Migrating from container to HAOS I still wanted to use a minimal expose for google assistant.
This is based on Reddit: Google Assistant + Nginx with minimal expose
As of now I have this setup up and running.
Setup
Addons
- Terminal & SSH (or other way of configure files in
share) - Duck DNS
- Standard config
- Let’s Encrypt
- Domain: Change to your domain and a random string.
[A_RANDOM_STRING].[MY_SUBDOMAIN].duckdns.org
(as I use Duck DNS and http and wildcard is not allowed)
- Domain: Change to your domain and a random string.
- NGINX Home Assistant SSL proxy
- Domain:
[MY_SUBDOMAIN].duckdns.org - Customize:
- Domain:
active: true
default: nginx_proxy_default*.conf
servers: nginx_proxy/*.conf
Customize config
Extra customize config, use terminal or ssh to edit files:
cd /share
nano nginx_proxy_default_deny_all.conf
In the file put the configuration below, it will block everything in default configuration.
deny all;
return 444;
Now lets setup the nginx
mkdir nginx_proxy
cd nginx_proxy
nano homeassistant.subdomain.conf
In the file put the configuration below, to setup nginx.
Change:
[A_RANDOM_STRING][A_SECOND_RANDOM_STRING][IP_OF_HOMEASSISTANT][PORT_OF_HOMEASSISTANT]
server {
listen 443 ssl http2;
server_name [A_RANDOM_STRING].*;
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_certificate /ssl/fullchain.pem;
ssl_certificate_key /ssl/privkey.pem;
# dhparams file
ssl_dhparam /data/dhparams.pem;
proxy_buffering off;
# External access for Google Assistant
location /ext/google/[A_SECOND_RANDOM_STRING] {
set $upstream_app [IP_OF_HOMEASSISTANT];
set $upstream_port [PORT_OF_HOMEASSISTANT];
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port/api/google_assistant;
}
location /ext/google/[A_SECOND_RANDOM_STRING]/auth/token {
set $upstream_app [IP_OF_HOMEASSISTANT];
set $upstream_port [PORT_OF_HOMEASSISTANT];
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port/auth/token;
}
# These are required for signing in. These can be disabled after first sign in
location /ext/google/[A_SECOND_RANDOM_STRING]/auth/authorize {
set $upstream_app [IP_OF_HOMEASSISTANT];
set $upstream_port [PORT_OF_HOMEASSISTANT];
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port/auth/authorize;
}
# These are required for signing in. These can be disabled after first sign in
location ~ /(frontend_latest/|static/|auth/providers|auth/login_flow) {
set $upstream_app [IP_OF_HOMEASSISTANT];
set $upstream_port [PORT_OF_HOMEASSISTANT];
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
Google Assistant Setup
Then follow the setup Manual Home Assistant Google Assistant with this small changes.
- Fulfillment URL:
https://[A_RANDOM_STRING].[MY_SUBDOMAIN].duckdns.org/ext/google/[A_SECOND_RANDOM_STRING]
- Authorization URL:
https://[A_RANDOM_STRING].[MY_SUBDOMAIN].duckdns.org/ext/google/[A_SECOND_RANDOM_STRING]/auth/authorize
- Token URL:
https://[A_RANDOM_STRING].[MY_SUBDOMAIN].duckdns.org/ext/google/[A_SECOND_RANDOM_STRING]/auth/token
Clean up
As seen in the configuration homeassistant.subdomain.conf, the two last endpoints can be commented out when setup is completed. Remove or comment out (# infront on each row)
...
# These are required for signing in. These can be disabled after first sign in
location /ext/google/[A_SECOND_RANDOM_STRING]/auth/authorize {
set $upstream_app [IP_OF_HOMEASSISTANT];
set $upstream_port [PORT_OF_HOMEASSISTANT];
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port/auth/authorize;
}
# These are required for signing in. These can be disabled after first sign in
location ~ /(frontend_latest/|static/|auth/providers|auth/login_flow) {
set $upstream_app [IP_OF_HOMEASSISTANT];
set $upstream_port [PORT_OF_HOMEASSISTANT];
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
...
GL