My Docker Stack

Ok so here is what I just tried.

in pfSense. Port Foward ports 80 & 443 to the Docker instance (192.168.30.6)
in Docker run:

docker create
–cap-add=NET_ADMIN
–name=letsencrypt
-v /letsencrypt/config:/config
-e PGID=1000 -e PUID=1000
-e [email protected]
-e URL=XXXX.duckdns.org
-e VALIDATION=http
-p 80:80 -p 443:443
-e TZ=America/Chicago
linuxserver/letsencrypt

It compiled and is running. (looks like I tried this before but forgot to move the corresponding rules in pfSense above my default block rules).

So now I can hit https://xxxx.duckdns.org but I get a default “this page is being setup”.

I am trying to figure this part out now. Is this done in the router?

Ok I got a little further. I added this to my default.conf:

server {
	listen 443 ssl default_server;

	root /config/www;
	index index.html index.htm index.php;

#	server_name _;
	server_name wwpi.duckdns.org;

	# all ssl related config moved to ssl.conf
	include /config/nginx/ssl.conf;

	client_max_body_size 0;

	location / {
		proxy_pass http://192.168.30.6:18122;
	}

Now I get the HA logo page to sign in but after entering my password is just spins and eventually says “Unable to connect”.

@flamingm0e OMG, finally!!! I can get through via DuckDNS with SSL!!! Thank you thank you thank you!

Now… how do I update Home Assistant inside the docker? Lol

@subjectbit Here’s how I got it - updated ‘default’ file to:

	server_name wwpi.duckdns.org;

	# all ssl related config moved to ssl.conf
	include /config/nginx/ssl.conf;

	client_max_body_size 0;

	location / {
	proxy_pass http://192.168.30.6:18122;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
	}

Crap… I’m really happy this works but now I cannot VPN into my network (via pfSense)… related to the 443 port being forwarded directly to the Docker machine I am guessing.

Has anyone had this issue?

Edit** - I figured it out. when creating the port forwards for NGINX I made them TCP/UDP. Should have only been TCP and then UDP still works for my VPN connection.

Thanks for the update and congrats on getting it working! I’ve followed along and still unable to connect. No errors in NGNIX, Lets Encrypt logs, or home assistant but when trying to connect via duckDNS, receiving a

ERR_CONNECTION_REFUSED

Would you mind posting the default fault if there’s anything else relevant that I might be missing? I think this is the same default file found ~/letsencrypt/nginx/site-confs… right?

Finally, I’m using Google WiFi for port forwarding. So far, I’ve just forward 80:80 and 443:443 on my host machine. Is there anything additional you did in pfSense?

‘default’ from site-confs:

# main server block
server {
	listen 443 ssl default_server;

	root /config/www;
	index index.html index.htm index.php;

#	server_name _;
	server_name xxxx.duckdns.org;

	# all ssl related config moved to ssl.conf
	include /config/nginx/ssl.conf;

	client_max_body_size 0;

	location / {
	proxy_pass http://192.168.30.6:xxxx;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
	}
}

nginx.conf:

## Version 2018/01/29 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/nginx.conf

user abc;
worker_processes 4;
pid /run/nginx.pid;
include /etc/nginx/modules/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##
	map $http_upgrade $connection_upgrade {
		default upgrade;
		'' close;
	}
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;

	client_max_body_size 0;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	access_log /config/log/nginx/access.log;
	error_log /config/log/nginx/error.log;

	gzip on;
	gzip_disable "msie6";

	##
	# Virtual Host Configs
	##
	include /etc/nginx/conf.d/*.conf;
	include /config/nginx/site-confs/*;
  
}
daemon off;

Snip from pfSense: (Home_Assistant alias is the IP of my Docker machine)

Any thoughts as to why Amazon/Echo would stop working once I got all this configured?

delete your docker container for home assistant and run docker pull homeassistant/home-assistant and run compose again

I posted a complete working NGINX config…

I would look at the logs. docker logs -f --tail 0 home-assistant

rebooted everything… works again. go figure

OK…

So I installed Ubuntu on my NUC.

Installed Docker.

installed the HA docker container and created a config directory under /home/finity/ha-config

it populated the config directory with the basic configuration files.

Now I need to move my existing config files to that directory and be able to edit them.

I saved all of my config files to my windows machine and i want to use WinSCP to move files around. I can move files that don’t already exist to that directory but I can’t overwrite existing files.

I then remembered I needed to set the WinSCP environment to “sudo su -”. tried that but now WinSCP won’t log me in. It says the shell is incompatible and recommended BASH. I tried that and it allows me to log in but when I try to edit a file that was auto created (configuration.yaml for example) it says I don’t have the permissions necessary.

How can I fix this?

I’ve tried googling for the answer and nothing seems to help.

And I’m sure this will be the first of many questions…

Why not use Syncthing? Why would you want to manually move files around for no reason?

If you are logging into the WinSCP session as user ‘finity’, there is absolutely no reason at all to have to sudo. You are that user and anything in /home/finity belongs to you. If you have to sudo anything for that, you have done something wrong.

1. I need to move my existing yaml files from my windows machine to the new docker container.

2. I’m logging in as finity.

I installed HA by following the directions from the install page. That created default config files in the correct directory that i specified. all the default files in that directory are owned by “root”. the files that I was able to put there (that were not created by default) are owned by “finity”.

OK. So your container wrote a default config as root inside your home directory. Fine, that is an easy fix.

SSH into the host system, as your user.

sudo chown -R finity:finity /home/finity
sudo chmod -R 777 /home/finity/ha-config

OK. You could do that all with Syncthing too…but go ahead. If you fix the owner of that directory you will have all rights in that directory.

Just so you know, that using WinSCP to edit the files is a much more time consuming process.

Awesome! that worked.

thanks!

as far as syncthing, I’ll definitely look into it but for now I just need to get up and running. And the best way for me to do that right now is to do it the way I know how using WinSCP & Notepad++.

One other quick (hopefully…) question is about Portainer.

It’s asking for the IP and port of the endpoint for Docker. Is that just the IP address of the host on my local network? and what would be the port?

eh?

How did you start portainer?

If this is what you’re seeing

Then select the first option (manage the local instance), so then you won’t have to enter the endpoint ip etc.

I installed it using the quickstart command found at:

https://portainer.readthedocs.io/en/stable/deployment.html#quick-start

then I logged in using admin and my password.

Then I came to this page:

I assume I want to select a local environment?

Yep, select “local” (first option from the left)

OK never mind…

i think I may have tried to make the selection before I actually added any containers.

I’m seeing stuff there now.

I’m off and running now! (I hope… )

Glad you’re sorted now!