Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connection issues with proxied home assistant core in docker container #1821

Open
brecker opened this issue Oct 12, 2024 · 0 comments
Open

Connection issues with proxied home assistant core in docker container #1821

brecker opened this issue Oct 12, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@brecker
Copy link

brecker commented Oct 12, 2024

I've being banging my head with this issue over the past few days. My setup started as:

Home assistant core 2024-10-1 running in docker with bridge network 172.28.0.0/24
Local tuya 5.2.1
Nginx proxy manager setup with ssl on the same bridge network
LAN: 192.168.1.0/24 - host and tuya devices live here

services:
  homeassistant:
    container_name: homeassistant
    image: "ghcr.io/home-assistant/home-assistant:stable"
    volumes:
      - /opt/homeassistant/config:/config
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    privileged: true
    networks:
      npm_proxy:
        ipv4_address: 172.28.0.9

networks:
  default:
    driver: bridge
  npm_proxy:
    name: npm_proxy
    driver: bridge
    ipam:
      config:
        - subnet: 172.28.0.0/24

ip route show
default via 192.168.1.1 dev eno1 proto dhcp src 192.168.1.11 metric 100
10.100.0.0/24 dev wg0 scope link
10.100.0.123 dev wg0 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-56ec40dd7c1b proto kernel scope link src 172.18.0.1
172.19.0.0/16 dev br-f39cd61ced6d proto kernel scope link src 172.19.0.1 linkdown
172.28.0.0/24 dev br-26a20a3fcc21 proto kernel scope link src 172.28.0.1
192.168.1.0/24 dev eno1 proto kernel scope link src 192.168.1.11 metric 100

Like this local tuya wouldn't find any tuya device on the lan. My knowledge of iptables, routing and docker networks was not enough to figure how to fix this. So I attached a macvlan network to the home assistant installation container, giving it 192.168.1.2 addr and placed the router as gateway.

This actually made local tuya able to find devices. And cascaded into several other networking issues on my setup. I'm just going to detail one of them, cause I believe the same thing is happening with my tuya devices. For some reason my HA web would go unreachable from my nginx proxy gateway. When this happened it becomes reachable from the macvlan address (192.168.1.2). After some random time the macvlan address becomes unreachable and the proxy gateway comes back. I believe I fix this by setting the following on the nginx proxy manager advanced configuration:

listen 172.28.0.9:80;
listen 172.28.0.9:443 ssl;

If I restart HA all my local tuya devices are unavailable. Little by little they start coming to life (10 minutes to an hour). Some of them never come back online. This are my logs:

2024-10-12 19:19:07.011 ERROR (MainThread) [custom_components.localtuya.common] [ebb...ip2] Initial state update failed, giving up: DecodeError('could not decrypt data: wrong local_key? (exception: Expecting value: line 1 column 1 (char 0))')
2024-10-12 19:19:07.012 WARNING (MainThread) [custom_components.localtuya.common] [ebb...ip2] Disconnected - waiting for discovery broadcast
2024-10-12 19:19:09.932 WARNING (MainThread) [custom_components.localtuya.common] [eb3...ikd] Failed to connect to 192.168.1.16: [Errno 113] Connect call failed ('192.168.1.16', 6668)
2024-10-12 19:19:09.933 WARNING (MainThread) [custom_components.localtuya.common] [ebe...hfr] Failed to connect to 192.168.1.6: [Errno 113] Connect call failed ('192.168.1.6', 6668)

[ebb...ip2] Gives a decode error, double checked the local key and it has not changed. On the tuya iot dev site it is marked as offline. Both in smart life and official tuya integration the device is working. I don't think this error has something to do with the issue.

[eb3...ikd] [ebe...hfr] This two are actually online on the iot dev site and working on smart life and tuya integration, but can't connect to local tuya. While the other devices where coming online the same error was showed in the logs for them.

I believe that some sort of black magic is happening with routes, priority and network discovery. I don't know how to debug it, but I would bet that local tuya is trying to reach the devices from the bridge network and not the macvlan. At some point it manages to find the right path and connects to the devices. This could be hours and I might be triggering it somehow.

Is there a better way for letting local tuya connect to devices outside of a docker network? Should I stick with the macvlan route or there is a way to let local tuya connect to devices while being trapped in the docker bridge network?

Any help is welcomed.

Thanks!
@brecker brecker added the bug Something isn't working label Oct 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brecker