![]() ![]() TLS Certificate: Pick the certificate that you created early on with the ACME plugin.Leave out the latter if you don’t wish to respond on IPv6. HTTP Listen Address: Clear this out unless you want to proxy HTTP for some reason.In Configuration → HTTP(S) → HTTP Server define the actual server to listen for HTTP connections:. ![]() ![]() Advanced Proxy Options → WebSocket Support: ✓.In Configuration → HTTP(S) → Location define what will get redirected to the Upstream:.In Configuration → Upstream → Upstream define a grouping of upstream servers, in this case the one you defined in the previous step:.Port: 8123 (the port you have Home Assistant running on, 8123 is the default).Server: 192.168.2.23 (your Home Assistant device).In Configuration → Upstream → Upstream Server define your HA instance as a server:.If you don’t do this, or specify the wrong trusted_proxy, you will receive a 400: Bad Request error when trying to access the site via the proxy: This tells HA to accept proxied connections from the gateway. On your Home Assistant instance, add the following to the configuration.yaml.Set up the ACME plugin to get a certificate for the hostname you will be using for, in this case.In this example will resolve to 24.25.26.13 on the public internet, and 192.168.2.1 at home, which are the WAN and LAN interfaces on the OPNsense box. Set up DNS so the hostname you wish to use is accessible internally and externally.I’m leaving the DNS and certificate sides of this out, as they’ll really vary and are well documented elsewhere. After a bit of frustration, fooling around and unexpected errors I got things working, so I wanted to share a simple summary of what it took to make it work. My firewall at home runs OPNsense which has an NGINX Plugin, along with a full featured ACME client that I’m already using for other certificates, so it was perfect for doing this forwarding. I’m not about to expose something with credentials across the public internet via plain HTTP, so I wanted to do this proxying on my firewall instead of on the device itself. It has some minor built in support for HTTPS by using the NGINX proxy and Let’s Encrypt (LE) Add-ons, but for a couple of reasons I didn’t like this solution. It has a great mobile client that’ll work across the public internet, but HA itself unfortunately it only does HTTP by default. I’ve been experimenting with Home Assistant (HA) for some temperature monitoring around the house. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |