[solved] "Unable to connect to Home Assistant" from WAN (Duck DNS + NGINX)

raidnet-ms · August 1, 2021, 8:09pm

port forward on router: External port 443, internal port 443 → Raspberry ip.

Hassio config:
External URL https://domain.duckdns.org
Internal url http://homeassistant.local:8123

You confirm? Reset your raspberry before trying

ec_guru · August 1, 2021, 8:25pm

I confirm port forward on router (external 443>internal 443>Raspberry Pi HA IP), the URLs listed in yor update, and bounce of the HA RPI. Still experiencing the same issue.

Note that I did not include duckdns.org in the domain of the NGINIX configuration. Does this match what you’ve done?

Thanks again!

raidnet-ms · August 1, 2021, 8:30pm

Sure you should set it in
domain: customdomain.duckdns.org

Leave other settings as they are
443 host and 80 disabled)

ec_guru · August 1, 2021, 8:40pm

That was it! NGINIX domain must be: customdomain.duckdns.org, and I had previously used the domain as listed in duckdns.org only (without duckdns.org).

Thank you!!!

raidnet-ms · August 1, 2021, 8:46pm

Many are having issues. Documentation should be more clear

ec_guru · August 1, 2021, 8:54pm

…and something so simple!

vpomax · August 13, 2021, 3:15pm

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.6       #Remote LAN 
    - 192.168.1.XX    #Your Home assistant IP only
  ip_ban_enabled: true
  login_attempts_threshold: 5

This is the the working solution for me!!!
Thanks a lot @JorgeMoreira you solved a nightmare!

zymurgy42 · August 14, 2021, 1:11pm

Till you have a reboot and it decides that 172.30.33.5 is the new address and it won’t work anymore. I have been caught with this.

I think the range 172.30.33.0/24 is better.

nikla · October 19, 2021, 5:26am

I just changed my router setup which now includes a reverse proxy for my HA. I failed to login to HA the usual way and got the error in the log:

Logger: homeassistant.components.http.forwarded
Source: components/http/forwarded.py:112
Integration: HTTP (documentation, issues)
First occurred: 07:12:02 (8 occurrences)
Last logged: 07:12:17

A request from a reverse proxy was received from 192.168.44.34, but your HTTP integration is not set-up for reverse proxies

I found the documentation and this thread. I added this to the configuration.yaml:

http:
  use_x_forwarded_for: true
  trusted_proxies:
     - 192.168.44.34
  ip_ban_enabled: true

Rebooted and tried again. I still get the HA logo and a retry link.
My router is forwarding all traffic on port 80/443 to my server running the reverse proxy. The server running the proxy handles the SSL certificate and forwards to [my HA local IP]:8123.

What have I missed?

raidnet-ms · October 19, 2021, 8:41am

are you using a docker or HA OS?

nikla · October 19, 2021, 10:28am

Sorry! I’m now running HA OS, 2021.10.6.

raidnet-ms · October 19, 2021, 12:19pm

Are you using ports in your domain?

nikla · October 19, 2021, 1:09pm

No. My external url is something like this: ha.mydomain.com
In my reverse proxy I map https://ha.mydomain.com to http://[my HA local IP]:8123

nikla · October 19, 2021, 6:55pm

I found the problem. HA needs websocket activation in the reverse proxy. After activating that in the proxy it works as expected.

Sorry for bothering you. Hopefully someoner else learned something from this. I did at least.

raidnet-ms · October 20, 2021, 11:15am

How do you manage ngix in HA? I have no websocket option…

nikla · October 20, 2021, 11:41am

I’m running the reverse proxy on my NAS which handles this.

javillorets · November 5, 2021, 1:04pm

Thank you. I had to reinstall NGINX and I was hitting the same thing without realizing that I hadn’t properly created the connections in the proxy manager.

huub66 · November 11, 2021, 10:06am

I have been looking for a solution in OPNsense / HA for the same issue whole morning, this solved it! Thanks!

palmar · January 2, 2022, 12:15pm

Hi all,
I had problem with connecting to HA from reverse proxy on apache.
After typing username/password i got: “Unable to connect to Home Assistant”
My setup:
VPS with external IP, apache reverse proxy, Open VPN server -------- HA, VPN client

I found solution on: https://stackoverflow.com/questions/27526281/websockets-and-apache-proxy-how-to-configure-mod-proxy-wstunnel

It had to enable websocket in apache virtualhost config.

sudo a2enmod proxy rewrite proxy_http proxy_wstunnel

Here is my apache config:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName your_server_name
    ServerAlias www.your_server_name


    # Enable the rewrite engine
    # Requires: sudo a2enmod proxy rewrite proxy_http proxy_wstunnel
    # In the rules/conds, [NC] means case-insensitve, [P] means proxy
    RewriteEngine On

    # socket.io 1.0+ starts all connections with an HTTP polling request
    RewriteCond %{QUERY_STRING} transport=polling       [NC]
    RewriteRule /(.*)           http://your_ha_ip_address:8123/$1 [P]

    # When socket.io wants to initiate a WebSocket connection, it sends an
    # "upgrade: websocket" request that should be transferred to ws://
    RewriteCond %{HTTP:Upgrade} websocket               [NC]
    RewriteRule /(.*)           ws://your_ha_ip_address:8123/$1  [P]

    ProxyPreserveHost On

    ProxyPass / http://your_ha_ip_address:8123/
    ProxyPassReverse / http://your_ha_ip_address:8123/

    
    ErrorLog ${APACHE_LOG_DIR}/your_server_name.error.log
    CustomLog ${APACHE_LOG_DIR}/your_server_name.access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/your_server_name/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your_server_name/privkey.pem
</VirtualHost>
</IfModule>

Maybe it will help for someone.

cervcz · January 3, 2022, 2:03pm

Thank you. I couldn’t figure out the cause of the problem with OPNsense. You saved me a few more hours of scrolling through posts