Good morning,
I would like to install Nginx on another RPi3 B+ and use it to act as a link between HA (on RPi3 with O.S. hass.io) and the external network, how do I configure all this? will the Google Assistant component work? if so how do I configure it?
ok, but does it work with the google assistant component?
and for certificates created with let’s encrypt?
Use NGINX to handle that, not Home Assistant.
My own writeup is here. I use Let’s Encrypt on NGINIX, and the Google Assistant component.
So in the configuration of Nginx I have to point to certificates created with Let’s encrypt?
to configure GA how should I do?
Yes
Don’t worry about that - you’re over thinking things You don’t have to configure each component on the proxy, you’re simply forwarding all connections to HA after all.
ok, but in the GA platform which address should I put?
last thing works with a domain on duckdns?
You only have ONE URL. The point of the reverse proxy is to only expose the reverse proxy, not the direct connection to the server being proxied.
of course
Here is a WORKING config that I use:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
# Update this line to be your domain
server_name domain.com;
# These shouldn't need to be changed
listen 80;
return 301 https://$host$request_uri;
}
server {
# Update this line to be your domain
server_name domain.com;
# Ensure these lines point to your SSL certificate and key
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
# Ensure this line points to your dhparams file
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
# These shouldn't need to be changed
listen 443 http2; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
#listen 80 http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
access_log /var/log/nginx/hass.access.log;
error_log /var/log/nginx/hass.error.log;
proxy_buffering off;
location / {
proxy_pass http://homeassistant.ip.address:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
So I do not have to reconfigure Google Assistant?
thanks for the clarity now I have to buy RPi3 B+
Do you already have the Google Assistant component enabled and configured?
Yes, I have already configured and enabled the component for Google Assistant
You will need to reconfigure it to go to your public URL that you are serving through NGINX reverse proxy
If it is the same URL, then there is nothing to configure.
should you also leave port 8123 in the GA configuration?
well, that depends. are you going to run the proxy on port 8123 (which kind of defeats the purpose of the reverse proxy)?
If no, then you will need to reconfigure GA URL
what do you mean: which kind of defeats the purpose of the reverse proxy?
I would like to be able to protect all RPi3 with O.S. Hass.io
A reverse proxy doesn’t really ‘protect’ the OS.
What exactly are you looking to do? What do you think the reverse proxy does?