I thought this was resolved with 0.85.x as for a glorious few weeks everything just worked, but now it’s back with a vengeance. My web interface is inaccessible, and I don’t know why, and really that’s about all the information I can give you to request your help with. I’m at my wits end. If I can’t get this resolved I’m going to need to find another platform. Not being able to control my devices for extended periods of time is not good, and it really upsets the W.A.F.
There are no errors in my log file, and ‘debug’ output on http is laughable. I have an nginx proxy configured on another machine that most of my stuff goes through but I don’t think that is my problem, as the problem existed prior to me adding it, and again for a few weeks during 0.85.x everything worked perfectly. I could restart HA and everything would come back without a hitch. I just restarted it last night and it had an uptime of 90 days.
When this occurs it, it happens after I restart HA after a configuration change, it then takes 5-15 restarts / maybe a day before it decides to come back, with absolutely no change since the initial restart. I’m currently on restart 30 and it’s not happening.
I’m running an up to date hassbian install on a pi 3b+. my mariadb lives on another server to reduce load / speed up HA (which it does dramatically). if I access https://myha.domain.com I get a variety of results, either 502s, the ha login screen that goes to the retry screen, and pressing retry just keeps looping. Currently if I got to http://raspberry:8123 I get “ERR_EMPTY_RESPONSE”
#user nobody;
worker_processes 1;
# This default error log path is compiled-in to make sure configuration parsing
# errors are logged somewhere, especially during unattended boot when stderr
# isn't normally logged anywhere. This path will be touched on every nginx
# start regardless of error log location configured here. See
# https://trac.nginx.org/nginx/ticket/147 for more info.
#
error_log /var/log/nginx/error.log;
#
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
# Update this line to be your domain
server_name myha.domain.com;
# These shouldn't need to be changed
listen [::]:80 default_server ipv6only=off;
listen [::]:81 default_server ipv6only=off;
return 301 https://$host$request_uri;
proxy_buffering off;
location / {
proxy_pass http://x.x.x.114:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
server {
# Update this line to be your domain
server_name myha.domain.com;
# Ensure these lines point to your SSL certificate and key
# Use these lines instead if you created a self-signed certificate
ssl_certificate /usr/local/etc/nginx/ssl/cert.pem;
ssl_certificate_key /usr/local/etc/nginx/ssl/key.pem;
# Ensure this line points to your dhparams file
ssl_dhparam /usr/local/etc/nginx/ssl/dhparams.pem;
# These shouldn't need to be changed
listen [::]:443 default_server ipv6only=off http2;
# listen [::]:444 default_server ipv6only=off http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl on;
ssl_protocols TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
proxy_buffering off;
location / {
proxy_pass http://x.x.x.114:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
}
Here are the relevant parts of my configuration.yaml. It’s a disaster thus I’m not posting the whole thing. I need to clean it up / separate it out.
homeassistant:
# Name of the location where Home Assistant is running
name: Home
# Location required to calculate the time the sun rises and sets
latitude: !secret home_lat
longitude: !secret home_long
# Impacts weather/sunrise data (altitude above sea level in meters)
elevation: 8.8392
# metric for Metric, imperial for Imperial
unit_system: imperial
# Pick yours from here: http://en.wikipedia.org/wiki/List_of_tz_database_time_zones
time_zone: America/Los_Angeles
# Customization file
customize: !include customize.yaml
auth_providers:
- type: homeassistant
# Uncomment next line if you want to enable legacy API password support
# - type: legacy_api_password
#service: logger.set_level
# data:
# homeassistant.components: warning
# homeassistant.components.http: debug
# homeassistant.components.websocket_api: debug
# Logging settings
logger:
default: warn # default logging level
logs:
homeassistant.components.shell_command: debug
homeassistant.components.media_player.plex: debug
homeassistant.components.http: debug
homeassistant.components.websocket_api: debug
# Enable the auth component
auth:
# Show links to resources in log and frontend
#introduction:
# Enables the frontend
frontend:
# Enables configuration UI
config:
http:
# Secrets are defined in the file secrets.yaml
api_password: !secret http_password
# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
base_url: https://myha.domain.com
use_x_forwarded_for: true
trusted_proxies:
- x.x.x.50
# - ipv6 address
ip_ban_enabled: true
login_attempts_threshold: 5
trusted_networks:
- 127.0.0.1
- ::1
- x.x.x.0/24
- y.2.y.0/24
- z.168.z.0/24
# Checks for available updates
# Note: This component will send some information about your system to
# the developers to assist with development of Home Assistant.
# For more information, please see:
# https://home-assistant.io/blog/2016/10/25/explaining-the-updater/
updater:
# Optional, allows Home Assistant developers to focus on popular components.
# include_used_components: true
# Discover some devices automatically
discovery:
# Allows you to issue voice commands from the frontend in enabled browsers
conversation:
# Enables support for tracking state changes over time
history:
# View all events in a logbook
logbook:
# Enables a map showing the location of tracked devices
map:
recorder:
db_url: !secret db_connect_string
# Track the sun
sun:
# iOS
ios:
lovelace:
mode: yaml
Here’s the log
2019-02-13 11:23:13 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection.1695024560] Connected
2019-02-13 11:23:13 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection.1695024560] Sending {‘ha_version’: ‘0.86.4’, ‘type’: ‘auth_required’}
2019-02-13 11:23:13 INFO (MainThread) [homeassistant.components.http.view] Serving /auth/token to x.x.x.106 (auth: False)
2019-02-13 11:23:13 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection.1695024560] Disconnected
2019-02-13 11:23:19 INFO (MainThread) [homeassistant.components.http.view] Serving /api/websocket to x.x.x.106 (auth: False)
2019-02-13 11:23:19 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection.1695143152] Connected
2019-02-13 11:23:19 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection.1695143152] Sending {‘ha_version’: ‘0.86.4’, ‘type’: ‘auth_required’}
2019-02-13 11:23:19 INFO (MainThread) [homeassistant.components.http.view] Serving /auth/token to x.x.x.106 (auth: False)
2019-02-13 11:23:19 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection.1695143152] Disconnected
2019-02-13 11:23:25 INFO (MainThread) [homeassistant.components.http.view] Serving /api/websocket to x.x.x.106 (auth: False)
2019-02-13 11:23:25 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection.1694380656] Connected
2019-02-13 11:23:25 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection.1694380656] Sending {‘ha_version’: ‘0.86.4’, ‘type’: ‘auth_required’}
2019-02-13 11:23:25 INFO (MainThread) [homeassistant.components.http.view] Serving /auth/token to x.x.x.106 (auth: False)
2019-02-13 11:23:25 DEBUG (MainThread) [homeassistant.components.websocket_api.http.connection.1694380656] Disconnected
I’ve deleted the ip_bans.yaml and restarted, and it hasn’t reappeared.
So what does these logs mean? does auth: False mean it doesn’t need to authenticate since it’s on a trusted network? or does it mean it failed authentication? if so, why? and if so, why is it that restarting 5+ times will randomly make it start working again?
Also this is what I use to restart HA:
systemctl restart [email protected] && tail -F home-assistant.log
How do I fix this and make it reliable so that I’m not fearful of restarting HA?
Please help
- Frustrated