Remote access to Home Assistant behind Traefik reverse proxy

MaesterDaemon · December 29, 2022, 10:06am

Hi, I’m running Home Assistant in Docker - and having trouble enabling remote access via my Traefik reverse proxy.

When visiting hass.example.com - I get a gateway timeout.

I’m successfully using Traefik with other containers on my traefik docker network - but the Home Assistant container is on the host network.
The ‘homeassistant’ HTTP rotuer and service are showing as successful in my Traefik dashboard

Very grateful for any help - thanks!

compose.yaml extract:

  homeassistant:
    container_name: homeassistant
    image: ghcr.io/home-assistant/home-assistant:stable
    restart: unless-stopped
    network_mode: host
    volumes:
      - $DOCKERDIR/homeassistant:/config
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ

app-homeassitant.yaml:

http:
  routers:
    homeassistant-rtr:
      rule: "Host(`hass.example.com`)"
      entryPoints:
        - https
      middlewares:
        - chain-oauth
      service: homeassistant-svc
      tls:
        certResolver: dns-cloudflare
  services:
    homeassistant-svc:
      loadBalancer:
        servers:
          - url: "http://192.168.86.114:8123"

Home Assistant configuration.yaml extract:

http:
 use_x_forwarded_for: true
 trusted_proxies:
   - 127.0.0.1
   - 192.168.86.114 # Server IP
   - 172.18.0.0/16 # traefik proxy subnet

MrksHfmn · January 3, 2023, 3:04pm

I have the same problem. I moved my home assistant container from 192.168.1.101 to 192.168.1.100 and adjusted all configuration files. Locally I can work and open everything but traefik does not forward anything from outside.

level=warning msg="Could not find network named 'proxy' for container '/homeassistant'! Maybe you're missing the project's prefix in the label? Defaulting to first available network." serviceName=homeassistant-homeassistant container=homeassistant-homeassistant-67069fc82d05dfb8b56521649a7cd13df91ce98708365441f9166a850684388b providerName=docker
level=error msg="service \"homeassistant-homeassistant\" error: port is missing" providerName=docker container=homeassistant-homeassistant-67069fc82d05dfb8b56521649a7cd13df91ce98708365441f9166a850684388b

"POST /auth/token HTTP/2.0" 499 21 "-" "-" 1 "[email protected]" "http://192.168.1.100:8123" 29969ms
"GET /api/websocket HTTP/1.1" 499 21 "-" "-" 2 "[email protected]" "http://192.168.1.100:8123" 29942ms

edit: changed traefik to network_mode: host

svalmorri · March 3, 2023, 7:48am

Hi, I have it up and running on my system.
Traefik runs on a docker, as well as home assistant, on the same node 192.168.100.100.

Here is the docker-compose configuration I have:

#######################TRAEFIK
  traefik:
    hostname: traefik
    image: traefik:latest
    container_name: traefik
    restart: always
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.le.acme.tlschallenge=true"
      - "--certificatesresolvers.le.acme.email=***********@gmail.com"
      - "--certificatesresolvers.le.acme.storage=/traefik/acme/acme.json"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /home/*********/traefik:/traefik
    network_mode: "host"

and here is the piece about HA:

#####################HOMEASSISTANT
  homeassistant:
    container_name: home-assistant
    restart: always
    ports:
      - 8123:8123
    volumes:
      - /home/********/home_assistant:/config
      - /etc/localtime:/etc/localtime:ro
    environment:
      - TZ=Europe/Rome
    healthcheck:
      test: ["CMD", "curl", "-f", "http://192.168.100.100:8123"] #host
      interval: "30s"
      timeout: "10s"
      retries: "10"
    privileged: true
    cap_add:
      - NET_ADMIN
      - NET_BIND_SERVICE
      - SYS_ADMIN
    network_mode: "host"
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.home-assistant.loadbalancer.server.port=8123"
      - "traefik.http.routers.home-assistant.rule=Host(`*********.duckdns.org`)"
      - "traefik.http.routers.home-assistant.entrypoints=websecure"
      - "traefik.http.routers.home-assistant.tls=true"
      - "traefik.http.routers.home-assistant.tls.certresolver=le"
    image: homeassistant/home-assistant:latest

Hope this helps