I’m trying to add Grafana dashboards to HA using a lovelace webpage panel. As I access my HA instance through a public web address, I use letsencrypt SSL certs and an Nginx reverse proxy. This means that I also need to use SSL to access grafana within HA.
I have added a location block to my proxy which shows the grafana dashboard at /grafana. This works fine when left unrestricted. However, I would like this to only be accessible on my local network, as I do not use authentication for Grafana, so I have added an:
allow 192.168.0.0/24
deny all
My thinking is that Home Assistant will be able to access the page locally and show it in the webpage panel. By default, the panel goes to my public domain which is then forwarded to the nginx server with a client address that matches the public IP. This obviously gets blocked as the public IP is not local to my network. Therefore, I am trying to resolve my domain name to the server’s IP address locally on the server so that the request from HA’s webpage panel will go directly to Nginx, bypassing the external lookup.
The problem: Trying to access the dashboard through HA results in a blocked request as the IP is showing as the external public one.
This suggests to me that the domain name is not resolving correctly using my /etc/hosts file? Or am I way off track here and the domain will need to be resolved using a DNS server for some reason?
My HA container is running with the network mode as “host” and I have tried adding a mapping in /etc/hosts, as well as the docker “extra_hosts” option. These seem to create the correct mapping for the container as pinging my domain name within that container results in the correct IP address. Additionally, the /etc/hosts file within the container shows the mapping. I have also tried adding a /etc/nsswitch.conf file to the container which did not make a difference.
Further details:
- HA version: 2021.9.6
- Image: ghcr.io/home-assistant/home-assistant:stable