Unable to access home assistant with reverse proxy suddenly?

tueboesen · October 9, 2024, 7:52am

I am running Home assistant in a VM and have previously been able to access it through reverse proxy to ha.mydomain.com (I am using traefik, with letsencrypt for access)

But suddenly I am getting the following errror when I try to access through the domain:
Unable to fetch auth providers. https://ha.mydomain.com/?auth_callback=1

I can still access home assistant through my local ip, so I can see the following pop up in the log file:

2024-10-09 09:44:59.971 ERROR (MainThread) [aiohttp.server] Error handling request
Traceback (most recent call last):
  File "/usr/local/lib/python3.12/site-packages/aiohttp/web_protocol.py", line 377, in data_received
    messages, upgraded, tail = self._request_parser.feed_data(data)
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "aiohttp/_http_parser.pyx", line 563, in aiohttp._http_parser.HttpParser.feed_data
aiohttp.http_exceptions.BadStatusLine: 400, message:
  Invalid method encountered:

    b'\x16\x03\x01'

which I have no idea what means.

My configuration file looks like this:


# Loads default set of integrations. Do not remove.
default_config:

# Load frontend themes from the themes folder
frontend:
  themes: !include_dir_merge_named themes

automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

http:
  base_url: "https://ha.mydomain.com"
  server_port: 8123
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1
    - 192.168.0.1
    - 192.168.0.4
    - 192.168.0.5
    - 192.168.0.6

Any insight would be greatly appreciated.

WallyR · October 9, 2024, 9:05am

Look at www.myip.com and then ping your ha.domain.com and compare the IPs.
Also check your routers WAN IP. If it is starting with 100. then you might have been moved behind CGNAT.

tueboesen · October 9, 2024, 5:26pm

Sorry I didn’t mention in my original post, but the ha.domain.com is only an internal domain. (It has a certificate from letsencrypt) but is only available on my local network.
So I don’t think this can be the problem.

WallyR · October 10, 2024, 6:11am

Okay, then have you in any way limited the access to the internet?
The server might need to contact the CA servers on the internet to authenticate the certificate chain.

tueboesen · October 10, 2024, 7:54am

No there should be no limitation to the internet, and I get certificate for other subdomains so I don’t think this is the case.
But I’m wondering what the home assistant message:
Unable to fetch auth providers. https://ha.mydomain.com/?auth_callback=1
might mean, since the SSL authentication is happening outside home assistant in traefik. So which auth could home assistant be referring to?