Need help with reverse proxy (Caddy)

Hellman_x · July 12, 2023, 11:12pm

I have Caddy running on a Raspberry Pi4 in Portainer and I have Home Assistant running on a VMware Workstation.

So far, this is the closest I’ve ever gotten. mydomain.ddns.net/homeassistant will get me to a page with the home assistant logo, but that’s it. Nothing else happens.

My Caddy config so far:

 {
  debug
}

mydomain.ddns.net:443 {
        handle_path /homeassistant* {
		reverse_proxy http://10.0.0.13:8123 #home assistant
	}
}

My configuration.yaml:

# Loads default set of integrations. Do not remove.
default_config:

# Load frontend themes from the themes folder
frontend:
  themes: !include_dir_merge_named themes

# Text to speech
tts:
  - platform: google_translate

automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

camera:
  - platform: local_file
    name: VectorCam
    file_path: /config/www/vectorcam.jpg

# Reverse Proxy Support

HTTP:
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.0.0.90      # Add the IP address of the proxy server
    - 172.17.0.3     # 172 addresses are related to portainer/docker just incase
    - 172.17.0.2
    - 172.17.0.1

koying · July 13, 2023, 6:25am

HA doesn’t support residing in a subpath.

Hellman_x · July 13, 2023, 3:34pm

That’s what I thought. Luckily my DNS provider supports wildcard forwarding. I’ll have to give that a try then.

Hellman_x · July 13, 2023, 5:33pm

Yep, that was the issue.

executed · August 26, 2024, 8:02pm

What?? Why does HA not support residing in a sub-path?? Nooo

UPD: I’ve ended up putting HA on root path with Caddy and all other services that support being on subpath are listening on their own sub-paths.
Note that HA really does not support residing in a sub-path - more details here: Can you put a home assistant address in a subpath?
If you have more than one service that does not support residing in a sub-path then I’m sorry, but you’ll need to go with DDNS + Caddy which means buying and managing your domain - not that hard, but not funny.
Also note my HA config for this in configuration,yaml:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.28.0.2

172.28.0.2 is static docker IP of Caddy as it runs in docker too and needs to be in its own network with static subnet and static IP. HA container is not in same network as it always needs to use docker host’s network but that’s also the reason it can access the Caddy’s IP just fine even though Caddy’s network is isolated.

Here’s what my Caddyfile ended up looking like with root forwarding for Home Assistant:

{
    email [email protected]
}
# domain
mymachinename.mytailscalemagindnstailnetname.ts.net {
    # Handle requests to /wakemeup* without stripping the path 
    # needs to be before root if you need such scenario
    # this is spring boot app with thymeleaf that resolves URLs bad otherwise
    handle /wakemeup* {
        reverse_proxy wakemeup:10999
    }
    # Handle the root path for Home Assistant
    # these are all docker containers so this one refers to docker host IP
    handle_path /* {
        reverse_proxy 172.17.0.1:8123
    }
    # Handle the /portainer path
    handle_path /portainer* {
        #not sure if it's needed - seems to be auto-handled by handle_path thing
        uri strip_prefix /portainer
        # needed
        reverse_proxy portainer:9000
    }

}