Cannot Enable SSL on Home Assistant on Docker Compose

trcgno48 · July 13, 2024, 12:36pm

Hi everyone,

May I get an insight on enabling SSL on my docker compose Home Assistant installation?

I have spent some time figuring out what I am missing and even followed this solved issue: https://community.home-assistant.io/t/privkey.pemconfigure-ssl-with-docker/196878

Below is my working directory and /config has the fullchain.pem and privkey.pem files.

user@server:~/homeassistant/config$ pwd
/home/user/homeassistant/config

Here’s my configuration.yaml file input:

# Loads default set of integrations. Do not remove.
default_config:

# Load frontend themes from the themes folder
frontend:
  themes: !include_dir_merge_named themes

automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

http:
  ssl_certificate: /home/user/homeassistant/config/fullchain.pem
  ssl_key: /home/user/homeassistant/config/privkey.pem

After restarting the docker container, I always head to Recovery Mode?

Does anyone have an insight on this?

Regards,

trcgno48 · July 14, 2024, 1:47pm

Anyone? Any insights? Cheers.

AleXSR700 · July 14, 2024, 7:17pm

I have not tried it myself but did your terminal quote suggests that you created a folder config inside the folder homeassistant.
If so, then in your condiguration.yaml you would need ...\config\config\..., would you not?

If you use VSC Code or HA terminal or something, maybe connect to the server and see if the files are actually where you think they are.

If that is not the issue, then with deprecated base_url, do you maybe need to define internal and external url? But that is just a complete stab in the dark.

tmjpugh · July 14, 2024, 10:01pm

And the docker compose you are using?

trcgno48 · July 15, 2024, 1:07am

I am using nano in the terminal.

I used the OpenSSL instruction inside the /config folder inside /homeassistant, so fullchain.pem and privkey.pem would already be inside the /config folder.

Another thread suggested the /config/config input. I tried it but to no avail.

Below is the realpath result for fullchain.pem

user@server:~/homeassistant/config$ realpath fullchain.pem
/home/user/homeassistant/config/fullchain.pem
user@server:~/homeassistant/config$

trcgno48 · July 15, 2024, 1:13am

Sure, here is the .yml file content:

services:
  homeassistant:
    container_name: homeassistant
    image: "ghcr.io/home-assistant/home-assistant:stable"
    volumes:
      - /home/user/homeassistant/config:/config
      - /etc/localtime:/etc/localtime:ro
      - /run/dbus:/run/dbus:ro
    restart: unless-stopped
    privileged: true
    network_mode: host

Everything’s stable in my setup. I just need the SSL, like everyone else, before I resort to a different way of encryption. Cheers.

tmjpugh · July 15, 2024, 1:18am

Your pointing to folder on server but should point to folder in container

http:
ssl_certificate: /config/fullchain.pem
ssl_key: /config/privkey.pem

HA cannot see /home folder below

http:
ssl_certificate: /home/user/homeassistant/config/fullchain.pem
ssl_key: /home/user/homeassistant/config/privkey.pem

trcgno48 · July 15, 2024, 1:45am

Welp, to be fair to myself, I tried this entry over and over again:

http:
ssl_certificate: /config/fullchain.pem
ssl_key: /config/privkey.pem

My problem is that I have been getting the recovery mode issue because I kept on typing my ip with https without logging out of Home Assistant, so the browser doesn’t recognise the certificate yet. What a basic negligence on my part!

Anyway, that’s the problem with working so late early in the morning…

Thanks for reminding @tmjpugh and the browser update, requiring me to restart it. Without your reply and the update, I wouldn’t have tried the entry again. I guess my brain that time was the one that was on limp/safe/recovery mode. Cheers