[solved] "Unable to connect to Home Assistant" from WAN (Duck DNS + NGINX)

Vague?

That exact value appears in the documentation example.

please help a noob, I’m using Nginx proxy manager too, where and what lines you put to enable home assistant again?

The home assistant error log.

Mmmm for some reason if i remove ssl values in config.yaml with ngix activated, i can’t access the web interface anymore.

You are right docs list 172.30.33.0/24 but it vague in that sense there is not a word about that it is crucial (at least for Hass OS on RPi) despite the fact this ip range never shows up anywhere in my setup logs and I have never noticed it in 3 or so years dealing with Hass OS.
In context with @ludeeus (which is very respected) answer here it is easy to get impression there should be only ip of nginx and 172.30.33.0/24 is just an example from docs author who happens to have such ip in his setup :smiley:

2 Likes

Ok, one other thing, Hassio has not been a thing since January last year. Please stop using it - as it confuses new-comers. It’s Home Assistant OS (Hass OS).

1 Like

No, it says:

  trusted_proxies:
    - 172.30.33.0/24  # Add the IP address of the proxy server

which implies to change the IP address to your proxy server. BUT, you don’t have to change it, you litterally have to ADD it as a second line. I just re-added the 172.30.33.0/24 and now it suddenly works. What is this network even?
Nowhere it states that this IP has to stay where it is. That is what’s vague.

2 Likes

There are links to edit the document or suggest improvements at the bottom of the page.

trusted_proxies:
  - 172.30.33.0/24  # Add the IP address of the proxy server

Adding this in place of the trusted proxies IP magically fixed this issue for me completely, including remote access for other addons such as WireGuard.

My final configuration:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
  ip_ban_enabled: true
  login_attempts_threshold: 5

Hass Os - Hass i O.
Yeah it’s very confusing, i make mistakes everyday.

What about a public contest to choose more clear names? :wink:

Mmmm and did you remove

ssl_Key
Ssl_certificate

from hass os config.yaml ?

If I do remove them as suggested into docs, I can’t reach anymore the webserver.

I didn’t include it in the http component of my configuration.yaml. That makes Home Assistant inaccessible via http on my local network.

Woke up this morning, updated ha on my pi, WAN facing web interface got borked, googled, found this forum, pieced together my own solution, fixed.

Also, I swear, I must be the only person on earth who uses Apache as my reverse proxy. Which works fantastic btw.

Here was my error in home-assistant.log:

2021-07-13 08:37:52 ERROR (MainThread) [homeassistant.components.http.forwarded] A request from a reverse proxy was received from 192.168.1.192, but your HTTP integration is not set-up for reverse proxies

Here are the lines of code I added to configuration.yaml:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
    - 192.168.1.192
  ip_ban_enabled: true
  login_attempts_threshold: 5

Note the “-172…” address needs to remain because this is used internally between the OS and the container. Add the IP of your proxy server as a new line directly below it.

I did nothing with the SSL key or certificate stuff.

This fixed it for me.

2 Likes

Thanks for your replay.
Works for me!!!
Regards,

I had the same problem, and used the same solution of getting the proxy IP address from the HA log file. However I didn’t need to add the second local IP address (- 192.168.1.192).

Reference - Home assistant (400 Bad Request) Docker + Proxy - Solution

no. no I did not. i just hit the update button like always.
thanks for pointing out my idiocy. RTFM

None of this is working for me, I’m starting to feel really dumb…

1 Like

You’re not alone.

2 Likes

In my case I put:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.6       #Remote LAN 
    - 192.168.1.XX    #Your Home assistant IP only
  ip_ban_enabled: true
  login_attempts_threshold: 5

And it works for me!
1 Like

Finally, the answer! External access was working fine until I updated.
Struggling with this for a week or so and finally found this thread… This one is working for me after adding it to http: in the configuration.yaml:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
ip_ban_enabled: true
login_attempts_threshold: 5
Thanks everybody! :clap: