Apache reverse proxy configuration – Docker home assistant

fminarro · December 15, 2022, 10:24am

I can access my hassio instance through the IP 192.168.1.100:8123, within my LAN, and I am trying to configure the reverse proxy to be able to access homeassistant from outside the home.

Homeassistant is installed in Docker, and in a Debian 11 server where I also have CollaboraOffice online and Nextcloud installed, and we access all of this from WLAN because we resolve DNS with NO-IP

I have added the domain that I have created of homeassistant in NO-IP so that the IP can be resolved

Within /etc/apache2/sites-available I have created the file homeassistant.conf

<VirtualHost *:80>
         ServerName home-aaaaa.aaa.com

         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

then i did
a2ensite home assistant
systemctl reload apache2

I generated the certificates let’s script with certbot --apache and it was successful, and an SSL file called homeassistant-le-ssl.conf was generated

<IfModule mod_ssl.c>
<VirtualHost *:443>
         ServerName home-aaaaa.aaa.com

         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/home-aaaaa.aaa.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/home-aaaaa.aaa.com/privkey.pem
</VirtualHost>
</IfModule>

And I completed it with this code

<IfModule mod_ssl.c>
<VirtualHost *:443>
         ServerName home-aaaaa.aaa.com

         ProxyPreserveHostOn
         Proxy Requests Off
         ProxyPass /api/websocket ws://192.168.1.100:8123/api/websocket
         ProxyPassReverse /api/websocket wss://192.168.1.100:8123/api/websocket
         ProxyPass / http://192.168.1.100:8123/
         ProxyPassReverse / http://192.168.1.100:8123/

         RewriteEngine on
         RewriteCond %{HTTP:Upgrade} websocket [NC]
         RewriteRule ^/?(.*) ws://192.168.1.100:8123/$1 [P,L]

         <Location "/">
                 satisfy any
         </Location>
         <Location "/api">
                 satisfy any
         </Location>

         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/home-aaaaa.aaa.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/home-aaaaa.aaa.com/privkey.pem
</VirtualHost>
</IfModule>

I try to access the link home-aaaaa.aaa.com and I get the following message: 400: Bad Request

nielssiebert · January 2, 2023, 12:30am

Finally found a working configuration for an apache2 ssl proxy setup. Exactly what I needed. Thanks for posting this!


<IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:1443>
    ServerName myhostname.and.the.domain
    ErrorLog ${APACHE_LOG_DIR}/haerror.log
    CustomLog ${APACHE_LOG_DIR}/haaccess.log combined

    ProxyPreserveHost on

    <Location /api/websocket>
        ProxyPass wss://ip.adress.of.homassistant:8123/api/websocket
        ProxyPassReverse wss://ip.adress.of.homassistant:8123/api/websocket
        satisfy any
    </Location>

    <Location />
        ProxyPass http://ip.adress.of.homassistant:8123/
        ProxyPassReverse http://ip.adress.of.homassistant:8123/
        satisfy any
    </Location>

     RewriteEngine on
     RewriteCond %{HTTP:Upgrade} websocket [NC]
     RewriteRule ^/?(.*) ws://ip.adress.of.homassistant:8123/$1 [P,L]

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLUseStapling on
    SSLCertificateFile /etc/letsencrypt/live/myhostname.and.the.domain/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/myhostname.and.the.domain/privkey.pem
</VirtualHost>
</IfModule>

rolfinoz · January 7, 2023, 10:37am

I’m having an issue with an Apache 2 reverse Proxy and HA.

I have no problem getting the the HA login page, but after I login it fails to auth and keeps re-trying.

I had a slightly different config, but I am using the one from above and it behaves exactly the same.

Looking at the developer console I can see that it is failing to post to /auth/token resulting in an uncaught promise.

I have tried adding specific ProxyPass rules for /auth but it makes no difference.

Does anyone know the secret to making HA work with an Apache2 proxy?

fminarro · March 21, 2023, 4:17pm

Everything working.

The homeassistant-le-ssl.conf file finally looks like this.

<IfModule mod_ssl.c>
<VirtualHost *:443>
         ServerName home-aaaaa.aaa.com

         ProxyPreserveHostOn
         Proxy Requests Off
         ProxyPass /api/websocket ws://192.168.1.100:8123/api/websocket
         ProxyPassReverse /api/websocket wss://192.168.1.100:8123/api/websocket
         ProxyPass / http://192.168.1.100:8123/
         ProxyPassReverse / http://192.168.1.100:8123/

         RewriteEngine on
         RewriteCond %{HTTP:Upgrade} websocket [NC]
         RewriteRule ^/?(.*) ws://192.168.1.100:8123/$1 [P,L]

         <Location "/">
                 satisfy any
         </Location>
         <Location "/api">
                 satisfy any
         </Location>

         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/home-aaaaa.aaa.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/home-aaaaa.aaa.com/privkey.pem
</VirtualHost>
</IfModule>

And also inside homeassistant in the configuration.yaml file (in my case) I added the following:

http:
   use_x_forwarded_for: true
   trusted_proxies:
     - 192.168.1.1
     - 192.168.1.0/24

Visuel · April 6, 2023, 5:57pm

→ ProxyPreserveHost On

→ ProxyRequests Off