Restart add-on from command line

kevincw01 · December 18, 2022, 12:00am

My nas and Hass machines share a domain and ssl certificate. On hass I use the nginx ssl proxy add-on to use this certificate. I use letsencrypt to renew the cert on my nas device and I copy it to Hass periodically in a script.

Recently I couldn’t login to hass because the certificate had expired. The nas had the new certificate so I was confused why Hass didn’t have the new one. After investigation, it turned out that the new, unexpired certificate was available on Hass and to the nginx addon but that nginx hadn’t noticed it changed and was using the old one. A simple restart of the nginx addon fixed the problem.

So I would like to add a command to restart this add-on to my script that copies over the new certificate to Hass. The script has ssh access to Hass. Is there a command I can do on the hass ssh cli to force an nginx addon restart?

tomdudu38 · December 18, 2022, 2:39am

hi, from hassio:
there is addon to control docker containers GitHub - ualex73/monitor_docker: Monitor Docker containers from Home Assistant
install it from hacs … you could create an automation to restart the nginx container

from the host : docker container restart nginxcontainername

kevincw01 · December 18, 2022, 3:31am

From host command line ‘docker’ isn’t recognized. Do I need to specify path?

kevincw01 · December 19, 2022, 12:14am

I found out that the “terminal & ssh” addon that is providing the ssh server dumps me into that add-ons container so this is why I can’t use docker. However they have provided access to the ha cli tools. Using those tools I can restart the nginx addon with:
ha addons restart core_nginx_proxy

However this only works when I run it directly in a shell. I created a script and attempted to run it in a Cron job and it doesn’t work. It also doesn’t work if I attempt to run it as a remote ssh execution e.g.

ssh root@<myhost> -p 5863 /root/restartProxy.sh           Unexpected server response
time="2022-12-19T06:10:56-08:00" level=error msg="Unexpected server response"

I can run the script directly without an issue so it has something to do with running it indirectly.

Any ideas on how to make this work?

kevincw01 · December 19, 2022, 2:56pm

If I add --api-key <your key> it works. I was able to figure this out by setting --log-level debug. In the direct execution you can see the API key and in the indirect execution it was showing as blank.

kevincw01 · January 12, 2023, 2:27pm

This method of restarting began to fail after a recent hass update. Apparently the api token changes after updates! So I now regenerate the API token and store it as a file on hass file system daily using a cron job. Then I reference this file that has the token on the remote machine when executing the update.

Remote machine:
ssh root@<hass host> -p 5863 'ha --api-token `cat /root/apiToken` addons restart core_nginx_proxy'

Hass machine:

ha --log-level debug info 2>&1 | grep apiToken | awk '{ print $5 }' | awk -F"=" '{ print $2 }' > apiToken

pockybum522 · December 24, 2023, 7:37pm

This is the first thread I found when searching, so I wanted to follow this up with a current working solution:

If you’re okay with turning off protected mode in "terminal & ssh” addon then my ps1 script now has the line:

ssh [email protected] -i D:\keys\DAVID-LAPTOP-2023-12-24_TO_HOME_ASSISTANT_SSH_ADDON -p 3248 'sudo docker restart addon_c6a2317c_netdaemon4'

Where:

pockybum522-ha-ssh is in allowed-users in the ssh addon config.
the public portion of the ssh key specified in -i has been saved in the addon config

(also note there is a specific way you have to add the public key in the addon config, reference: epposan’s answer here: Cannot get SSH & Web Terminal add-on to accept authorized_keys - #5 by epposan )

The private potion of the ssh key has no passphrase (obviously, since I want the script to be non-interactive)
The addon ID given at the end of the line was found by sshing in manually and running ‘docker ps’

kevincw01 · December 24, 2023, 8:40pm

Glad it works. I migrated my ssl reverse proxy to my router which allows it to be used for a lot more than just HA. The router runs pfsense and the reverse proxy is called “HAProxy”. It fully integrates with lets encrypt pfsense plugin and also supports pretty much anything I can imagine from a front-end and back-end perspective. Highly recommended.