Fresh install of HA OS here. Home Assistant 2023.2.5 Supervisor 2023.01.1 Operating System 9.5
Frontend 20230202.0 - latest on a UTM virtual instance x86-64 VM on MAC OS. Image works great. First order of business was hardening. Used the DuckDNS service to add a domain and SSL certs. Everything installed successfully. https://x.x.x.x:8123 on local network with the usual cert error works fine. I can log into it all day long. Okay, that’s out of the way, now let’s try the remote access. Next order of business port forward 8123 on my home router, yep check! Now here is where things take a turn for the worse. Grabbed up the ol trusty iPhone and turned off wifi access so I can go over crappy T-MOBILE 
, fired up chrome lets go. I hit https://Imnotgivingyoumydomain.duckdns.org:8123. Success, I get a login screen to my HA. Now this is where things go horribly wrong form my first ever attempt at the wonderful application. All I get is “Start over” many attempts later “start over”. HA logs this: WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from x.x.x.x(x.x.x.x)Requested URL: '/auth/login_flow/ (Mozilla/5.0 (iPhone; CPU iPhone OS 16_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/110.0.5481.83 Mobile/15E148 Safari/604.1) I’ve literally spent the past 3 days searching for answers online to no avail. I have not tried a reverse proxy yet, I have not tried another DNS service or SSL authority yet. But it just seams like to me this is something w/HA and not those parties. Is it possible I’ve missed something so small, I’m never going to find the answer for it here or anywhere else?
Sorry for my ignorance, I also see this in the HA logs: 2023-02-27 15:49:00.216 ERROR (MainThread) [aiohttp.server] Unhandled exception
Traceback (most recent call last):
File “/usr/local/lib/python3.10/asyncio/base_events.py”, line 1191, in _sendfile_fallback
read = await self.run_in_executor(None, file.readinto, view)
asyncio.exceptions.CancelledError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/local/lib/python3.10/site-packages/aiohttp/web_protocol.py”, line 514, in start
resp, reset = await task
File “/usr/local/lib/python3.10/site-packages/aiohttp/web_protocol.py”, line 460, in _handle_request
reset = await self.finish_response(request, resp, start_time)
File “/usr/local/lib/python3.10/site-packages/aiohttp/web_protocol.py”, line 613, in finish_response
await prepare_meth(request)
File “/usr/local/lib/python3.10/site-packages/aiohttp/web_fileresponse.py”, line 286, in prepare
return await self._sendfile(request, fobj, offset, count)
File “/usr/local/lib/python3.10/site-packages/aiohttp/web_fileresponse.py”, line 99, in _sendfile
await loop.sendfile(transport, fobj, offset, count)
File “/usr/local/lib/python3.10/asyncio/base_events.py”, line 1170, in sendfile
return await self._sendfile_fallback(transport, file,
File “/usr/local/lib/python3.10/asyncio/base_events.py”, line 1200, in _sendfile_fallback
await proto.restore()
File “/usr/local/lib/python3.10/asyncio/base_events.py”, line 268, in restore
self._transport.resume_reading()
File “/usr/local/lib/python3.10/asyncio/sslproto.py”, line 343, in resume_reading
self._ssl_protocol._transport.resume_reading()
AttributeError: ‘NoneType’ object has no attribute ‘resume_reading’
Looks like setting ip_ban_enabled: false in the configuration yaml did the trick. Begs the question what is it for if it is just going to “deny” everything by default? I still had a heck of a time getting this to work remotely on the iPhone using chrome. I had to clear the chrome cache/reboot iphone several times. Apparently duckdns and lets encrypt is doing something wonky with the redirects and how chrome handles TLS/SSL. Not sure what to think about that. But after all this is open source stuff and industry standards/RFCs might not be followed to the letter. Next we’ll attempt MF auth. God Speed.
I fixed the Unhandled exception by placing quotes around the external and internal URLs in the http section of configuration Yaml.