Repository: Bestlibre Addons repository

wackydoo · October 15, 2017, 7:05pm

I have the caddy proxy addon running fine with homeassistant. Using the vhost list to add an additional local server to proxy works fine. However when I try to proxy a local https unifi server, caddy proxy doesn’t work because the cert on the unifi server is invalid.

I tried adding the additional proxy using raw_config with “insecure_skip_verify” to tell caddy to ignore the certificate problem, but can’t work out the format. I tried the following value for raw_config:

"\nunifi.domain.tld {\n proxy / https://192.168.1.10:8443 {\n    transparent\n    websocket\n   insecure_skip_verify\n }\n    log stdout\n    errors stdout\n   }\n"

but get the error

/tmp/caddy.conf:13 - Error during parsing: Unexpected '}' because no matching opening brace

Any clues on how to format the raw_config string correctly?

wackydoo · October 16, 2017, 2:11am

Partially corrected version (maybe)

{
  "homeassistant": "homeassistant.mydomain.com",
  "email": "[email protected]",
  "vhosts": [
    {
      "vhost": "homeassistant.mydomain.com",
      "port": "8123"
      "remote":  "xxx.xxx.xxx.xxx"
    }
  ]
}

The error message indicates that the vhost section is missing the “remote” setting, which is the backend server ip or server address. “port” is the backend server port and vhost is the external name of the service being proxied.

You shouldn’t have “homeassistant.mydomain.com” both the “homeassistant” setting and the “vhosts” ->“vhost” section.The “homeassistant” setting will autogenerate a vhosts entry for the local home assistant instance, so it is intended to use the “homeassistant” setting for HA and vhosts for other services that you wish to proxy.

Disclaimer: I don’t understand the templating tools used to generate the caddy file, so this is a best guess based on a quick scan of the code in git.

bestlibre · October 16, 2017, 7:01am

The problem is (I think) due to the recent change in how hassio cope with optional settings. I will try to have a look at it today.

phildapunk · October 16, 2017, 8:21am

Thanks for the reply @wackydoo. I’ll definitely change my options, as I will also be looking to vhost my Unifi controller as well. The only difference between our setup is that I don’t have a cert for Unifi.

Will wait until @bestlibre releases his next candidate to test any changes.

phildapunk · October 16, 2017, 10:02am

@bestlibre FYI, I just plugged in another SD card with an older version of Hass.io (v54) and am receiving the same error message, when I try to save my basic two line config: Missing option vhosts in root for dictionary value @ data[‘options’]

Letting you know, hoping it may help you track down any changes

bestlibre · October 16, 2017, 10:37am

The problem is with the supervisor, not home assistant. I think that the problem was introduced in 0.71

pvizeli · October 16, 2017, 2:57pm

Yes. Since 0.71 all options are required. You can tag optional options with a ? at the end of type.

-> homeassistant hostname will resolve allways to internal home-assistant instance.

wackydoo · October 16, 2017, 6:23pm

To be clear, I also don’t have a valid cert for the backend unifi controller. For most people the cert will be some default cert which the browser will not recognize, unless they manually upload a valid cert. The problem is that caddy will also not connect to unifi as it also rejects the cert just like the browser does. From caddy logs (with “port”:“8443” and “remote”:“https://ip.address.of.unifi_controller”) I get:

[ERROR 502 /cgi-bin/luci] x509: certificate has expired or is not yet valid

I was just trying to add “insecure_skip_verify” using raw_config to override caddy’s cert check on the unifi controller. I figure this is safe since the caddy to backend connection is only an internal network and I am not expecting a MITM attack from the internal network.

bestlibre · October 17, 2017, 7:26am

I will probably have some time to look at the various problems this evening (it’s morning here).

bestlibre · October 18, 2017, 9:31am

It should work better.

phildapunk · October 18, 2017, 5:53pm

Hi @bestlibre, just to confirm, the options are now saving for Caddy-proxy, without prompting for additional information. Thankyou for the addons + the fix(es).

wackydoo · October 18, 2017, 6:11pm

The new update with some settings now optional is working fine for me too.

Does anyone get this warning in the supervisor logs?

WARNING (MainThread) [hassio.addons.data] Can't read /data/addons/git/53caca22/base_debian/config.json -> required key not provided @ data['boot']. Got None

The only addons I have installed are Caddy and the HA supported ssh addon.

Also, as per my earlier question, if any has a working raw_config example (e.g. to define a custom proxy host), it would be great if they could share it, because I couldn’t get anything working.

hijinx · October 18, 2017, 8:00pm

I get this warning, too

bestlibre · October 19, 2017, 7:11am

This a base image for my debian based addons, not really an addon. I don’t want it to appear in the list of addons. The warning will probably stay (it’s armless) until I find a better solution.

@wackydoo : I didn’t have any time to look at the raw config. I will check ASAP.

hijinx · October 19, 2017, 7:13am

Thanks for us know. It’s never bothered me enough to investigate

nephe · October 20, 2017, 6:04pm

Hi, I have installed influxDB from Bestlibre Addons repository version 0.1.4 however I cannot get http API working. I have tried calling curl for creation DB (curl -i -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE home_assistant" connection refused) .

Update: I was able to create database using Chronograf.
Update2: I was running curl on hassio ssh, however it did not work with localhost. When I changed it to proper IP it works fine.

bestlibre · October 21, 2017, 12:29pm

Thanks for the update. I will add that to the doc.

hijinx · October 25, 2017, 7:27am

Hi @bestlibre - quick question re your caddy addon. Does it pass through ip of client? If there is a login failure will hass show the clients ip or the ip of caddy?

I currently have caddy set up in docker (different docker than hassio) and when I have a hass login failure for wrong password it shows as the caddy ip not the original client ip - meaning I cannot use the hass ban policy.

Seems to me that passing through client ip will be something that should be configurable.

Thanks!

Pantomax · November 9, 2017, 5:13pm

Hi there guys, when I try to create my first database in influxdb using this command:

curl -i -XPOST http://MY-HASSIO-IP:8086/query --data-urlencode "q=CREATE DATABASE home_assistant"

I get this answer:

HTTP/1.1 403 Forbidden
Content-Type: application/json
Request-Id: 9aaa87da-c570-11e7-8003-000000000000
X-Influxdb-Version: 1.3.6
Date: Thu, 09 Nov 2017 17:08:27 GMT
Content-Length: 87

{"error":"error authorizing query: create admin user first or disable authentication"}

Any idea?

Pantomax · November 9, 2017, 5:36pm

Oh, ok, maybe I found out why. I started the addon with this in the “options” field:

{
  "env_var": [
    {
      "name": "INFLUXDB_HTTP_AUTH_ENABLED",
      "value": "true"
    }
  ]
}

but i had to use just:

{
  "env_var": []
}