Unsecure https access

Famku · May 5, 2020, 11:37pm

Hi,

I configured my auth_providers as discribed in the docs to get access without login on my digital signage pc.

homeassistant:
auth_providers:
- type: trusted_networks
trusted_networks:
- 192.168.0.0/24
- 127.0.0.1
- ::1
allow_bypass_login: true
- type: homeassistant

And it works without enter a login from LAN

After that I created an https access with Nginx Proxy Manager for the mobile app and it works too from WAN

BUT - after weeks I checked it from my work and can see that it is possible to enter the site WITHOUT a login!

Can someone tell me my mistake?

thanks in advance

anon43302295 · May 5, 2020, 11:56pm

At a guess your proxy is on 192.168.0.0/24, so any traffic that comes through it doesn’t need to login.

Famku · May 6, 2020, 12:10am

Hmm, you are right

so, it is not possible to set https without auto login from WAN and internal with auto login?

DavidFW1960 · May 6, 2020, 12:20am

it is. You just need to set

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1
    - ::1
  ip_ban_enabled: true
  login_attempts_threshold: 5

(IP_bans optional)

Famku · May 6, 2020, 7:59am

perfect, I didn’t know that

thank you very much for your help!