HA container's root webserver not accessible over vpn while HA container's web api and other containers on the same device are accessible.
pop-vapor opened this issue · 3 comments
The problem
I’m running containerized HA via docker-compose running on a raspberry pi 4 8gb
My HA instance is on at http://192.168.0.5:8123/, i can access that from the local net, but not the VPN
My Node-Red instance is accessible at http://192.168.0.5:1880/ from the local net and the VPN
My Hass-configurator instance is available at http://192.168.0.5:3218/, I can also access this from both the local net and vpn
I noticed that it seemed like the webpage was loading forever so I curled it, and that was successful as well. Let me know if any of you would like to see curl output
I only have one error in my error log, but I’ve been getting that error since I installed HA and long before I attempted connecting via VPN:
Logger: aiohttp.server
Source: /usr/local/lib/python3.12/site-packages/aiohttp/web_protocol.py:421
First occurred: 4:22:38 AM (92 occurrences)
Last logged: 4:30:14 AM
Error handling request
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/aiohttp/web_protocol.py", line 350, in data_received
messages, upgraded, tail = self._request_parser.feed_data(data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "aiohttp/_http_parser.pyx", line 557, in aiohttp._http_parser.HttpParser.feed_data
aiohttp.http_exceptions.BadStatusLine: 400, message:
Invalid method encountered:
b'\x16\x03\x01\x01T\x01'
Since I can navigate to the node-red and hass-configurator pages, I have to assume the issue lies directly with Home Assistant. I haven’t edited my configuration.yaml in any way to support using the VPN (i.e. allowing connection from the vpn’s lan), am I missing something?
Edit: Additional Note
I realized that the issue is with the reply from the HA webserver because of this:
I connected my phone to wi-fi and disabled the vpn, then logged into HA. On my dashboard there is a button card that controls a light in my room.
I disabled wifi and connected the vpn
I pressed the button to toggle the light, and the light toggles! The state of the button as shown by the page doesn’t change though. If i refresh the page, it times out. This leads me to believe that requests are getting sent to and processed by HA, HA just cant reply.
How can I troubleshoot the reason why the HA webserver isn’t replying to IP’s on the VPN lan?
Edit 2: I've also created a forum post and asked extensively in the discord about this, no one knows what the problem and since it's only occurring with the HA webserver I assume it's a HA bug.
What version of Home Assistant Core has the issue?
2024.5.3
What was the last working version of Home Assistant Core?
No response
What type of installation are you running?
Home Assistant Container
Integration causing the issue
http
Link to integration documentation on our website
https://www.home-assistant.io/integrations/http/
Diagnostics information
No response
Example YAML snippet
I made no changes to my configuration.yaml to support using the vpn. This is what my configuration.yaml looks like:
default_config:
scene: !include scenes.yaml
http:
trusted_proxies:
- 10.8.0.0/24
use_x_forwarded_for: true
sensor:
- platform: feedparser
name: New York Times
feed_url: 'https://rss.nytimes.com/services/xml/rss/nyt/NYRegion.xml'
date_format: '%a, %b %d %I:%M %p'
inclusions:
- title
- summary
- link
- media_content
scan_interval:
hours: 1
- platform: feedparser
name: Scientific American
feed_url: 'http://rss.sciam.com/ScientificAmerican-Global?format=xml'
date_format: '%a, %b %d %I:%M %p'
inclusions:
- title
- summary
- link
- image
scan_interval:
hours: 1
assist_pipeline:
debug_recording_dir: /config/www/assist_pipeline/
script: !include scripts.yaml
### Anything in the logs that might be useful for us?
_No response_
### Additional information
_No response_
Hey there @home-assistant/core, mind taking a look at this issue as it has been labeled with an integration (http
) you are listed as a code owner for? Thanks!
Code owner commands
Code owners of http
can trigger bot actions by commenting:
@home-assistant close
Closes the issue.@home-assistant rename Awesome new title
Renames the issue.@home-assistant reopen
Reopen the issue.@home-assistant unassign http
Removes the current integration label and assignees on the issue, add the integration domain after the command.@home-assistant add-label needs-more-information
Add a label (needs-more-information, problem in dependency, problem in custom component) to the issue.@home-assistant remove-label needs-more-information
Remove a label (needs-more-information, problem in dependency, problem in custom component) on the issue.
(message by CodeOwnersMention)
http documentation
http source
(message by IssueLinks)
Additional note:
I am able to create/get the state from a binary http sensor via curl on termux over the vpn. I used the following commands:
Create sensor:
curl -X POST -H "Authorization: Bearer LONG_LIVED_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"state": "off", "attributes": {"friendly_name": "Radio"}}' \
http://192.168.0.5:8123/api/states/binary_sensor.test
Get sensor state:
curl -X GET -H "Authorization: Bearer LONG_LIVED_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
http:/192.168.0.5:8123/api/states/binary_sensor.test
The sensor is being created with the POST, and the GET request for the sensor state is responded to properly over the vpn.
So HA is replying to curl requests over the vpn -- why isn't it replying to the HA app or standard web browsing over the vpn?
Edit: Additional api request testing
I've confirmed I can access the API over both the local net and vpn via the following jquery in Kiwi Browser dev console, with a successful replying showing sensor state:
fetch('http://192.168.0.5:8123/api/states/binary_sensor.test', {
method: 'GET',
headers: {
'Content-type': 'application/json',
'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkODMwMWVlYjBiYjg0MjkxOTQwNTlhZjFiZjliNTMxOSIsImlhdCI6MTcxNjAwNDc3MCwiZXhwIjoyMDMxMzY0NzcwfQ.vIkphM_9lrVPYaz8QjLqVelGvmF7OHo7-5y4HM9Xkbg',
'Origin': '10.8.0.6'
}
})
.then(res => res.json())
.then(console.log)
On the same browser (kiwi-browser), I am unable to navigate to the root home assistant webpage (http://192.168.0.5:8123/) while on the VPN, it times out after loading forever. Looking at the dev console, I can see that only the initial page load request is sent, and nothing is sent back.
Why can I access the api everywhere, but the root webserver only on the local net?