I’m trying to set up HA and I’ve successfully done that, but I want it to be accessible externally, and use network mode host so it has more capability. I’ve got traefik running fine with all my other services, but this is the first time I’ve had to provide a service that isn’t on the same backend network I’ve created for traefik and every other service. I mostly followed smarthomebeginner’s guides for setting a lot of stuff up, but I tried following their section on adding external things to traefik, but it’s not working out well.
Here’s my traefik config.yml:
#Traefik 2 - Reverse Proxy
traefik:
container_name: traefik
image: traefik:2.2.1
restart: unless-stopped
command:
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=false
- --entryPoints.http.address=:80
- --entryPoints.https.address=:443
- --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
- --entryPoints.traefik.address=:8080
- --api=true
- --log=true
- --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --accessLog=true
- --accessLog.filePath=/traefik.log
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- --accessLog.filters.statusCodes=400-499
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
- --providers.docker.exposedByDefault=false
- --providers.docker.network=m2_proxy
- --providers.docker.swarmMode=false
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
# - --providers.file.filename=/path/to/file # Load dynamic configuration from a file.
- --providers.file.watch=true # Only works on top level files in the rules folder
# - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
- --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
networks:
- m2_proxy
security_opt:
- no-new-privileges:true
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- target: 8080
published: 8080
protocol: tcp
mode: host
volumes:
- $DOCKERDIR/traefik2/rules:/rules
- /var/run/docker.sock:/var/run/docker.sock:ro
- $DOCKERDIR/traefik2/acme/acme.json:/acme.json
- $DOCKERDIR/traefik2/traefik.log:/traefik.log
- $DOCKERDIR/shared:/shared
environment:
- CF_API_EMAIL=$CLOUDFLARE_EMAIL
- CF_API_KEY=$CLOUDFLARE_API_KEY
labels:
- "traefik.enable=true"
# HTTP-to-HTTPS Redirect
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# HTTP Routers
- "traefik.http.routers.traefik-rtr.entrypoints=https"
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
- "traefik.http.routers.traefik-rtr.tls=true"
# - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
- "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME"
- "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME"
## Services - API
- "traefik.http.routers.traefik-rtr.service=api@internal"
## Middlewares
- "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file"
Here’s my HA config.yml:
home-assistant:
image: lscr.io/linuxserver/homeassistant:latest
container_name: home-assistant
network_mode: host
environment:
PUID: $PUID
PGID: $PGID
TZ: $TZ
volumes:
- $DOCKERCONFDIR/home-assistant:/config
ports:
- 8123:8123
restart: unless-stopped
Here’s a rule I tried to create for HA:
/rules/app-HA.toml
[http.routers]
[http.routers.[redacted]-rtr]
entryPoints = ["https"]
rule = "HostHeader(`[redacted].[redacted].com`)"
service = "[redacted]-svc"
middlewares = ["chain-no-auth"]
[http.routers.[redacted]-rtr.tls]
certresolver = "dns-cloudflare"
[http.services]
[http.services.[redacted]-svc]
[http.services.[redacted]-svc.loadBalancer]
passHostHeader = true
[[http.services.[redacted]-svc.loadBalancer.servers]]
url = "https://[redacted]:8123/:8123"
And here’s the best error I can get from the above configs:
2022-09-04T03:17:10.693117793Z time="2022-09-04T03:17:10Z" level=debug msg="Serving default certificate for request: \"[redacted].[redacted].com\""
I feel like this has to be something simple, I’m just not knowledgeable enough and looking on these forums and google hasn’t provided me with a solution I know how to implement.