I’m running the reverse proxy on my NAS which handles this.
Thank you. I had to reinstall NGINX and I was hitting the same thing without realizing that I hadn’t properly created the connections in the proxy manager.
I have been looking for a solution in OPNsense / HA for the same issue whole morning, this solved it! Thanks!
Hi all,
I had problem with connecting to HA from reverse proxy on apache.
After typing username/password i got: “Unable to connect to Home Assistant”
My setup:
VPS with external IP, apache reverse proxy, Open VPN server -------- HA, VPN client
I found solution on: https://stackoverflow.com/questions/27526281/websockets-and-apache-proxy-how-to-configure-mod-proxy-wstunnel
It had to enable websocket in apache virtualhost config.
sudo a2enmod proxy rewrite proxy_http proxy_wstunnel
Here is my apache config:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName your_server_name
ServerAlias www.your_server_name
# Enable the rewrite engine
# Requires: sudo a2enmod proxy rewrite proxy_http proxy_wstunnel
# In the rules/conds, [NC] means case-insensitve, [P] means proxy
RewriteEngine On
# socket.io 1.0+ starts all connections with an HTTP polling request
RewriteCond %{QUERY_STRING} transport=polling [NC]
RewriteRule /(.*) http://your_ha_ip_address:8123/$1 [P]
# When socket.io wants to initiate a WebSocket connection, it sends an
# "upgrade: websocket" request that should be transferred to ws://
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://your_ha_ip_address:8123/$1 [P]
ProxyPreserveHost On
ProxyPass / http://your_ha_ip_address:8123/
ProxyPassReverse / http://your_ha_ip_address:8123/
ErrorLog ${APACHE_LOG_DIR}/your_server_name.error.log
CustomLog ${APACHE_LOG_DIR}/your_server_name.access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/your_server_name/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your_server_name/privkey.pem
</VirtualHost>
</IfModule>
Maybe it will help for someone.
Thank you. I couldn’t figure out the cause of the problem with OPNsense. You saved me a few more hours of scrolling through posts
YEEES!!! thanks.
banging my head, this is absolutely useless.
a total nonsense to me.
Thank you!! This was the last missing puzzle for my whole day!
From 400 bad request, to login page but then “unable to connect to home assistant”, after 2 hr or searching, all the info i need was in this page, finally I ticked the “websocket support”, BANG, that is it!!
great thread and very helpful. I can now access HA remotely which is the point, however Id still like to use the domain name to access locally. It is when I try to use xxx.duckdns.org from a local pc browser that I get to th login page of HA (so I know it works) then it says “loading data” then “unable to connect”.
again it works fine from my phone over cell.
my config yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 10.0.0.200
- 172.30.33.0/24
ip_ban_enabled: true
login_attempts_threshold: 5
when I add the local ip of my ha (running NPM add-on) to trusted poxies then HA doesnt even boot at all. And I do have websockets support turned on.
Man thank you! Got stuck with this as well with my Apache 2 and thanks to you it works great. Thank you, thank you, thank you.
Now, I put an additional layer of security with a basic auth, does not work well with the workers (asking very often to re-authenticate) but that’s another issue.
This in addition to modifying the YAML file worked for me. Thanks
Thank you! That solved it for me.
What is that /24 at the end?
If I add it to the end of the proxy server IP in the “http:” section of my “configuration.yaml”, then my configuration check fails.
Also, I’ve seen other numbers… what are they and why is it not accepted in mine?
‘’’
Invalid config for [http]: not a valid value @ data[‘http’][‘trusted_proxies’][1]. Got ‘192.168.0.67/24’. (See /config/configuration.yaml, line 36)
‘’’
Thanks
Thank you Nick; this is very useful.
It stil doesn’t tell me why for some it works and for me it gives an error.
The example I showed above is wrong because I was pulling at straws after “/24” didn’t work.
I changed it back to 67/24 just so it doesn’t jump at people skimming through messages.
So, any ideas why I can’t specify a subnet like others can?
Using Home Assistant 2023.6.3
Did you read through this topic because it has a lot of cases and explanation why it goes wrong?
Check the answer with the solution.
Are you using a host IP with a CIDR?
The IP has to be a network IP, which together with the CIDR, defines a subnet.
I am using HAOS.
Since this is a HAOS config file and the HAOS configuration checker said that syntax is wrong, I assumed it’s HAOS specific.
I have no idea of all the things HAOS has/does. How would I know if it uses CIDR? What makes it CIDR or not? It seems CIDR is a “notation” that may or may not be “understood” by… things.
Since people have it in Home Assistant, I would think HAOS does.
I’m not sure I understand the last sentence… can the IP be anything other than a network IP?
Not that I know a lot about these things, but an IP is often enough (as it’s in this case) so I’m not sure why the subnet would/might be needed.
Anyway, the 24 was not the problem; I’m still glad I learned about CIDR.
Thanks Nick.
Host IP vs network (range) IP
Some more reading material: Subnet Cheat Sheet – 24 Subnet Mask, 30, 26, 27, 29, and other IP Address CIDR Network References
I wish I had time to learn everything, but I don’t
I skimmed through the new material; I don’t see how it addresses my HAOS question.
I was able to sort it out without the subnet; I was curious about the things I asked above but if there’s no simple answer I’ll leave without knowing.
Thanks again.
Hola! I am having issues getting this working on HA OS running on a Lenovo ThinkPad connected via WiFi to my router.
Ok I fixed the errors by removing a space at the beginning of the Token field under Duck DNS. So everything is up and running but I still can not access my HA remotely from WAN?