Unsecure https access


I configured my auth_providers as discribed in the docs to get access without login on my digital signage pc.

- type: trusted_networks
- ::1
allow_bypass_login: true
- type: homeassistant

And it works without enter a login from LAN

After that I created an https access with Nginx Proxy Manager for the mobile app and it works too from WAN

BUT - after weeks I checked it from my work and can see that it is possible to enter the site WITHOUT a login!

Can someone tell me my mistake?

thanks in advance

At a guess your proxy is on, so any traffic that comes through it doesn’t need to login.

Hmm, you are right

so, it is not possible to set https without auto login from WAN and internal with auto login?

it is. You just need to set

  use_x_forwarded_for: true
    - ::1
  ip_ban_enabled: true
  login_attempts_threshold: 5

(IP_bans optional)

perfect, I didn’t know that

thank you very much for your help!