I am currently looking into putting an API gateway in front of HomeAssistant to deal with better authentication, ssl cert and creating rules to limiting access to the rest api (to name a few reasons) .
The API gateway I am currently testing is https://www.express-gateway.io whis is a solution built on top of nodejs.
SSL certificate and normal https requests works, but I have run into problem when it comes to using the websocket (right after the password screen).
Does anyone here have experience in using express-gateway and can give me suggestions on how to get the websocket working?
This is my current gateway.config.yml:
https:
port: 8080 # will be changed to 443 once everything is working
tls:
"mydomain.se":
key: /etc/letsencrypt/live/mydomain.se/privkey.pem
cert: /etc/letsencrypt/live/mydomain.se/fullchain.pem
admin:
port: 9876
hostname: localhost
apiEndpoints:
hass:
host: 'mydomain.se'
paths: '/*'
serviceEndpoints:
hass:
url: "http://127.0.0.1:8123"
policies:
- proxy
pipelines:
default:
apiEndpoints:
- hass
policies:
- proxy:
- action:
serviceEndpoint: hass
ws: true
I am currently using nginx as a reverse proxy in front of home assistant, and the relevant config section to get websockets to work there is this:
location / {
proxy_http_version 1.1;
proxy_pass http://localhost:8123/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
Any help to get this working is very appreciated. If I can’t make any progress on this product I still have other alternatives that sounds interesting, such as Kong API gateway and TreeGateway, but I would like to give this a fair chance before I give up.
I am pretty sure that it’s possible to get it working, and it probably seems obvious when you know how to do it. Things like these usually looks much simpler in hindsight. 