Media player ignores internal IP address; sends external IP such that media players do not work

[segdy]

The problem

Home Assistant ignores internal_url for usage in media player. As a result, my local media players obtain the external, public IP address and fail to connect back to Home Assistant.

This shows up in the log files when I play a file Door-Chime.mp3:

2022-11-25 10:59:14.381 DEBUG (MainThread) [aioslimproto.client] play url: https://ha.mydomain.net:8123/media/local/Door-Chime.mp3?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI4YTQ1NDUzODJjM2U0YTg5ODgxNzViMzM5YTY0ZmI0MSIsInBhdGgiOiIvbWVkaWEvbG9jYWwvRG9vci1DaGltZS5tcDMiLCJwYXJhbXMiOnt9LCJpYXQiOjE2Njk0MDI3NTQsImV4cCI6MTY2OTQ4OTE1NH0.ITBdriWwX9rgE6wSTjF1eDyxglFpDScMzHYS9Jx88EI                                                                                                                                                                                                                                       
2022-11-25 10:59:14.425 WARNING (MainThread) [aioslimproto.client] HTTPS stream requested but player does not support HTTPS, trying HTTP instead but playback may fail.                                                                                                                                                  
2022-11-25 10:59:14.429 DEBUG (MainThread) [aioslimproto.client] play url: http://ha.mydomain.net:8123/media/local/Door-Chime.mp3?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI4YTQ1NDUzODJjM2U0YTg5ODgxNzViMzM5YTY0ZmI0MSIsInBhdGgiOiIvbWVkaWEvbG9jYWwvRG9vci1DaGltZS5tcDMiLCJwYXJhbXMiOnt9LCJpYXQiOjE2Njk0MDI3NTQsImV4cCI6MTY2OTQ4OTE1NH0.ITBdriWwX9rgE6wSTjF1eDyxglFpDScMzHYS9Jx88EI 

Note that this is an external URL. However, I have explicitly configured HA to use an internal IP address as internal_url:

homeassistant:                                                                                                                                                                                                                                                                                                                
  unit_system: imperial                                                                                                                                                                                                                                                                                                    
  packages: !include_dir_named packages                                                                                                                                                                                                                                                                                    
  external_url: "https://ha.mydomain.net:8123"                                                                                                                                                                                                                                                                         
  internal_url: "https://10.227.79.10:8123"

As a result, when I play the file the media player tries connect to the public IP, instead of the internal one and of course fails to connect. This is shown on the console of my squeezelite-esp32 device:

[08:38:35.176766] output_flush:446 flush output buffer
[08:38:35.189561] codec_open:279 codec open: 'm'
[08:38:35.192700] stream_sock:508 connecting to 192.185.150.27:8123

[08:38:35.718954] stream_thread:246 error reading headers: closed

192.185.150.27 is my public IP and ha.mydomain.net resolves to it.

I have not found a way to configure an IP address for the media player or slimproto itself.

What version of Home Assistant Core has the issue?

2022.11.4

What was the last working version of Home Assistant Core?

No response

What type of installation are you running?

Home Assistant Core

Integration causing the issue

Slimproto

Link to integration documentation on our website

No response

Diagnostics information

diagnostic information in main report.

Example YAML snippet

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

[home-assistant[bot]]

squeezebox_player documentation squeezebox_player source

[home-assistant[bot]]

Hey there @rajlaud, mind taking a look at this issue as it has been labeled with an integration (squeezebox) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of `squeezebox` can trigger bot actions by commenting: - `@home-assistant close` Closes the issue. - `@home-assistant rename Awesome new title` Change the title of the issue. - `@home-assistant reopen` Reopen the issue. - `@home-assistant unassign squeezebox` Removes the current integration label and assignees on the issue, add the integration domain after the command.

_{^{(message by CodeOwnersMention)}}

---

squeezebox documentation squeezebox source _{^{(message by IssueLinks)}}

[segdy]

Why is this closed without reason? Can it be opened again? This is an actual issue with the implementation that should be fixed at some point or at least tracked.

[rajlaud]

cc: @marcelveldt - I believe this relates to the slimproto integration not the squeezebox integration

[marcelveldt]

I believe I have seen this issue before. Remove the https from the internal url and it will work.

[segdy]

@marcelveldt My problem is I can’t remove the https from intern URL because I use SSL also internally.

In my opinion, HA speaking to an IOT device is different than a person connecting via HA client and therefore connection details should be configurable. Even besides https, ideally I would like the device to connect to HA via IP address because IOT decides (incl speakers) are placed in a separate VLAN without DNS etc.

would it be possible to add a configuration option for this? For example:

slimproto:
    connection_url: https://10.227.67.1:8123/

The default value could be internal_url from the global URL, as before.

That would really be extremely valuable.

[marcelveldt]

Sorry, no this is not possible and a bad plan even. The client device would be missing the required certificate. Maybe have a valid internal DNS name and certificate in place for the internal url too ?

[segdy]

EDITED:

@marcelveldt Now I see what you are saying: The SSL certficiate would need to have all names in the CN. This is correct. However, this is different from my question. For one, I would disable the ssl check on the end devices (this is reasonable because all devices are in a secure, dedicated VLAN without any access except to HA). In the worst case, if this does not work I need to disable SSL on HA and use a reverse proxy on localhost.

My original bug report was that internal_url seems to be ignored. If I understand correctly, internal_url should be used for the squeezelite device to HA but instead the external IP is used. To quote from the original report:

homeassistant:                                                                                                                                                                                                                                                                                                                
  unit_system: imperial                                                                                                                                                                                                                                                                                                    
  packages: !include_dir_named packages                                                                                                                                                                                                                                                                                    
  external_url: "https://ha.mydomain.net:8123"                                                                                                                                                                                                                                                                         
  internal_url: "https://10.227.79.10:8123"

But squeezelite-esp32 prints the error:

[08:38:35.192700] stream_sock:508 connecting to 192.185.150.27:8123

192.185.150.27 is the public IP (ha.mydomain.net resolves to it). Ergo slimproto did not use internal_url but external_url to provide to the sequeezelite-esp32 device. Had it used internal_ip the error would be some sort of connection error to 10.227.79.10. This is regardless of SSL or not.

What can be the reason that slimproto does not use internal_url ?