anymore the webserver.

I didn’t include it in the http component of my configuration.yaml. That makes Home Assistant inaccessible via http on my local network.

Woke up this morning, updated ha on my pi, WAN facing web interface got borked, googled, found this forum, pieced together my own solution, fixed.

Also, I swear, I must be the only person on earth who uses Apache as my reverse proxy. Which works fantastic btw.

Here was my error in home-assistant.log:

2021-07-13 08:37:52 ERROR (MainThread) [homeassistant.components.http.forwarded] A request from a reverse proxy was received from 192.168.1.192, but your HTTP integration is not set-up for reverse proxies

Here are the lines of code I added to configuration.yaml:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
    - 192.168.1.192
  ip_ban_enabled: true
  login_attempts_threshold: 5

Note the “-172…” address needs to remain because this is used internally between the OS and the container. Add the IP of your proxy server as a new line directly below it.

I did nothing with the SSL key or certificate stuff.

This fixed it for me.

2 Likes

Thanks for your replay.
Works for me!!!
Regards,

I had the same problem, and used the same solution of getting the proxy IP address from the HA log file. However I didn’t need to add the second local IP address (- 192.168.1.192).

Reference - Home assistant (400 Bad Request) Docker + Proxy - Solution

no. no I did not. i just hit the update button like always.
thanks for pointing out my idiocy. RTFM

None of this is working for me, I’m starting to feel really dumb…

1 Like

You’re not alone.

2 Likes

In my case I put:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.6       #Remote LAN 
    - 192.168.1.XX    #Your Home assistant IP only
  ip_ban_enabled: true
  login_attempts_threshold: 5

And it works for me!
1 Like

Finally, the answer! External access was working fine until I updated.
Struggling with this for a week or so and finally found this thread… This one is working for me after adding it to http: in the configuration.yaml:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
ip_ban_enabled: true
login_attempts_threshold: 5
Thanks everybody! :clap:

Hi! check that in the url of the browser you are putting https://dominio.duckdns.org if you have SSL activated, it is what was happening to me. As the browser hides what is in front of the domain.duckdns.org I did not see that it was trying to enter http://domain.duckdns.org.
Hope this can help you

I can’t for the life of me figure this out.

Setup Nginx on my OPNsense firewall and followed the guides with using Let’s Encrypt with another ddns service. Use my browser to go to the external url (https: with valid cert showing on the browser) and can get to the login screen. Enter my credentials and get the “Unable to connect to Home Assistant”… If I enter the wrong credentials, I get a message that it was an invalid user name or password.

My config.yaml applicable sections

homeassistant:
  internal_url: http://192.168.xxx.yyy:9123
  external_url: https://xxx.xxxxxxx.net:9123

http:
  server_port: 9123
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
    - 192.168.xxx.0/24 # network range of nginx proxy server location

Would love to figure this out. Thanks

Well, now I feel dumb. Looked through a few other threads here and someone mentioned that if the proxy server did not support web sockets, there would be an issue.

So, if anyone uses OPNsense and wants to run NGINX on the firewall, you have to make sure this box for WebSocket Support is checked in the advanced options of NGINX–> Configuration → HTTP(s) → Location for your HomeAssistant instance.

image

Once I did that, it worked great.

edit to include link to other thread that helped me.

7 Likes

Shall i leave 443 for host in ngix supervisor settings if i use a non standard external port?

@JorgeMoreira Does it work if you remove home assistant ip? I’m asking because in the documentation is not reported to config like that.

@thewolf56 i can reach internal url with https://192.168.xx.xx
While with http:// won’t open.
I know that it is the opposite way it should work.

At the end of the day I will test and comment. At the time I saw this configuration on the net and adapted it to my case. It probably won’t be necessary, but soon I’ll test and comment.

1 Like