Hi - Did you ever find a solution that you can share? I have been attempting the exact same thing - QTS cert with Lets Encrypt - and have not been able to figure it out myself. I have not found any information to say definitively that it is possible, or not possible, but it seems like we should be able to do this! Others have suggested passing certs through linked volumes, or using a reverse proxy (“Caddy”), but I have been successful.
I’m using HA with TS228 for few months now. All what you need is just intall a docker with python 3.6 which you can find in official qnap cs repo and then install there HA as decribed in HA manual. Works OK. Just install that docker witch /bin/bash in command section of container station and here you go.
Hi. Do you found any solutions?
I abandoned using HA on my QNAP NAS, and am now using it on a Raspberry Pi with Hassbian. Getting Let’s Encrypt setup on Hassbian was a very easy. Also, this setup give me the advantage of connecting the Pi’s HDMI out to my not-so-smart TV, which I can now turn on and off with the HDMI CEC component.
I’ve tried to install Python’s docker image from Container Station but when I start it the console says the same error: Fatal Python error: failed to get random numbers to initialize Python. What I wrong?
You have to find python docker from qnap. Just look at container station and it is on the top. You don’t have to search it in the docker hub. Unfortunatelly ts228 has to old kernel and without patching you can’t compile the python. Python 3.6 need kernel 3.17 and up.
Yes, I have checked this and the newest commit not working… I use ithis one: arm32v7/python:3.6.4-slim-jessie
With latest firmware upgrade (4.3.4.0695) the Python and homeassistant/armhf-homeassistant start without error.
I’m going to test in depth, because the first impression is that the container usages a lot of memory and cpu and it slows the NAS.
My NAS has a ARMv7 CPU and 1GB of RAM.
For me that container isn’t too havy. RAM usage about 64% and CPU lower then 10% (total). I have TS228…
Hi, can you help me understand how to set up ssl at container station. I have static IP, ports 80 and 443 uses by NAS. What is the best choice for me: nginx, caddy, traeffic, something else? I have domain name like xxx.qnapcloud.com can use this name or I have to create new (duckdns)? I dont know NAT or HOST, right envroments for docker. I will be grateful for any help.
I have been running HA and NodeRed on QNAP in docker for months. The only thing that is frustrating is the lack of documentation for both (getting SSL to work was a nightmare, now its hell to get discovery to work). I used the LetsEncrypt function in QNAP, got the cert and key files, copied them to a location on my mapped HA /config location and updated my configuration.yaml file. I am using qnapcloud.com as the external name and it works great (as long as you use that for your lets encrypt). I am running the 77.2 HA.
I am not the best at this but I will try to help if you have questions.
Looks unbelievable for me. It’s so easy and this was just what I tried without any resultat of course.
Can you share your http config from configuration.yaml?
This what I did:
- download letsencrypt key and cert from my qnap security settings page
- upload files at /www/ssl folder
- add to conf file
base_url: https://ххх.myqnapcloud.com:8123
(any combination http/https with and without port)
server_port: 8123
ssl_certificate: /local/ssl/SSLcertificate.crt
ssl_key: /local/ssl/SSLprivatekey.key
and fiasco…
After that I looking for how to setup ssl via reverse proxy at container station.
Here is my http section of my config file
http:
api_password: !secret http_password
base_url: xxxxxx.myqnapcloud.com
ssl_certificate: /config/tts/SSLcertificate.pem
ssl_key: /config/tts/SSLprivatekey.pem
I am running HA in a docker container in Container Station. I use Host for network and map a folder to /config (I also put my key and cert in the tts folder under config). The cert and key are the ones you get after using QNAPs letsencrypt (I used xxxxx.myqnapcloud.com as the address I wanted and just renamed the files from crt and key to pem). I haven’t done the reverse proxy yet so not sure how that would work yet.
Thanks. I’ll try it.
update
Finally i’ve got secure connection. Thanks a lot!
@blackgold9, thanks for finding the port conflicting between discovery and the nfs service! Another work around, though less robust and will likely break again after and update, is to change the port number in daikin.py
. I rely on nfs for file sharing my NAS, so this was a better option for me than tampering with the nfs port, even though it requires some maintenance.
After ssh’ing into the QNAP terminal (and installing vim
):
$ docker exec -it [homeassistant container name] bash
root@homeserver:/usr/src/app# vi /usr/local/lib/python3.6/site-packages/netdisco/daikin.py
Change the UDP_SRC_PORT = 30000
line to UDP_SRC_PORT = 30005
.
Restarted the container and discovery is working without errors (and I keep nfs).
Not sure if this should be a new topic, but how are people upgrading their installations? Mine was running fine for ages but when I came to update to 0.83.2 I got ‘connection refused’ error from my browser when trying to access HA at 8123.
My process was to stop the old container the create a new one from the latest image - same settings (Host network, Privileged mode, pointing to a separate config folder).
Still mucking around trying to fix it but be good to know if anyone else has experienced the same.
My advice is to look at the Breaking Changes for the new version. I had to go back and forth 2 or 3 times until finding my issue. I use Owntracks and the configuration changed in 0.83. Without the proper change HASS won’t start properly (won’t crash either).
Same issue (also on QNAP), changing the port in daikin.py solved it for me. thanks!
I have a QNAP NAS and I was hesitant to setup HA on it - worried about upgrades, redundancies. I set it up on a RPI and so far things seem to be ok, but I am seeing it slow down. If you were to start fresh would you still use the docker and HA on QNAP or is it not worth the hassle and keep it on a RPI?