Hello, I am new to Home Assistant - moving away from Opehab after a several years as I see hassio v2 has more user friendly features -
I am trying to setup Home Assistant behind traefik inside a docker container.
My primary use case is:
- Add Garage and Lights to HA (they cannot connect to directly to Google Assistant)
- Setup Google Assistant to connect to HA
- Control Garage and Lights with Google Assistant
in Docker host_mode - #1 works, no problems with discovery etc. but I cannot send port 80 traefik to host mode since traefik is inside a private network. So canβt get Google to work
in docker-network mode - #1 wont work because the devices Ip are in a different subnet in host network.
My question is if I setup HA in host networking mode how can I redirect traffic from outside world to that container when traefik is defined in a separate network inside docker?
I read this link which talks about similar problem but I tried the suggested solutions and none of them worked for me so I thought I would post my configurations and see if someone can help me.
traefik compose :
version: "3.3"
services:
traefik:
image: traefik:latest
container_name: "traefik"
restart: always
command:
- "--global.sendAnonymousUsage=false"
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=myemail"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--entrypoints.websecure.http.middlewares=sts"
labels:
- traefik.enable=true
- traefik.http.routers.traefik.middlewares=auth
- traefik.http.middlewares.sts.headers.stspreload=true
- traefik.http.middlewares.sts.headers.stsseconds=31536000
ports:
- "80:80"
- "443:443"
networks:
docker-network:
aliases:
- traefik
volumes:
- ".traefik_data/:/letsencrypt"
- "./traefik_data/.htpasswd:/auth/.htpasswd"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
docker-network:
external: true
I also have single sign on enabled using this container below which redirects traffic to the appropriate container/ sub-domain
traefik-auth compose:
version: "3.3"
services:
traefik-forward-auth:
image: thomseddon/traefik-forward-auth:2.1-arm
container_name: "traefik-auth"
restart: always
environment:
- DEFAULT_PROVIDER=oidc
- PROVIDERS_OIDC_ISSUER_URL=https://login.microsoftonline.com/{tenant-id}/v2.0
- PROVIDERS_OIDC_CLIENT_ID={clientid}
- PROVIDERS_OIDC_CLIENT_SECRET={secret}
- SECRET={secret}
- DOMAIN={my domain name}
- LOG_LEVEL=debug
- AUTH_HOST=traefik-forward-auth.{my domain name}
networks:
docker-network:
aliases:
- traefik-auth
labels:
- traefik.enable=true
- traefik.http.routers.traefik-forward-auth.middlewares=auth
- traefik.http.routers.traefik-forward-auth.entrypoints=websecure
- traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4282
- traefik.http.middlewares.auth.forwardauth.address=http://traefik-forward-auth:4282
- traefik.http.middlewares.auth.forwardauth.authresponseheaders=X-Forwarded-User
networks:
docker-network:
external: true
finally my home assistant compose:
version: '3'
services:
homeassistant:
container_name: homeassistant
image: homeassistant/home-assistant:stable
networks:
docker-network:
aliases:
- homeassistant
ports:
- 8123:8123
volumes:
- .homeassistant_data:/config
restart: always
labels:
- "traefik.enable=true"
- "traefik.port=8123"
- "traefik.http.middlewares.ha.redirectscheme.scheme=https"
- "traefik.http.routers.ha.middlewares=auth"
- "traefik.http.routers.ha-insecure.rule=Host(`hassio.{my domain name}`)"
- "traefik.http.routers.ha-insecure.middlewares=ha"
- "traefik.http.routers.ha.rule=Host(`hassio.{my domain name}`)"
- "traefik.http.routers.ha.entrypoints=websecure"
- "traefik.http.routers.ha.tls.certresolver=myresolver"
- "traefik.http.services.ha.loadBalancer.server.port=8123"
networks:
docker-network:
external: true