HomeAssistant / Traefik/ host_mode inside docker and Google Assitant

Tags: #<Tag:0x00007f739010d6b8> #<Tag:0x00007f739010d5c8> #<Tag:0x00007f739010d4d8>

Hello, I am new to Home Assistant - moving away from Opehab after a several years as I see hassio v2 has more user friendly features -

I am trying to setup Home Assistant behind traefik inside a docker container.
My primary use case is:

  1. Add Garage and Lights to HA (they cannot connect to directly to Google Assistant)
  2. Setup Google Assistant to connect to HA
  3. Control Garage and Lights with Google Assistant

in Docker host_mode - #1 works, no problems with discovery etc. but I cannot send port 80 traefik to host mode since traefik is inside a private network. So can’t get Google to work
in docker-network mode - #1 wont work because the devices Ip are in a different subnet in host network.

My question is if I setup HA in host networking mode how can I redirect traffic from outside world to that container when traefik is defined in a separate network inside docker?

I read this link which talks about similar problem but I tried the suggested solutions and none of them worked for me so I thought I would post my configurations and see if someone can help me.

traefik compose :

version: "3.3"
services:
  traefik:
    image: traefik:latest
    container_name: "traefik"
    restart: always
    command:
      - "--global.sendAnonymousUsage=false"
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.myresolver.acme.email=myemail"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      - "--entrypoints.websecure.http.middlewares=sts"
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.middlewares=auth
      - traefik.http.middlewares.sts.headers.stspreload=true
      - traefik.http.middlewares.sts.headers.stsseconds=31536000
    ports:
      - "80:80"
      - "443:443"
    networks:
      docker-network:
        aliases:
          - traefik
    volumes:
      - ".traefik_data/:/letsencrypt"
      - "./traefik_data/.htpasswd:/auth/.htpasswd"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
  docker-network:
    external: true

I also have single sign on enabled using this container below which redirects traffic to the appropriate container/ sub-domain
traefik-auth compose:

version: "3.3"
services:
  traefik-forward-auth:
    image: thomseddon/traefik-forward-auth:2.1-arm
    container_name: "traefik-auth"
    restart: always
    environment:
      - DEFAULT_PROVIDER=oidc
      - PROVIDERS_OIDC_ISSUER_URL=https://login.microsoftonline.com/{tenant-id}/v2.0
      - PROVIDERS_OIDC_CLIENT_ID={clientid}
      - PROVIDERS_OIDC_CLIENT_SECRET={secret}
      - SECRET={secret}
      - DOMAIN={my domain name}
      - LOG_LEVEL=debug
      - AUTH_HOST=traefik-forward-auth.{my domain name}
    networks:
      docker-network:
        aliases:
          - traefik-auth
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik-forward-auth.middlewares=auth
      - traefik.http.routers.traefik-forward-auth.entrypoints=websecure
      - traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4282
      - traefik.http.middlewares.auth.forwardauth.address=http://traefik-forward-auth:4282
      - traefik.http.middlewares.auth.forwardauth.authresponseheaders=X-Forwarded-User
networks:
  docker-network:
    external: true

finally my home assistant compose:

version: '3'
services:
  homeassistant:
    container_name: homeassistant
    image: homeassistant/home-assistant:stable
    networks:
      docker-network:
        aliases:
          - homeassistant
    ports: 
      - 8123:8123
    volumes:
      - .homeassistant_data:/config
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.port=8123"
      - "traefik.http.middlewares.ha.redirectscheme.scheme=https"
      - "traefik.http.routers.ha.middlewares=auth"
      - "traefik.http.routers.ha-insecure.rule=Host(`hassio.{my domain name}`)"
      - "traefik.http.routers.ha-insecure.middlewares=ha"
      - "traefik.http.routers.ha.rule=Host(`hassio.{my domain name}`)"
      - "traefik.http.routers.ha.entrypoints=websecure"
      - "traefik.http.routers.ha.tls.certresolver=myresolver"
      - "traefik.http.services.ha.loadBalancer.server.port=8123"

networks:
  docker-network:
    external: true

Did you ever work this out?

Hard to find a decent Traefik x Home Assistant config to use.

Yes I did. See this post in traefik support:

1 Like