Setup HTTPS for the lastest Esphome dashboard docker container

ESPHome
1

Hi everyone,

I was very exited to upgrade to the last version of ESPhome to test the new serial programming through Chrome/Edge. However, as mentioned in the esphome documentation (and dashboard), I have first to setup HTTPS in order to enable this feature for Chrome/Edge: fair enough.

I already have and successfully deployed SSL certificates for my homeassistant webui (docker container) but I can’t find where to configure it for my esphome docker container. Futhermore, I was not able to locate any configuration file inside the container nor any related documentation on the official documentation page.

Thank you for your time.

Xavier

1 Like
2

Re,

I realize HTTPS is perhaps not possible within the ESPHome container and I have to setup an external SSL reverse proxy for this. With this “new” keywords, I was able to find some post in this forum on how to enable HTTPS HA iframes with ESPHome (for example).

  • I can deploy an nginx proxy container to proxy esphome but is this the way to go?
  • Can I use the HA web server to also reverse proxy ESPhome?

Have a good day (or night).

Xavier

3

Are you using the addon? Or just running in docker?

4

Hi Nickrout,

I am not using the addon from hassio but a docker image of HA et another one for ESPHome on a x86_64 debian machine.

5

Where did you get the docker container?

6

https://hub.docker.com/r/esphome/esphome

8

Hi Troon,

I don’t have any issue using the “regular” function of esphome with HTTP. The problem occurs when I want to use the new “Web serial” feature (programming through the serial port present on the computer which is running the Chrome web browser). Indeed, Chrome won’t allows sharing the host serial port to non-HTTPS websites.

Have a good day,

Xavier

2 Likes
9

I, too, would like to know this. The esphome documentation simply has this enigmatic line “You need to access the ESPHome Dashboard over HTTPS for this to work. This is a requirement of browsers to access your ESP device to ensure that we write the correct data.” However, there are no instructions on how to do this anywhere that I can find.

9 Likes
10

I setup a Cloudflare Tunnel really quick and pointed it to ESPHome. This adds https to it. Doing a quick test by trying to add a new device, it did pop up a dialogue box looking for a serial device to talk to, but I’m not near one to test right now. Ill try later.

EDIT: Hooked up a few different unused ESPs and was able to successfully flash through a Cloudflare Tunnel

11

Using the addon in a supervised setup works if you access HA (and therefore the addon) via your nabucasa account. Not much use except in HAOS or supervised sorry.

1 Like
12

synology reverse-proxy,translating from https to http, doesn’t work for flashing, although yaml editing works well.

Test using ESP Web Tools (esphome.github.io) succeeded, but failed trying to install in the dashboard:
on 1.19.3:

failed
failed709×633 24 KB

just updated to 1.19.4, still failed, but make difference:
failed2

logs doesn’t work either via https.

solved by adding websocket custom header in the reverse proxy rules.
3 Likes
13

did you work out how to get this working? i’ve tried to configure nginx but it just isn’t playing ball :frowning:

14

I did not spend to much further time on it. I far as I am concerned this serial programming over the browser is a good idea but just a nice to have feature. Sadly I don’t have the skills to make a clean solution so i am not spending hours tinkering a dirty solution to make this convenient feature work.

Don’t get me wrong, I am very grateful to the dev team for this piece of software which by the way is amazing. This software is improving a lot between releases. Let’s just hope, that one day, an out the box working solution came to make the UX even greater :slight_smile:

Xavier

2 Likes
15

Thanks a lot, after quite a search this solved my issue

16

Did you get much further with the reverse proxy on Synology?

1 Like
17

Inappropriately replying to this thread for sake of anyone in my boat googling around without any luck.

Nginx reverse proxy docker container pointed at an ESPhome docker container.

These were the Nginx proxy settings that finally worked for me:

  location / {
    proxy_pass http://172.18.0.240:6052;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_ssl_name $host;
    proxy_ssl_server_name on;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;    
    proxy_set_header X-NginX-Proxy true;
#    proxy_set_header X-Hassio-Ingress YES;
  }
6 Likes
18

Hi, your solution looks pretty simple to implement, but sadly I am not skilled with Nginx at all. Could you provide more information regarding your working setup?
I tried to recreate it already, but it did not work for me. Here is my setup.
I would like to create a simple repository that would allow everybody to use this solution.

19

I’m definitely not qualified to be anyone’s nginx guide but at first glance, you don’t seem to be serving your proxy as https. As far as I’m aware, it should look something like this as well as some more settings below for how to deal with ssl, where the certs are, etc.

server {
  listen 443 ssl http2;
  server_name esphome

I would start by looking for a boilerplate https config and then modify it to work as a reverse proxy.
Or maybe work from linuxserver.io’s swag image.

20

@horriblenoises Were you able to get mDNS working? I’m struggling to get mDNS working and the reverse proxy.

21

@sixo To tell you the truth, I don’t know if it’s working properly. I had it working and then it suddenly wasn’t working without explanation after I declared victory online. I currently have “local” as the domain in my firewall’s (pfsense) DHCP server settings for that VLAN. It’s a cheat but it worked for me and I never investigated further. Sorry I’m not more help.