search

home-assistant / core

:house_with_garden: Open source home automation that puts local control and privacy first.
https://www.home-assistant.io
Apache License 2.0
68.78k stars 28.1k forks source link

When using strict connection mode, add-on webpage is not working via local IP #116152

Open TyzzyT opened 1 week ago

TyzzyT commented 1 week ago

The problem

I have the NGINX reverse proxy add-on setup and I set strict_connection: drop_connection When going to the public URL (https://subdomain.mydomainname.com:8124/) the File editor, InfluxDB or Frigate add-on is working, but when going to the local url (https://192.168.2.250:8124/) the add-ons are not working and showing 401: Unauthorized.

I believe this is a bug, because I'm coming from a local IP and my browser session is authenticated because the regular frontend of HA is working.

What version of Home Assistant Core has the issue?

2024.5.0b0

What was the last working version of Home Assistant Core?

never

What type of installation are you running?

Home Assistant OS

Integration causing the issue

http

Link to integration documentation on our website

https://rc.home-assistant.io/integrations/http/#strict-connection-mode

Diagnostics information

No response

Example YAML snippet

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
  strict_connection: drop_connection

Anything in the logs that might be useful for us?

No response

Additional information

No response

home-assistant[bot] commented 1 week ago

Hey there @home-assistant/core, mind taking a look at this issue as it has been labeled with an integration (http) you are listed as a code owner for? Thanks!

Code owner commands Code owners of `http` can trigger bot actions by commenting: - `@home-assistant close` Closes the issue. - `@home-assistant rename Awesome new title` Renames the issue. - `@home-assistant reopen` Reopen the issue. - `@home-assistant unassign http` Removes the current integration label and assignees on the issue, add the integration domain after the command. - `@home-assistant add-label needs-more-information` Add a label (needs-more-information, problem in dependency, problem in custom component) to the issue. - `@home-assistant remove-label needs-more-information` Remove a label (needs-more-information, problem in dependency, problem in custom component) on the issue.

(message by CodeOwnersMention)

http documentation http source (message by IssueLinks)

edenhaus commented 1 week ago

Can you please enable debug logs for http intgeration, set the strict_connection option to guard_page to get any feedback. Do you see the guard_page, when accessing from the local IP address? Strict connection should not return a status code on drop_connection

TyzzyT commented 1 week ago

I set strict_connection to guard_page. When I go to an add-on via the local IP, I still receive the 401: Unauthorized error In home-assistant.log there is this when I get the http 401 error.

2024-04-26 16:50:48.430 DEBUG (MainThread) [homeassistant.components.http.auth] Authenticated 172.30.32.2 for /api/core/state using bearer token
2024-04-26 16:50:48.434 DEBUG (MainThread) [homeassistant.components.http.auth] Authenticated 172.30.32.2 for /api/services using bearer token
2024-04-26 16:50:48.448 DEBUG (MainThread) [homeassistant.components.http.auth] Authenticated 172.30.32.2 for /api/core/state using bearer token
2024-04-26 16:50:48.453 DEBUG (MainThread) [homeassistant.components.http.auth] Authenticated 172.30.32.2 for /api/events using bearer token
2024-04-26 16:50:48.460 DEBUG (MainThread) [homeassistant.components.http.auth] Authenticated 172.30.32.2 for /api/core/state using bearer token
2024-04-26 16:50:48.467 DEBUG (MainThread) [homeassistant.components.http.auth] Authenticated 172.30.32.2 for /api/states using bearer token
edenhaus commented 1 week ago

Please post all logs as the above one only tell me that everything is working correctly. If strict connection is blocking your request, there should be another log entry

TyzzyT commented 6 days ago

The logs are showing some sensitive information, like automation title will tell the world what I've automated and what not. Can you please tell me what line you're looking for so I can search through the logs for you?

edenhaus commented 6 days ago

If strict connection blocked the request you see [homeassistant.components.http.auth] Perform strict connection action for X

Can you please share which addon has the issue? I cannot reproduce it

TyzzyT commented 5 days ago

All add-ons are having this issue: File editor, Frigate, InfluxDB, Terminal, Google Drive backup. No errors in the log saying [homeassistant.components.http.auth] Perform strict connection action for X