tl;dr: How can I configure Apache VirtualHosts to only forward myhomeassistant.duckdns.org:443 to https://myhomeassistant.duckdns.org:8123 while Apache is running on another Raspberry Pi than Home Assistant?
Hey all,
I’m struggling for days now and not finding a way to make it work, so I’m asking you for help. I read and tried so many things that I can’t even recall, what I already tried.
I am running Apache on a Raspberry Pi for nextcloud, pihole and other services and have ports 80 and 443 opened in my router. All this is accessible via https://www.mydomain.com/*.
On another Raspberry Pi, I am running Home Assistant (Home Assistant Core 2022.5.0, Home Assistant, Supervisor 2022.05.0, Home Assistant OS 7.6) with opened port 8123 and a duckdns domain, let’s say https://myhomeassistant.duckdns.org.
In order to make Alexa work, I need port 443 to be forwarded to my HA Pi port 8123 as shown in this video: https://www.youtube.com/watch?v=Ww2LI59IQ0A. Of course, I cannot just configure 443 → HA Pi 443 in my router since I need port 443 to be used with mydomain.com and thus 443 is already forwarded to my other Pi. Thus, I want to use VirtualHosts and forward everything that comes in at https://myhomeassistant.duckdns.org(:443) to https://myhomeassistant.duckdns.org:8123.
Everything else, especially https://www.mydomain.com/* and https://myhomeassistant.duckdns.org:8123 should be treated as it is now.
I tried for example (the whole list would be quite long):
<VirtualHost myhomeassistant.duckdns.org:443>
ServerName myhomeassistant.duckdns.org
ProxyPass / https://myhomeassistant.duckdns.org:8123/
</VirtualHost>
with and without Listen 443 in the first line and also with <VirtualHost *:443>.
I also tried using my local IP:
<VirtualHost *:443>
ServerName myhomeassistant.duckdns.org
ProxyPass / 192.168.178.112:8123
ProxyPassReverse / 192.168.178.112:8123
</VirtualHost>
And as described in Reverse Proxy with Apache, I tried
<VirtualHost *:443>
ServerName myhomeassistant.duckdns.org
ProxyPreserveHost On
ProxyRequests off
ProxyPass /api/websocket ws://192.168.178.112:8123/api/websocket
ProxyPassReverse /api/websocket ws://192.168.178.112:8123/api/websocket
ProxyPass / https://192.168.178.112:8123/
ProxyPassReverse / https://192.168.178.112:8123/
</VirtualHost>
with and without RewriteEngine:
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://192.168.178.112:8123/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) https://192.168.178.112:8123/$1 [P,L]
to both the duckdns and my local IP.
How I tried: create new file hassio.conf in /etc/apache2/sites-available and write the above into it. Run sudo a2ensite hassio.conf and sudo service apache2 restart.
The result is either 400 Bad Request, 404 Not Found or https://myhomeassistant.duckdns.org is forwarded to the landing page of my Apache Pi at https://www.mydomain.com (which is obvious since duckdns points to the IP of my router).
And sometimes, it leads to a certificate warning when accessing HA via https://myhomeassistant.duckdns.org:8123.
Since I don’t know, if it makes a difference, here’s how my 000-default-le-ssl.conf looks like. I of course tried to write everything of the above directly in 000-default-le-ssl.conf as well.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName www.mydomain.de
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.mydomain.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mydomain.de/privkey.pem
</VirtualHost>
</IfModule>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
I tried so many different versions of the same and so many different things, but nothing worked at all.
Could someone please point me in the right direction?