I need to be able to use classic docker containers outside of HA addons, which means HA OS or HA supervised installations are not an option for me, because the system would become unhealthy. I have to use normal docker container. I already know how to install services that would normally be HA addons (like zigbee2mqtt) as separate docker containers. But I have a problem.
All I succeeded to do for now is to make them run in a completely separate web UI. I have my HA UI at homeassistant.mydomain.com, and zigbee2mqtt at zigbee.mydomain.com. But that is not very convenient, because I have to change page if I want to see HA settings and z2m settings. I would prefer to have the same behaviour as when those services are installed as HA addons, meaning that I want them to be visible and usable as tabs in HA UI left bar. But not accessible on their own outside of HA UI
I know that pages can be added as iframes. But if I simply point to the service locally (z2m web ui), I will have a problem with https (my reverse proxy is caddy). Locally, that page with be http and browsers don’t allow iframes if the page the iframe is pointing too isn’t in https as the main HA UI page. But if I want to add https to z2m web ui, then it means I need to still have a subdomain for it, and have it exposed and accessible outside HA web UI.
I see no way out of this.
Could someone help me on this problem ? Is there a solution that I don’t see ?
Thanks in advance for any answer.
But as @nickrout said, this will only work on my LAN. I want to be able to access this outside of my network, hence my problem with https that I explained.
I run a docker VPN that lets me gain access to my entire network but there are likely a few cons with this approach as it requires a port open on my router, a dns url, a dns updater as I have a dynamic ip from my isp, and my laptop and phone require a client so I can enable the VPN. It does work but not ideal for everyone I understand. Good luck .
@pcwii@SaladCesar If you have a working solution with your VPN, I would probably not change until a need arises. That said, I have been very happy moving from a VPN to ZeroTier solution. It addresses all of the VPN negative points you highlight. My firewall device can host it natively, which makes it even better, but docker based setups are available.
Hi,
Thanks for your answer but I don’t see the connection between a VPN / zerotier and my issue with integrating third party services into HA UI. Could you explain a bit more on this ?
Hi,
I don’t think a VPN would be a solution because I can already without any issue access HA and any other third party service from the outside. My problem is with how to integrate those services into HA.
= reproduce with a docker install the behaviour of HA addons on HA OS. But those 2 last points are a problem and I didn’t find a solution in a year. I find strange that I found very little people searching to do this.
Not sure if you were directing this point to me or not :
Hi, Thanks for your answer but I don’t see the connection between a VPN / zerotier and my issue with integrating third party services into HA UI. Could you explain a bit more on this ?
I am far from a Zerotier expert, however I have used both VPN and Zerotier to access a private LAN behind a firewall/public router device. From using both, hands down Zerotier is the very good solution.
To your ‘integration’ requirement.
once you launch Zerotier client on phone, notebook or whatever devices they support as clients, this device is ‘inside’ your private network.
I think you can do a lot of restrictions with Zerotier, for example limiting the external client to just the IP address of the docker host that hosts Home Assistant and your other docker base apps that you are materializating in HA’s sidebar. I used such a Zerotier config, however, I allow access to full subnets within the private LAN. However, from my noob understanding of Zerotier you should be able to be far more restrictive. For a device that is within the private LAN, not via Zerotier, if you want to limit these to only the HA GUI, I think you are going to need some additional firewall system that you put the docker host behind.
From my experience, if you can get a URL to the service on your LAN and get it into the HA side bar, it is accessible via Zerotier from external as well as from clients inside your private LAN.
External access to a private LAN is certainly more complex than most folks configs, so do do you homework and access testing to make sure you private parts are secure from the outside IP world.
Not well versed here perhaps but is an unhealthy system actually a problem if you ran Ubuntu or something?
My main system has been working well (AFAIK) for a couple of years since Ubuntu was relegated to unhealthy.