Closed julienbenjamin closed 1 year ago
ewilly
commented
1 year ago hello, could you retry with last version and let me know ? if not better perhaps use an other webbrower as some auth issue appears with firefox but apprently not with chrome (see Recurrent Login attempt or request with invalid authentication #90117...
chexxor
commented
1 year ago I'm getting this error, also. This is new for me.
If I remember correctly when I was researching this error in the past, it was due to: 1) Yunohost's SSOWat app blocking access on the "/api" path. or 2) The Nginx configuration wasn't working with SSOWat.
I see a change was recently made to the "nginx.conf" file: https://github.com/YunoHost-Apps/homeassistant_ynh/commit/7ca85d997cddc97726cf7041fd13cd20322f9ee9 Maybe that change is related?
chexxor
commented
1 year ago The issue and patch I made in the past to fix this issue: https://github.com/YunoHost-Apps/homeassistant_ynh/issues/161 https://github.com/YunoHost-Apps/homeassistant_ynh/pull/162
It looks like that patch was lost when this package was upgraded to the version 2 of the Yunohost packaging format a few months ago.
chexxor
commented
1 year ago We might want to reference other Yunohost packages to see how they write their Nginx configurations to support API calls passing through SSOWat.
Perhaps the Peertube package's configuration can help? https://github.com/YunoHost-Apps/peertube_ynh/blob/fbf90aa8845edfb8bc1f75e335ea706203fe77e7/conf/nginx.conf#L10
In that configuration, the location @api block defines settings for proxying requests to a backend server at http://127.0.0.1:__PORT__. The @api is a named location in Nginx syntax. The named location "@api" is later referenced in other location blocks using the try_files directive, which allows requests to be redirected to the "@api" location for further processing.
Later in that block, Nginx is configured to proxy requests to the "/api/v1/..." path:
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
client_max_body_size 6M; # default is 1M
more_set_headers "X-File-Maximum-Size : 4M always"; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
try_files /dev/null @api;
}Look at our nginx.conf file: https://github.com/YunoHost-Apps/homeassistant_ynh/commit/9ec86f8899ef2979b984fee0667029b8b69a50e8. It's much more simple and doesn't include special handling for requests on the "/api" path.
What path does HomeAssistant use for API requests from its web frontend?
Here's what mine is sending: GET | https://home.example.com/api/config/config_entries/flow/...
Does someone want to try adding a configuration section to proxy requests having paths like this?
chexxor
commented
1 year ago I tried it and got an error loading HomeAssistant because websockets weren't proxied.
HomeAssistant was sending requests to here: wss://home.example.com/api/websocket
With the following nginx.conf file, my HomeAssistant instance seems to be working again:
location @api {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 100k; # default is 1M
proxy_connect_timeout 10m;
proxy_send_timeout 10m;
proxy_read_timeout 10m;
send_timeout 10m;
proxy_pass http://127.0.0.1:8123;
}
location @api_websocket {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8123;
}
location / {
try_files /dev/null @api;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}
# Plugin websocket routes
location ~ ^/api/websocket {
try_files /dev/null @api_websocket;
}I'll stop my troubleshooting for now. If someone wants to make a Pull Request with these changes, I'd be glad to see it! Or if someone has improvements on this suggested fix!
ewilly
commented
1 year ago
Yunohost's SSOWat app blocking access on the "/api" path. or
The Nginx configuration wasn't working with SSOWat.
Package is designed to be allowed to vistors group by default so with no interaction with SSOWat. NGINx conf is the default one provide here https://github.com/home-assistant/addons/blob/master/nginx_proxy/rootfs/etc/nginx.conf
Unfortunally i need more context to test by myself what is falling...
mgorfer
commented
1 year ago I have the same issue on a fresh installation of Yunohost and homeassistant_ynh on my Raspberry Pi 4 Model B.
Changing the /etc/yunohost/apps/homeassistant/conf/nginx.conf, as @chexxor recommended in his post above, also did not help in my case.
ewilly
commented
1 year ago hum i am able to repoduce the issue with zigbee integration. On firefox with strict mode against tracking or Librewolf it give me a 401. But it works well in chrominium bowser with default settings. So the issue seems not to be in the app itself but possibly due to settings in your browser.
Describe the bug
I went to configure a new device and ran into "Config flow could not be loaded: 401: Unauthorized" when using the "Configure" button. It seems that any integration triggers this.
At first glance, it looks like an authentication issue from the logs:
Context
homeassistant 2023.5.3~ynh1Steps to reproduce
SettingsIntegrationsConfigurefor any device discoveredConfig flow could not be loaded: 401: UnauthorizedExpected behavior
I would have expected the usual popup to finalize the integration and choose the proper settings.
Logs
Nothing appears in Yunohost logs, the last entry is from a few days ago when I installed Home Assistant: