Hello everyone,
becuase it tooked me some time to set up my server and to find the correct configuration, I likely would share my results here. Maybe it will help someone. My aim was to run HomeAssistant beside Nextcloud on the same server.
For the configuration of my Nextcloud I have followed the instructions on https://decatec.de/, so I am running NGINX as reverse proxy. HomeAssistant is installed as docker conitainer, following the installation instruction ( https://www.home-assistant.io/installation/linux#install-home-assistant-container )
The config for the virtual host (NGINX):
upstream php-handler {
server unix:/run/php/php7.4-fpm.sock;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name nextclouddomain.xxx.com homeassistantdomain.xxx.com YYY.YYY.YYY.YY;
root /var/www;
location ^~ /.well-known/acme-challenge {
default_type text/plain;
root /var/www/letsencrypt;
}
location / {
return 301 https://$host$request_uri;
}
}
Remind to set your correct domains and replace YYY.YYY.YYY.YY by local IP of your server.
The NGINX-config for HomeAssistant:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name homeassistantdomain.xxx.com;
# SSL configuration
# RSA certificates
ssl_certificate /etc/letsencrypt/homeassistantdomain.xxx.com/rsa/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/homeassistantdomain.xxx.com/rsa/key.pem;
# ECC certificates
ssl_certificate /etc/letsencrypt/homeassistantdomain.xxx.com/ecc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/homeassistantdomain.xxx.com/ecc/key.pem;
# This should be ca.pem (certificate with the additional intermediate certificate)
# See here: https://certbot.eff.org/docs/using.html
# ECC
ssl_trusted_certificate /etc/letsencrypt/homeassistantdomain.xxx.com/ecc/ca.pem;
# Include SSL configuration
include /etc/nginx/snippets/ssl.conf;
# Include headers
include /etc/nginx/snippets/headers.conf;
location / {
proxy_pass http://YYY.YYY.YYY.YY:8123;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
So, NGINX is listing here for requests on homeassistantdomain.xxx.com and is forwarding this to it’s own local IP on port 8123.
For SSL I am using Letsencrypt and cerificates are generated by acme.sh (same steps like shown at website https://decatec.de/ )
And for the HomeAssistant configuration.yaml I have added:
http:
server_port: 8123
homeassistant:
external_url: "https://homeassistantdomain.xxx.com"
internal_url: "http://homeassistant.local:8123"
With this config I can host both services, Nextcloud and HomeAssistant, on the same server and both services are secured by SSL.
Hope this helps.
Regards,
Lars