| version: '2.1' | |
| services: | |
| homeassistant: | |
| restart: always | |
| image: homeassistant/raspberrypi3-homeassistant | |
| expose: | |
| - 8123 | |
| ports: | |
| - "8123:8123" | |
| devices: | |
| - /dev/ttyACM0 | |
| volumes: | |
| - ./config:/config | |
| network_mode: host | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.hahttp.rule=Host(`MY_DOMAIN`)" | |
| - "traefik.http.routers.ha.rule=Host(`MY_DOMAIN`)" | |
| - "traefik.http.routers.ha.tls=true" | |
| - "traefik.http.routers.ha.tls.certresolver=le" | |
| - "traefik.http.routers.ha.tls.domains[0].main=MY_DOMAIN" | |
| - "traefik.http.services.homeassistant.loadbalancer.server.port=8123" | |
| traefik: | |
| restart: always | |
| image: traefik:v2.2 | |
| command: | |
| - "--api.dashboard=true" | |
| - "--api.insecure=true" | |
| - "--accesslog=true" | |
| - "--providers.docker" | |
| - "--providers.docker.exposedbydefault=false" | |
| - "--entryPoints.web.address=:80" | |
| - "--entrypoints.websecure.address=:443" | |
| - "--certificatesresolvers.le.acme.tlschallenge=true" | |
| - "--certificatesresolvers.le.acme.email=MY_EMAIL" | |
| - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json" | |
| ports: | |
| - 80:80 | |
| - 8080:8080 | |
| - 443:443 | |
| volumes: | |
| - "/var/run/docker.sock:/var/run/docker.sock:ro" | |
| - "./letsencrypt:/letsencrypt" | |
| extra_hosts: | |
| - host.docker.internal:172.17.0.1 | |
Great! hahttp is intentional, is that what you mean? It allows for a different router for https / http access
Yes, I thought that was an accident. Guess I don't understand that line either. :-)
No worries! Looking through it again it looks like I removed some parts that contained local secrets and not that line which related to the local secrets
Thank you, this was useful to me, both the load balancer line and extra host.
I'm not sure if
expose:
- 8123
ports:
- "8123:8123"
gives you anything because your in host mode though. I don't have it in mine and it works fine.
Why this works I don't know. But it does!
Just adding the extra host line and things are routed correctly from a Traefik instance in a docker network to a homeassistant instance with 'network_mode: host'. Thanks!
Works for me too. But I also don't understand what the extra_host does... Would be great if you could explain it!
The extra host stanza basically says if you need to talk to host.docker.internal, go to that specified IP instead. We're basically hardcoding the target for all of the requests going into traefik to go to the docker bridge IP
Is the 172.17.0.1 ip universal or do I have to specify that elsewhere?
Edit: seems like it's the default for the IP address of the bridge interface (docker0 by default)
Found here
https://doc.traefik.io/traefik/providers/docker/#host-networking
It’ll be the IP of your default docker bridge network. Usually thats 172.17.0.1/24 but I’ve also seen 172.18.0.1/24. It’s possible to set the default range as a docker startup default but that depends on your platform.
The extra host stanza basically says if you need to talk to
host.docker.internal, go to that specified IP instead. We're basically hardcoding the target for all of the requests going into traefik to go to the docker bridge IP
Ah... traefik tries to resolve localhost with a DNS lookup to host.docker.internal. This is probably to support docker-for-windows, which uses this trick to reach the host. Now it makes sense, thanks!
I had to add these to labels to avoid getting 400 bad request:
traefik.http.routers.ha.middlewares: haHeaders
traefik.http.middlewares.haHeaders.headers.customrequestheaders.Connection: Upgrade
Typo in line 18.
Thank you, I don't fully understand how it works, but I made my installation work thanks to the
extra_hostsfield.