Hey Everyone,
So I saw in my logs today while working on another issue that as of 2021.7 we can no longer have 127.0.0.1 as a trusted proxy in our configs.
Now under normal circumstances I would be totally cool with this except my setup and possibly others will not follow along with this.
I use Cloudflare Tunnels https://developers.cloudflare.com/cloudflare-one/connections/connect-apps so instead of having to punch a firewall rule or something when I’m outside the home and want to access my HA instance it just works (I use tunnels for lots of things) its also nice because I don’t have to punch any firewall rules for anything.
So here is where the trouble lies. For the tunnel to work I just tell it to send all requests that match the URL to localhost:8123 which works great. But once 2021.7 is released I don’t think this will work anymore.
So if anyone has some suggestions on this please let me know because the Cloudflare Tunnel is awesome.
not true.
http:
use_x_forwarded_for: true
trusted_proxies:
- 127.0.0.1
- ::1
working fine for me
1 Like
Hey David
Yeah right now it works just fine but if you watch the logs while making web calls to the localhost address it throws a message in the log file
Managed to dig a log entry out
2021-07-01 18:45:06 WARNING (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from untrusted proxy 127.0.0.1, headers not processed; This request will be blocked in Home Assistant 2021.7 unless you configure your HTTP integration to allow this proxy to reverse your Home Assistant instance
Oh yeah ugh I see now, you have to specifically configure it. Ugh never mind me.
Yeah I’m running the beta and see no errors - but I use Caddy addon as the reverse proxy which is configured to pass through the real IP address in the header so no issues here. If the proxy isn’t configured to do that…
1 Like
I added IPv4 loopback and it did not worked. It worked only when I added IPv6 loopback ::1 too. Maybe HA on Docker uses that IPv6. Lot of thanks.
1 Like