From ba78eb060f49277c95acb96bdcda193f86e8b4fa Mon Sep 17 00:00:00 2001 From: kisfenyo Date: Wed, 25 Feb 2026 19:10:26 +0100 Subject: [PATCH] home-assistant: add trusted_proxies entrypoint wrapper HA rejects proxied requests (400 Bad Request) without trusted_proxies in configuration.yaml. Uses entrypoint wrapper pattern (like romm) to ensure the http config block exists before HA starts. Handles both fresh deploys (creates full configuration.yaml) and existing installs (appends http block if missing). Co-Authored-By: Claude Opus 4.6 --- templates/home-assistant/docker-compose.yml | 23 +++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/templates/home-assistant/docker-compose.yml b/templates/home-assistant/docker-compose.yml index a0aa905..29faf34 100644 --- a/templates/home-assistant/docker-compose.yml +++ b/templates/home-assistant/docker-compose.yml @@ -11,6 +11,29 @@ services: image: ghcr.io/home-assistant/home-assistant:2026.2.2 container_name: home-assistant restart: unless-stopped + entrypoint: ["/bin/sh", "-c"] + command: + - | + # Ensure reverse-proxy (Traefik) trusted_proxies config exists. + # 172.16.0.0/12 covers all Docker bridge networks. + CFG=/config/configuration.yaml + if [ -f "$$CFG" ] && ! grep -q 'trusted_proxies' "$$CFG"; then + printf '\nhttp:\n use_x_forwarded_for: true\n trusted_proxies:\n - 172.16.0.0/12\n' >> "$$CFG" + elif [ ! -f "$$CFG" ]; then + cat > "$$CFG" << 'HACFG' + default_config: + frontend: + themes: !include_dir_merge_named themes + automation: !include automations.yaml + script: !include scripts.yaml + scene: !include scenes.yaml + http: + use_x_forwarded_for: true + trusted_proxies: + - 172.16.0.0/12 + HACFG + fi + exec /init environment: - TZ=Europe/Budapest volumes: