Home Assistant with Docker and Traefik

Im hoping someone here can help. I currently have Docker running on an Ubuntu Server 18.04. I have Traefik, Home Assistant and Portainer (all running the latest versions) running at the moment. I have Traefik setup with my DuckDNS account and its set up successfully with Lets Encrypt. The trouble Im having is that the HA page doesnt load fully when attempting to access it from the DuckDNS url. I am able to access Traefik’s front end just from from the url, but when I attempt to access HA the only thing that loads is the blue bar across the top. I checked the logs in HA but there wasnt anything that talked about blocked access. Im not sure what else to check. Ill post my configs below

docker-compose.yml

version: "3.6"
services:

  portainer:
    image: portainer/portainer
    container_name: portainer
    restart: always
    command: -H unix:///var/run/docker.sock
    ports:
      - "9000:9000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${USERDIR}/Docker/portainer/data:/data
      - ${USERDIR}/Docker/shared:/shared
    environment:
      - TZ=${TZ}

  homeassistant:
    container_name: homeassistant
    restart: always
    image: homeassistant/home-assistant
    volumes:
      - ${USERDIR}/Docker/homeassistant:/config
      - /etc/localtime:/etc/localtime:ro
      - ${USERDIR}/Docker/shared:/shared
    ports:
      - "8123:8123"
    privileged: true
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
    networks:
      - traefik_proxy
      - default
    labels:
      - "traefik.enable=true"
      - "traefik.backend=homeassistant"
      - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefixStrip: /homeassistant"
      - "traefik.port=8123"
      - "traefik.docker.network=traefik_proxy"
      - "traefik.default.protocol=http"
      - "traefik.frontend.headers.SSLRedirect=true"
      - "traefik.frontend.headers.STSSeconds=315360000"
      - "traefik.frontend.headers.browserXSSFilter=true"
      - "traefik.frontend.headers.contentTypeNosniff=true"
      - "traefik.frontend.headers.forceSTSHeader=true"
      - "traefik.frontend.headers.SSLHost=example.com"
      - "traefik.frontend.headers.STSIncludeSubdomains=true"
      - "traefik.frontend.headers.STSPreload=true"
      - "traefik.frontend.headers.frameDeny=true"

  traefik:
    hostname: traefik
    image: traefik:latest
    command: --api --docker
    container_name: traefik
    restart: always
    domainname: ${DOMAINNAME}
    networks:
#      - default
      - traefik_proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    environment:
      - DUCKDNS_TOKEN=${DUCKDNS_TOKEN}
    labels:
      - "traefik.enable=true"
      - "traefik.backend=traefik"
      - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefixStrip: /traefik"
      - "traefik.port=8080"
      - "traefik.docker.network=traefik_proxy"
      - "traefik.frontend.headers.SSLRedirect=true"
      - "traefik.frontend.headers.STSSeconds=315360000"
      - "traefik.frontend.headers.browserXSSFilter=true"
      - "traefik.frontend.headers.contentTypeNosniff=true"
      - "traefik.frontend.headers.forceSTSHeader=true"
      - "traefik.frontend.headers.SSLHost=example.com"
      - "traefik.frontend.headers.STSIncludeSubdomains=true"
      - "traefik.frontend.headers.STSPreload=true"
      - "traefik.frontend.headers.frameDeny=true"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${USERDIR}/Docker/traefik:/etc/traefik
      - ${USERDIR}/Docker/shared:/shared

networks:
  traefik_proxy:
    external:
      name: traefik_proxy
  default:
    driver: bridge

traefik.toml

    logLevel = "DEBUG" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC
defaultEntryPoints = ["https", "http"]

[api]
  entryPoint = "traefik"
  dashboard = true
  address = ":8080"
  usersFile = "/shared/.htpasswd"

# Force HTTPS
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[retry]

[file]
  watch = true
  filename = "/etc/traefik/rules.toml"

# Let's encrypt configuration
[acme]
email = "EMAIL"
storage = "/etc/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging = true
# onDemand = false #create certificate when container is created
onHostRule = true
# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
[acme.httpChallenge]
entryPoint = "http"

[[acme.domains]]
  main = "MY_DOMAIN.duckdns.org"

# Connection to docker host system (docker.sock)
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "MY_DOMAIN.duckdns.org"
watch = true
# This will hide all docker containers that don't have explicitly
# set label to "enable"
exposedbydefault = false

EDIT: I also tried re-creating the containers with all the - "traefik.frontend.headers. commented out but that didnt change anything.

I’m in the middle of setting this up right now to get rid of another box so I’m not at the HASS portion yet. But… you should switch your [acme] section around so you pull a wildcard cert for your duckdns domain.

# Let's encrypt configuration
[acme]
email = "[email protected]"
storage="/etc/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging=true
[acme.dnsChallenge]
  provider = "duckdns"
  delayBeforeCheck = 0
[[acme.domains]]
  main = "*.yourdomain.duckdns.org"
  sans = ["yourdomain.duckdns.org"]

For others searching for “Traefik”: execellent tutorial at: https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/

1 Like

Hello, @fletch8527 did you find a solution? I am in the same situation as you :confused:

Yea, I solved me issue by getting a SmartThings hub instead lol. I was using HA so that I could get Google Assistant integration. I later found that I would need to restart the Google App monthly to keep the integration (I didnt pay the subscription for HA) and that was enough to push me to get something that supported the integration without a monthly fee.

Sorry I couldnt be any more help

Anyway you have take time to answer me :+1:t3: I’ll share my result of I succeed