This morning I wake up and I’m missing my normal notifications and I couldn’t pull up my HA instance.
I restarted the container from my phone but that didn’t solve the issue. I then checked it via the LAN IP and it was working fine. So this made me poke around nginx logs to see if I could find the issue. I couldn’t.
After 15 minutes I opened up my config directory in finder and noticed that one of the files there was modified today at 12:26 AM. The file was called ip_bans.yaml and contained the IP 172.19.0.3. Deleting this file and restarting the docker solved my access issue.
I then tried login with incorrect credentials and got this message. It turns out, my NGINX was not forwarding the external IP to my HA instance, so when HA decided to block the ip, it had blocked the LetsEncrypt docker IP so I could no longer access HA through the reverse proxy.
I then went into my NGINX config and confirmed I had the X-Forwarded-For header included, and it was. It turns out, my issue was not declaring the use_x_forwarded_for and trusted_proxies properties in the http block. To add these, I first moved my container to a new network that I created only for this container. This is done via docker network create nginx and then using docker network inspect nginx to view the network details. Finally, I added these properties as follows:
|
1 2 3 4 |
http: use_x_forwarded_for: True trusted_proxies: - 172.22.0.0/16 |
Testing the system again reveals the true IP of the client:
I need to look into whether this IP for the LetsEncrypt/NGINX container will change upon reboot.
Be First to Comment