what about google assistant integration? You need a block for that. Anyone using this setup with GA? If so, do you have the block configuration?
Im not using Google Assistant. Please share if you come across it.
Not to derail the thread to a new topic but do you have any experience using Traefik yourself. Looks interesting and if it’s as easy as they claim it could be a good tool.
do you have a good working docker-compose file that incorporates Home Assistant and Let’sEncrypt?
I have NGINX reverse proxy working with GA. There was quite literally nothing special that I had to do.
Can you share your ngnix code?
So played a bit with it and got Google Home Assistant working.
you need to go into the nginxt, default file and include http.
In my example the file is at home/user/docker/letsencrypt/config/nginx/site-confs/default
add this block or uncomment at the top respectively:
/#### PORT 80 ACTIVE #############################################################
/# listening on port 80 disabled by default, remove the “#” signs to enable
/# redirect all traffic to https
server {
listen 80;
server_name mydomain.duckdns.org;
return 301 https://$host$request_uri;
}
/################################################################################
After that just follow the set up guide Google Assistant - Home Assistant
hmm thats odd, I thought GA required https. But if you got it working, cool! BTW, does your cert auto update?
honestly not sure about GA https. but didnt work till I added the http block. In fact I’'ve been using a chromcast to issue TTS notifications for almost a year. when I set up the proxy last week it stopped working. Today after setting up http it started working again.
Certs are auto-renewed by the container.
Not yet, had some problems with my Traefik docker-compose setup because it was in the wrong docker network. Will share it, if it works
It does. Http settings have nothing to do with GA
I wonder if the initial authorization is done via http which is why that block is needed, then everything else is https.
Dear God I hope not. That defeats the purpose of using https, to keep your credentials from prying eyes…
Agreed. Just odd that if I have the default configs for Ngnix set and it doesn’t authorize with https, then adding in that http block allows it to work, makes you wonder.
Ah nice. I run nginx directly (letsencrypt too), but if I get some spare time think I’ll switch to this.
Couple of docker tweaks I would do (for additional security):
tie it down to a specific ip (if you have multiple network interfaces)
-p 192.168.11.200:80:80
read-only mode! I imagine the linuxserver containers won’t support running in read-only mode though, as they modify the filesystem on startup (setting the UID and GID). I always run all my containers in read-only mode if possible (including homeassistant)
--read-only
lock down any privileges
--security-opt="no-new-privileges:true"
I use this container as well and have http redirecting to https for the times I have port 80 port forward enabled. I don’t have issues with GA.
What’s really odd is that unless you are forwarding port 80 through your router, that block wouldn’t do anything…and GA wouldn’t be able to use http over https…
Thanks @juan11perez for this detailed instructions … this is exactly what this board needs. Some of us, although somewhat technically inclined are not experts in security. Passing your knowledge to other is greatly appreciated.
I can follow, in my mind, how this thing works but I do have a question.
How does the following line know how to associate Hass to it’s IP Address and port, and also respectively for “conf” or “graf” etc. to https://hass.mydomain.duckdns.org?
Same for other subdomains like Node-red, Configurator etc. etc.
I must be missing something in my understanding on how one can get access to these other docket installs.
hostnames are not associated with ports. It is tied to the IP address only (The public IP)
OK, but how does “hass” translates to my Home Assistant install … and “graf” to my Grafana install etc. etc. How do I know what names I need to put in my SUBDOMAIN statement? Is it related to my docker container_name? This still seems a little fuzzy for me.