Homeassistant config with Lighttpd (pihole)

Configuration
1

Im using:

  • raspberry pi 3
  • Raspbian stretch 4.14
  • PiHOLE
  • Homeassistant 0.87 - installed usuing the virtual enviroment
  • Lets Encrypt - cerbot thingy

I NEED HELP setting LIGHTTPD with HASS + PiHOLE and SSL so I can access my HASS installition from the outside through httpS

Notes and test:

  • -I have my IP being updated so traffic is always sent to my IP, etc. - I can access from outside and inside my network
  • -Modem is redirecting 80, 443 to Pi to serve pages
  • -Im able to access using the IP and the port 8123
  • -Im able to reach the pages set within lighhttp (pihole and other junk I set)
  • -Im running my lighttpd with HTTPs and enforcing redirection at the conf file level from 80 to 443
  • -I read that lighttpd does not work with proxy_pass and ssl like apache (I have an example of how my proxypass was working with apache here: Homeassistant does not work enabling ssl - #25 by aelg305

my HASS configuration.yaml

 http:
   base_url: mymainsite.com    # under this one, I dont know if I should include the port, since mymainsite.com points to an actual page or use an alias... like hass.mymainsite.com)
   ssl_certificate: !secret client_cert    # I have this currently commented since its not working)
   ssl_key: !secret client_key     # I have this currently commented since its not working)
   use_x_forwarded_for: True
   ip_ban_enabled: True
   login_attempts_threshold: 2
   trusted_proxies:
     - 127.0.0.1
     - ::1

I added the follwing to my lighttp.conf (external.conf - since pihole creates one and it gets reset/modified everytime pihole its updated…just to not lose my config)

The following code set for the SSL:

$SERVER["socket"] == ":443" {
    ssl.engine              = "enable"
    ssl.ca-file             = "/etc/letsencrypt/live/mymainsite.com/chain.pem"
    ssl.pemfile             = "/etc/letsencrypt/live/mymainsite.com/combined.pem"
    ssl.honor-cipher-order  = "enable"
    ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
    ssl.use-compression = "disable"
    setenv.add-response-header = (
        "Strict-Transport-Security" => "max-age=63072000; includeSubDomains; preload",
        "X-Frame-Options" => "DENY",
        "X-Content-Type-Options" => "nosniff"
    )
    ssl.use-sslv2 = "disable"
    ssl.use-sslv3 = "disable"
    ssl.dh-file = "/etc/ssl/certs/dhparam.pem"
    ssl.ec-curve = "secp384r1"
}

the following code would force HTTP to HTTPS under lighttpd

$SERVER["socket"] == ":80" {
    url.redirect = (
        "^/(.*)" => "https://mymainsite.com/$1"
    )
}
2

Hi!
I’m trying to achieve something quite similar, by using lighttpd as my web server in 80 and 443 and then passing a domain hass.myserverdomain to localhost:8123 where Hass is listening, but I am having problems as well with the redirection. I have it as well working under Apache2 but I want to change my whole site to be served only with lighttpd, did you manage to make it work? Thanks!

3

I currently use cluodflare…and got rid of all proxy installs and use the tunnel options… a LOT easier… however, if need to use some sort of proxy redirect, I used before the addon “Nginx Proxy Manager”…super easy to configure… catch is you need access to your router and point ports to your hass machine, etc… not needed with cloudflared…

If planning on moving to cloudflare and need help, reply back