I’ll try to keep this clear. I have taught myself everything I know at this point, so there is probably error in my setup.
Question: The question is at the end of this post and may require context to answer.
Environment:
-
Ubuntu 16.04, Webmin / Virtualmin
It is a home based real world NS and LAMP server serving my websites and a few others on a static business connection, all sites sharing the same IP. -
HASS.io, 0.95.4 in Docker on that same server.
Practices:
-
Sites in Webmin and Virtualmin are created through the Virtualmin web interface. While the main site is www.domain.com for any given virtual server, all of the sub-domains (i.e. http://subdomain.domain.com) are created through Virtualmin.
-
Let’s Encrypt is an option in the Virtualmin interface for each site. As long as 443 points from pfSense to my server, grabbing a certificate works. That’s how I’ve been setting up certificates for each site and subdomain.
-
I created a sub-domain through Virtuamin (hassio.domain.com) to make HA easy to access.
-
Virtualmin creates a .conf file for the site, but I followed the instructions (Apache Proxy) in the HA docs and overwrote the .conf file.
-
When requesting SSL through Letsencrypt in Virtualmin, two files are created in the virtual server root. One is
ssl.cert
and the other isssl.key
. -
To setup SSL in HASS.io, I manually created the
/ssl/fullchain.pem
and/ssl/privkey.pem
files as root, then I copied and pasted the contents ofssl.key
andssl.cert
files that were created in the virtual server root folder into those files, respectively.
(Lets encrypt through HASS.io as an Add-on requires the use of port 80, which I could never get working because Apache is “in the way.”)
- After a host reboot, accessing https://hassio.domain.com yielded positive results.
It is my assumption now that I can simply set all of my options to SSL in any add-on, etc., when given the chance, and it will just work.
Problems
- A few add-ons fail to load through ingress, yielding 502 Bad Gateway. Not all of them, but only a few. And those all load if I use the port in the url.
- Those that won’t load have one thing in common in docker. They all have the network set to
host
while the ones that work are set tohassio.
Changing this doesn’t seem to have a positive effect. - The error I see in the system log is consistent with each failing add-on:
19-07-09 17:35:07 ERROR (MainThread) [hassio.api.ingress] Ingress error: Cannot connect to host 172.30.32.1:64435 ssl:None [Host is unreachable]
- I can ping
172.30.32.1
so I know it’s there, and I can access the add-on with the URL. - The only red flag in the error message is
ssl:None
, which makes me question whether or not I’ve set things up correctly.
Question:
- Is the problem in fact related to SSL?
- Is my setup method the reason this is happening, and if so, do I need to explicitly configure Docker to handle traffic on 443 since I used Letsencrypt outside of HASS.io?
- In your opinion, am I doing things the hard way, not knowing that there’s a better way to set this up?
If you made it this far, thank you!