[solved] "Unable to connect to Home Assistant" from WAN (Duck DNS + NGINX)

tom_l · July 12, 2021, 9:27pm

Vague?

That exact value appears in the documentation example.

sixtoporcel · July 12, 2021, 10:13pm

please help a noob, I’m using Nginx proxy manager too, where and what lines you put to enable home assistant again?

tom_l · July 12, 2021, 10:15pm

The home assistant error log.

raidnet-ms · July 12, 2021, 11:27pm

Mmmm for some reason if i remove ssl values in config.yaml with ngix activated, i can’t access the web interface anymore.

inutilis · July 13, 2021, 6:01am

You are right docs list 172.30.33.0/24 but it vague in that sense there is not a word about that it is crucial (at least for Hass OS on RPi) despite the fact this ip range never shows up anywhere in my setup logs and I have never noticed it in 3 or so years dealing with Hass OS.
In context with @ludeeus (which is very respected) answer here it is easy to get impression there should be only ip of nginx and 172.30.33.0/24 is just an example from docs author who happens to have such ip in his setup

tom_l · July 13, 2021, 6:04am

Ok, one other thing, Hassio has not been a thing since January last year. Please stop using it - as it confuses new-comers. It’s Home Assistant OS (Hass OS).

Gijs61 · July 13, 2021, 6:48am

No, it says:

  trusted_proxies:
    - 172.30.33.0/24  # Add the IP address of the proxy server

which implies to change the IP address to your proxy server. BUT, you don’t have to change it, you litterally have to ADD it as a second line. I just re-added the 172.30.33.0/24 and now it suddenly works. What is this network even?
Nowhere it states that this IP has to stay where it is. That is what’s vague.

tom_l · July 13, 2021, 7:26am

There are links to edit the document or suggest improvements at the bottom of the page.

skillx · July 13, 2021, 10:45am

trusted_proxies:
  - 172.30.33.0/24  # Add the IP address of the proxy server

Adding this in place of the trusted proxies IP magically fixed this issue for me completely, including remote access for other addons such as WireGuard.

My final configuration:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
  ip_ban_enabled: true
  login_attempts_threshold: 5

raidnet-ms · July 13, 2021, 12:31pm

Hass Os - Hass i O.
Yeah it’s very confusing, i make mistakes everyday.

What about a public contest to choose more clear names?

raidnet-ms · July 13, 2021, 12:36pm

Mmmm and did you remove

ssl_Key
Ssl_certificate

from hass os config.yaml ?

If I do remove them as suggested into docs, I can’t reach anymore the webserver.

skillx · July 13, 2021, 12:52pm

I didn’t include it in the http component of my configuration.yaml. That makes Home Assistant inaccessible via http on my local network.

dankrill · July 13, 2021, 1:54pm

Woke up this morning, updated ha on my pi, WAN facing web interface got borked, googled, found this forum, pieced together my own solution, fixed.

Also, I swear, I must be the only person on earth who uses Apache as my reverse proxy. Which works fantastic btw.

Here was my error in home-assistant.log:

2021-07-13 08:37:52 ERROR (MainThread) [homeassistant.components.http.forwarded] A request from a reverse proxy was received from 192.168.1.192, but your HTTP integration is not set-up for reverse proxies

Here are the lines of code I added to configuration.yaml:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
    - 192.168.1.192
  ip_ban_enabled: true
  login_attempts_threshold: 5

Note the “-172…” address needs to remain because this is used internally between the OS and the container. Add the IP of your proxy server as a new line directly below it.

I did nothing with the SSL key or certificate stuff.

This fixed it for me.

JorgeMoreira · July 13, 2021, 7:49pm

Thanks for your replay.
Works for me!!!
Regards,

kiwijunglist · July 14, 2021, 1:17am

I had the same problem, and used the same solution of getting the proxy IP address from the HA log file. However I didn’t need to add the second local IP address (- 192.168.1.192).

Reference - Home assistant (400 Bad Request) Docker + Proxy - Solution

TRusselo · July 14, 2021, 3:04am

no. no I did not. i just hit the update button like always.
thanks for pointing out my idiocy. RTFM

DikkenDweis · July 14, 2021, 2:18pm

None of this is working for me, I’m starting to feel really dumb…

GaryK · July 14, 2021, 2:43pm

You’re not alone.

JorgeMoreira · July 14, 2021, 5:25pm

In my case I put:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.6       #Remote LAN 
    - 192.168.1.XX    #Your Home assistant IP only
  ip_ban_enabled: true
  login_attempts_threshold: 5

And it works for me!

Revadak · July 14, 2021, 7:23pm

Finally, the answer! External access was working fine until I updated.
Struggling with this for a week or so and finally found this thread… This one is working for me after adding it to http: in the configuration.yaml:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
ip_ban_enabled: true
login_attempts_threshold: 5
Thanks everybody!