-
-
Save gaieges/936bdf91e01e4cc782eb047e5873089b to your computer and use it in GitHub Desktop.
version: '2.1' | |
services: | |
homeassistant: | |
restart: always | |
image: homeassistant/raspberrypi3-homeassistant | |
expose: | |
- 8123 | |
ports: | |
- "8123:8123" | |
devices: | |
- /dev/ttyACM0 | |
volumes: | |
- ./config:/config | |
network_mode: host | |
labels: | |
- "traefik.enable=true" | |
- "traefik.http.routers.hahttp.rule=Host(`MY_DOMAIN`)" | |
- "traefik.http.routers.ha.rule=Host(`MY_DOMAIN`)" | |
- "traefik.http.routers.ha.tls=true" | |
- "traefik.http.routers.ha.tls.certresolver=le" | |
- "traefik.http.routers.ha.tls.domains[0].main=MY_DOMAIN" | |
- "traefik.http.services.homeassistant.loadbalancer.server.port=8123" | |
traefik: | |
restart: always | |
image: traefik:v2.2 | |
command: | |
- "--api.dashboard=true" | |
- "--api.insecure=true" | |
- "--accesslog=true" | |
- "--providers.docker" | |
- "--providers.docker.exposedbydefault=false" | |
- "--entryPoints.web.address=:80" | |
- "--entrypoints.websecure.address=:443" | |
- "--certificatesresolvers.le.acme.tlschallenge=true" | |
- "--certificatesresolvers.le.acme.email=MY_EMAIL" | |
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json" | |
ports: | |
- 80:80 | |
- 8080:8080 | |
- 443:443 | |
volumes: | |
- "/var/run/docker.sock:/var/run/docker.sock:ro" | |
- "./letsencrypt:/letsencrypt" | |
extra_hosts: | |
- host.docker.internal:172.17.0.1 | |
Great! hahttp
is intentional, is that what you mean? It allows for a different router for https / http access
Yes, I thought that was an accident. Guess I don't understand that line either. :-)
No worries! Looking through it again it looks like I removed some parts that contained local secrets and not that line which related to the local secrets
Thank you, this was useful to me, both the load balancer line and extra host.
I'm not sure if
expose:
- 8123
ports:
- "8123:8123"
gives you anything because your in host mode though. I don't have it in mine and it works fine.
Why this works I don't know. But it does!
Just adding the extra host line and things are routed correctly from a Traefik instance in a docker network to a homeassistant instance with 'network_mode: host'. Thanks!
Works for me too. But I also don't understand what the extra_host does... Would be great if you could explain it!
The extra host stanza basically says if you need to talk to host.docker.internal
, go to that specified IP instead. We're basically hardcoding the target for all of the requests going into traefik to go to the docker bridge IP
Is the 172.17.0.1 ip universal or do I have to specify that elsewhere?
Edit: seems like it's the default for the IP address of the bridge interface (docker0 by default)
Found here
https://doc.traefik.io/traefik/providers/docker/#host-networking
It’ll be the IP of your default docker bridge network. Usually thats 172.17.0.1/24 but I’ve also seen 172.18.0.1/24. It’s possible to set the default range as a docker startup default but that depends on your platform.
The extra host stanza basically says if you need to talk to
host.docker.internal
, go to that specified IP instead. We're basically hardcoding the target for all of the requests going into traefik to go to the docker bridge IP
Ah... traefik tries to resolve localhost with a DNS lookup to host.docker.internal. This is probably to support docker-for-windows, which uses this trick to reach the host. Now it makes sense, thanks!
I had to add these to labels to avoid getting 400 bad request:
traefik.http.routers.ha.middlewares: haHeaders
traefik.http.middlewares.haHeaders.headers.customrequestheaders.Connection: Upgrade
Thank you for this. I've spent a few hours before stumbling upon this little gem.
Thanks for this gist, helped me get my HA working.
3 years later and "extra_hosts" still does the job, thank you!
This took me hours to find - thanks for the help my man! :D
If you want to avoid adding a "magic" IP address you can use
extra_hosts:
- "host.docker.internal:host-gateway"
make sure you are using linux and docker >v20.10.
If you receive "400 Bad Request" error, you need to whitelist the IP of the docker proxy in home assistant.
Check the Home Assistant logs. You should see something like:
2024-03-30 22:28:57.467 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy XXX.XXX.XXX.XXX
Add the XXX.XXX.XXX.XXX
IP in you home assistant configuration.yml
file.
http:
use_x_forwarded_for: true
trusted_proxies:
- ::1
- 127.0.0.1
- XXX.XXX.XXX.XXX
This IP changes if you destroy your traefik container / network.
You can allow the CIDR 172.16.0.0/12
so it will be always allowed whatever IP it takes... But it's less secure of course.
Typo in line 18.
Thank you, I don't fully understand how it works, but I made my installation work thanks to the
extra_hosts
field.