Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with ssl_peer_certificate #2433

Closed
smarti opened this issue Jan 15, 2021 · 2 comments
Closed

Issue with ssl_peer_certificate #2433

smarti opened this issue Jan 15, 2021 · 2 comments
Labels
stale

Comments

@smarti
Copy link

smarti commented Jan 15, 2021

Describe the issue

On multiple Home Assistant installs (both fresh installs and updates from older versions) I have run into an issue when setting up the ssl_peer_certificate in the configuration.yaml of Home Assistant.

When this value is set, it seems that the other containers managed by supervisor are no longer able to connect to the home assistant core container. (See error log). I can reproduce and fix the errors only by removing or adding above value to the configuration.yaml.

Steps to reproduce

  1. Set up external reverse proxy (NGINX)
  2. Port forward traffic to local home assistant
  3. Create self-signed certificates using openssl package (debian) and place in /ssl/ folder
  4. Add the following configuration to configuration.yaml:
http:
    #Secure connection
    ssl_certificate: /ssl/cert.pem
    ssl_key: /ssl/key.pem
    ssl_peer_certificate: /ssl/proxy.pem
    
    #Reverse proxy
    use_x_forwarded_for: true
    trusted_proxies:
    - <PROXY IP>
  1. Restart Home Assistant

Enviroment details

  • Operating System:: Home Assistant OS 5.8
  • Supervisor version:: 2020.12.7
  • Home Assistant version: 2020.12.1

Supervisor logs

Supervisor logs 
21-01-15 12:14:49 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:14:54 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:14:59 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:15:04 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:15:09 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:15:14 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:15:19 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:15:24 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:15:29 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:15:34 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:15:39 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:15:44 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:15:49 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:15:54 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:15:59 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:16:04 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:16:10 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:16:15 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:16:20 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:16:25 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:16:30 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:16:35 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:16:40 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:16:45 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:16:50 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:16:55 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:17:00 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:17:05 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:17:10 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:17:15 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:17:20 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:17:25 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:17:30 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:17:35 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:17:40 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:17:45 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:17:50 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:17:55 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:18:00 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:18:05 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:18:10 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:18:15 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:18:20 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:18:25 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:18:30 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:18:35 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:18:41 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:18:46 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:18:51 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:18:56 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:19:01 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:19:06 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:19:11 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:19:16 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:19:21 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:19:26 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:19:31 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:19:36 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:19:41 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:19:46 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:19:51 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:19:56 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:20:01 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:20:06 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:20:11 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:20:16 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:20:19 INFO (MainThread) [supervisor.resolution.check] Starting system checks with state CoreState.RUNNING
21-01-15 12:20:19 INFO (MainThread) [supervisor.resolution.check] System checks complete
21-01-15 12:20:20 INFO (MainThread) [supervisor.updater] Fetching update data from https://version.home-assistant.io/stable.json
21-01-15 12:20:21 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:20:25 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/home-assistant/addons repository
21-01-15 12:20:25 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/hassio-addons/repository repository
21-01-15 12:20:25 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/danielwelch/hassio-zigbee2mqtt repository
21-01-15 12:20:25 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/yllibed/hassio repository
21-01-15 12:20:26 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:20:27 INFO (MainThread) [supervisor.store] Loading add-ons from store: 70 all - 0 new - 0 remove
21-01-15 12:20:27 INFO (MainThread) [supervisor.store] Loading add-ons from store: 70 all - 0 new - 0 remove
21-01-15 12:20:31 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:20:36 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:20:41 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:20:46 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:20:48 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:20:51 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:20:56 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:21:01 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:21:07 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:21:12 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected
21-01-15 12:21:17 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:21:22 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:21:27 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:21:32 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:21:37 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:21:42 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:21:47 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:21:52 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:21:57 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:22:02 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: [Errno 104] Connection reset by peer
21-01-15 12:22:07 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/config: Server disconnected

System Information

System Information 
## System Health

version | 2020.12.1
-- | --
installation_type | Home Assistant OS
dev | false
hassio | true
docker | true
virtualenv | false
python_version | 3.8.6
os_name | Linux
os_version | 5.4.79-v8
arch | aarch64
timezone | Europe/Amsterdam

<details><summary>Home Assistant Community Store</summary>

GitHub API | ok
-- | --
Github API Calls Remaining | 4938
Installed Version | 1.9.0
Stage | running
Available Repositories | 718
Installed Repositories | 8

</details>

<details><summary>Home Assistant Cloud</summary>

logged_in | false
-- | --
can_reach_cert_server | ok
can_reach_cloud_auth | ok
can_reach_cloud | ok

</details>

<details><summary>Hass.io</summary>

host_os | Home Assistant OS 5.8
-- | --
update_channel | stable
supervisor_version | 2020.12.7
docker_version | 19.03.13
disk_total | 56.5 GB
disk_used | 15.4 GB
healthy | true
supported | true
board | rpi4-64
supervisor_api | ok
version_api | ok
installed_addons | File editor (5.0.0), Terminal & SSH (8.6.0), Samba share (9.2.0), Mosquitto broker (5.1), AirCast (2.3.2), ESPHome (1.15.3), Check Home Assistant configuration (3.6.0), deCONZ (6.5.0), Google Assistant SDK (2.5.0), motionEye (0.9.0), Spotify Connect (0.8.2), MPD (1.4.2), ympd (1.0.1), AdGuard Home (2.6.1)

</details>

<details><summary>Lovelace</summary>

dashboards | 3
-- | --
mode | storage
views | 11
resources | 0

</details>

<details><summary>Spotify</summary>

api_endpoint_reachable | ok
-- | --

</details>
@smarti smarti added the bug label Jan 15, 2021
@pvizeli pvizeli removed the bug label Jan 18, 2021
@mdegat01
Copy link
Contributor

mdegat01 commented Mar 2, 2021
edited

I just ran into the exact same issue today. I wanted to make it so only my reverse proxy could talk directly to HA but I forgot all the addons go through supervisor to get to core via the supervisor/core API. Everything broke dramatically when I added this option and I had to reboot the host to revert the config change (HA kept saying it was busy when I tried to just reboot core).

Would be nice if there was a way to provide supervisor with a client certificate to use when talking to HA. Also a certificate authority to use for validating the certificate HA is presenting since it has to be self-signed with a local address like homeassistant. I assume supervisor is just not validating that certificate currently.

@github-actions
Copy link

github-actions bot commented May 1, 2021

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by adding a comment 👍
This issue has now been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label May 1, 2021
@github-actions github-actions bot closed this as completed May 8, 2021
@github-actions github-actions bot locked and limited conversation to collaborators Jun 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mdegat01 @pvizeli @smarti