Remote access to Home Assistant behind Traefik reverse proxy

Installation
, ,
#1

Hi, I’m running Home Assistant in Docker - and having trouble enabling remote access via my Traefik reverse proxy.

When visiting hass.example.com - I get a gateway timeout.

  • I’m successfully using Traefik with other containers on my traefik docker network - but the Home Assistant container is on the host network.
  • The ‘homeassistant’ HTTP rotuer and service are showing as successful in my Traefik dashboard

Very grateful for any help - thanks!

compose.yaml extract:

  homeassistant:
    container_name: homeassistant
    image: ghcr.io/home-assistant/home-assistant:stable
    restart: unless-stopped
    network_mode: host
    volumes:
      - $DOCKERDIR/homeassistant:/config
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ

app-homeassitant.yaml:

http:
  routers:
    homeassistant-rtr:
      rule: "Host(`hass.example.com`)"
      entryPoints:
        - https
      middlewares:
        - chain-oauth
      service: homeassistant-svc
      tls:
        certResolver: dns-cloudflare
  services:
    homeassistant-svc:
      loadBalancer:
        servers:
          - url: "http://192.168.86.114:8123"

Home Assistant configuration.yaml extract:

http:
 use_x_forwarded_for: true
 trusted_proxies:
   - 127.0.0.1
   - 192.168.86.114 # Server IP
   - 172.18.0.0/16 # traefik proxy subnet
#2

I have the same problem. I moved my home assistant container from 192.168.1.101 to 192.168.1.100 and adjusted all configuration files. Locally I can work and open everything but traefik does not forward anything from outside.

level=warning msg="Could not find network named 'proxy' for container '/homeassistant'! Maybe you're missing the project's prefix in the label? Defaulting to first available network." serviceName=homeassistant-homeassistant container=homeassistant-homeassistant-67069fc82d05dfb8b56521649a7cd13df91ce98708365441f9166a850684388b providerName=docker
level=error msg="service \"homeassistant-homeassistant\" error: port is missing" providerName=docker container=homeassistant-homeassistant-67069fc82d05dfb8b56521649a7cd13df91ce98708365441f9166a850684388b

"POST /auth/token HTTP/2.0" 499 21 "-" "-" 1 "home-assistant@file" "http://192.168.1.100:8123" 29969ms
"GET /api/websocket HTTP/1.1" 499 21 "-" "-" 2 "home-assistant@file" "http://192.168.1.100:8123" 29942ms

edit: changed traefik to network_mode: host

#3

Hi, I have it up and running on my system.
Traefik runs on a docker, as well as home assistant, on the same node 192.168.100.100.

Here is the docker-compose configuration I have:

#######################TRAEFIK
  traefik:
    hostname: traefik
    image: traefik:latest
    container_name: traefik
    restart: always
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.le.acme.tlschallenge=true"
      - "--certificatesresolvers.le.acme.email=***********@gmail.com"
      - "--certificatesresolvers.le.acme.storage=/traefik/acme/acme.json"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /home/*********/traefik:/traefik
    network_mode: "host"

and here is the piece about HA:

#####################HOMEASSISTANT
  homeassistant:
    container_name: home-assistant
    restart: always
    ports:
      - 8123:8123
    volumes:
      - /home/********/home_assistant:/config
      - /etc/localtime:/etc/localtime:ro
    environment:
      - TZ=Europe/Rome
    healthcheck:
      test: ["CMD", "curl", "-f", "http://192.168.100.100:8123"] #host
      interval: "30s"
      timeout: "10s"
      retries: "10"
    privileged: true
    cap_add:
      - NET_ADMIN
      - NET_BIND_SERVICE
      - SYS_ADMIN
    network_mode: "host"
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.home-assistant.loadbalancer.server.port=8123"
      - "traefik.http.routers.home-assistant.rule=Host(`*********.duckdns.org`)"
      - "traefik.http.routers.home-assistant.entrypoints=websecure"
      - "traefik.http.routers.home-assistant.tls=true"
      - "traefik.http.routers.home-assistant.tls.certresolver=le"
    image: homeassistant/home-assistant:latest

Hope this helps

1 Like
#4

I am trying to utilize your example, but I keep getting the error:
“host” network_mode is incompatible with port_bindings.
Could you please share your current docker-compose.yml on this?

#5

My current docker compose configuration is exactly what I pasted. Make sure you don’t specify the ports when you set traefik network_mode to host.

Can you paste your not working config?

#6

HI, I was using your exact example with only slight adjustments for the volumes:

I got it working now (meaning I can reach the gui):
This is what is working on my end:

version: '3'
services:
  homeassistant:
    container_name: homeassistant
    image: homeassistant/home-assistant:latest
    devices:
      - /dev/ttyAMA0
    environment:
      - TZ=Europe/Berlin
    volumes:
      - /docker/homeassistant/config:/config
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    privileged: true
#    network_mode: host

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.homeassistant.entrypoints=homeassistant"
      - "traefik.http.routers.homeassistant.rule=Host(`ha.example.com`)"
      - "traefik.http.middlewares.homeassistant-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.homeassistant.middlewares=homassistant-https-redirect"
      - "traefik.http.routers.homeassistant-secure.entrypoints=https"
      - "traefik.http.routers.homeassistant-secure.rule=Host(`ha.example.com`)"
      - "traefik.http.routers.homeassistant-secure.tls=true"
      - "traefik.http.routers.homeassistant-secure.service=homeassistant"
      - "traefik.docker.network=traefik"
      - "traefik.http.services.homeassistant.loadbalancer.server.port=8123"

    networks:
      - traefik

networks:
  traefik:
    external: true