cstuder
(Christian Studer)
April 27, 2020, 1:25pm
1
There are multiple threads about using Home Assistant with Docker (Not Hass.io ) running in hosts mode and Traefik 2.2 as reverse proxy server. I have a fully working configuration with TLS from Let’s Encrypt.
I have to admit that I don’t fully understand how this is working. I found the extra_hosts
bit in this Gist over here: https://gist.github.com/gaieges/936bdf91e01e4cc782eb047e5873089b
Here is my working docker-compose.yaml
:
version: "3"
# Network stuff
services:
traefik:
image: traefik:v2.2
container_name: traefik
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=<MY-EMAIL-ADDRESS>"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- letsencrypt:/letsencrypt
extra_hosts:
- host.docker.internal:172.17.0.1 # I don't know why this is needed
homeassistant:
container_name: homeassistant
image: homeassistant/raspberrypi3-homeassistant:stable
volumes:
- homeassistant:/config
network_mode: host
ports:
- "8123:8123" # This is required as well.
expose:
- 8123 # As is this.
environment:
- TZ=Europe/Zurich
labels:
- traefik.enable=true
- traefik.http.routers.homeassistant.rule=Host(`<MY-DOMAIN-NAME>`)
- traefik.http.routers.homeassistant.entrypoints=websecure
- traefik.http.routers.homeassistant.tls.certresolver=myresolver
- traefik.http.services.homeassistant.loadbalancer.server.port=8123
volumes:
letsencrypt:
homeassistant:
Fill in <MY-EMAIL-ADDRESS>
and <MY-DOMAIN-NAME>
before using it.
Stores ACME certificates and the Home Assistant-configuration in Docker volumes.
Thanks to the TLS-Challenge for Let’s Encrypt I don’t even bother to open port 80.
I’m not sure how this works either. Trying to do the same thing and having no luck.
Gateway just times out.
version: '3'
services:
homeassistant:
container_name: hass
image: homeassistant/home-assistant:stable
volumes:
- /share/docker/homeassistant:/config
network_mode: host
ports:
- "8123:8123"
expose:
- 8123
environment:
- TZ=Europe/London
labels:
- traefik.enable=true
- traefik.http.routers.hass.rule=Host(`hass.domain.com`)
- traefik.http.routers.hass.entrypoints=websecure
- traefik.http.routers.hass.tls.certresolver=le
- traefik.http.services.hass.loadbalancer.server.port=8123
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--api.dashboard=true"
- "--api.debug=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "[email protected] "
- "--certificatesResolvers.le.acme.storage=/letsencrypt/acme.json"
- "--certificatesResolvers.le.acme.tlsChallenge=true"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
extra_hosts:
- host.docker.internal:172.17.0.1
Any ideas?
Well you don’t need to specifically map ports in your hass container if you are in host mode, one or the other. I’m surprised that docker doesn’t warn or error out on that (?)
MrNonoss
(Mr Nonoss)
June 7, 2020, 5:38pm
4
Hi there,
I wrote a paper on how to build à traefik V2 container and how to make it work with home assistant https://bordas.xyz/2020/04/14/en-avant-pour-traefik-v2-2-part1/
But it is in French
1 Like
I suck at writing down stuff, however, I tried.
Trying this technique, but my docker is giving error:
docker.errors.InvalidArgument: "host" network_mode is incompatible with port_bindings
I didn’t think we could specify ports if running host mode. How is it working for you guys?
This was way simpler to setup than I previously thought. Once you have traefik working you can simply add this entry:
homeassistant:
image: homeassistant/raspberrypi4-64-homeassistant:stable
volumes:
- ../hass-config:/config
network_mode: host
environment:
- TZ=America/Edmonton
labels:
- "traefik.enable=true"
- "traefik.http.routers.hass.rule=Host(`hass.${BASE_URL}`)"
- "traefik.http.routers.hass.entrypoints=websecure"
- "traefik.http.services.hass.loadbalancer.server.port=8123"
- "traefik.http.routers.hass.service=hass"
- "traefik.http.routers.hass.tls.certresolver=<your resolver>"
And since you are running this host mode, let traefik know that a request can be mapped to the default host:
extra_hosts:
- host.docker.internal:172.17.0.1
Pretty simple.
Followed this for the HA portion of my docker-compose and got it working finally! Thanks for the tips.
Just an FYI on the first line: version: "3"
equates to version: "3.0"
not version: "3.*"
Source https://stackoverflow.com/a/64568805/1465640
1 Like