#`2024-02-12 13:16:40.542 ERROR (

1 messages ยท Page 1 of 1 (latest)

void tulip
#

There you go ๐Ÿ˜‰

dull spokeBOT
void tulip
#

Probably you'll want to list the /24

shell compass
#

i have add some ip's to the configuration.yaml file under http trusted_proxies. I add 192.168.0.1 172.18.0.1/24, 172.18.0.5/24 and 172.18.0.0/24.
I'm back to office actually, ill send my configuration here when i'm back home

void tulip
#

Two of those /24s aren't valid

#

They should be removed, or turned into /32 (but there's no point given the last /24)

shell compass
#

i dont have let's encrypty configured btw.

void tulip
#

Hopefully you have that in Traefik

shell compass
#

Yeah, I mean, I don't have configure traefik for let's encrypt

void tulip
#

No SSL at all?

#

That's ... not good

shell compass
#

strangely, i have default certificats

#

heimdall was in https, my nginx test too, jellyfin too. But i dont have setup at all.

void tulip
#

For remote access, set up SSL properly

shell compass
#

This is my configuration.yaml from HA for the http :

http:
  ip_ban_enabled: false
  login_attempts_threshold: 5
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.0/24 # Local LAN Subnet
    - 172.18.0.0/24 # Docker Subnet
    - 127.0.0.1
    - ::1
    - fe80::/64
    - fe00::/64
    - fd00::/64```
#

and this is my traefik and HA docker compose :

services:
  traefik:
    image: traefik:v2.5
    command:
      - --global.sendAnonymousUsage
      - --log.level=INFO
      - --api.insecure=true
      - --api=true
      - --api.dashboard=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --certificatesresolvers.domaine_certs.acme.email=mail@outlook.fr
      - --certificatesresolvers.domaine_certs.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.domaine_certs.acme.storage=/acme.json
      - --certificatesresolvers.domaine_certs.acme.keytype=RSA4096
      - --certificatesresolvers.domaine_certs.acme.httpchallenge.entrypoint=domaine
      - --certificatesresolvers.domaine_certs.acme.httpchallenge=true
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - ./certs/acme.json:/acme.json
      - /var/run/docker.sock:/var/run/docker.sock

  homeassistant:
    image: ghcr.io/home-assistant/home-assistant:stable
    restart: unless-stopped
    environment:
      - TZ=Europe/Paris
    volumes:
      - /home/dudule100/GitLab/traefik/config/homeassistant:/config
      - /run/dbus:/run/dbus:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.homeassistant.rule=Host(`homeassistant.entrypoint=domaine.ovh`)"
      - "traefik.http.services.homeassistant.loadbalancer.server.port=8123"

networks:
  traefik_network:
    external: true
void tulip
#

You restarted HA after changing http?

shell compass
#

yep

void tulip
#

Check the log again ๐Ÿ˜‰

shell compass
#

each time i update something i force recreate HA

#

mhm, strange

#

may be a local cache probleme

#

the certificat :

void tulip
#

Well... that's unrelated to your HA config problem

#

One problem at a time ๐Ÿ˜‰

shell compass
#

yea yea, but it's not a problem btw, becaus i'm on https withouts any warnings like auto signed certificats or other thinks

#

lol, i stop and restart my container and i get : 2024-02-12 18:36:25.170 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy 172.27.0.2

#

why my ip change wtf ?