Skip to content

Instantly share code, notes, and snippets.

@gaieges

gaieges/docker-compose.yml

Created March 8, 2020 16:14
Show Gist options
  • Star 14 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save gaieges/936bdf91e01e4cc782eb047e5873089b to your computer and use it in GitHub Desktop.
Save gaieges/936bdf91e01e4cc782eb047e5873089b to your computer and use it in GitHub Desktop.
Download ZIP
Homeassistant with traefik 2.2 for TLS in docker-compose in network_mode: host
Raw
docker-compose.yml
version: '2.1'
services:
homeassistant:
restart: always
image: homeassistant/raspberrypi3-homeassistant
expose:
- 8123
ports:
- "8123:8123"
devices:
- /dev/ttyACM0
volumes:
- ./config:/config
network_mode: host
labels:
- "traefik.enable=true"
- "traefik.http.routers.hahttp.rule=Host(`MY_DOMAIN`)"
- "traefik.http.routers.ha.rule=Host(`MY_DOMAIN`)"
- "traefik.http.routers.ha.tls=true"
- "traefik.http.routers.ha.tls.certresolver=le"
- "traefik.http.routers.ha.tls.domains[0].main=MY_DOMAIN"
- "traefik.http.services.homeassistant.loadbalancer.server.port=8123"
traefik:
restart: always
image: traefik:v2.2
command:
- "--api.dashboard=true"
- "--api.insecure=true"
- "--accesslog=true"
- "--providers.docker"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.le.acme.tlschallenge=true"
- "--certificatesresolvers.le.acme.email=MY_EMAIL"
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
ports:
- 80:80
- 8080:8080
- 443:443
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
extra_hosts:
- host.docker.internal:172.17.0.1
@dorianim
Copy link

dorianim commented Feb 13, 2022
edited

I had to add these to labels to avoid getting 400 bad request:

traefik.http.routers.ha.middlewares: haHeaders
traefik.http.middlewares.haHeaders.headers.customrequestheaders.Connection: Upgrade

@raccettura
Copy link

Thank you for this. I've spent a few hours before stumbling upon this little gem.

@othmanalikhan
Copy link

Thanks for this gist, helped me get my HA working.

@Weidav
Copy link

Weidav commented Aug 12, 2023

3 years later and "extra_hosts" still does the job, thank you!

@DSchougaard
Copy link

This took me hours to find - thanks for the help my man! :D

@matitalatina
Copy link

matitalatina commented Mar 30, 2024
edited

If you want to avoid adding a "magic" IP address you can use

extra_hosts:
  - "host.docker.internal:host-gateway"

make sure you are using linux and docker >v20.10.

Source

If you receive "400 Bad Request" error, you need to whitelist the IP of the docker proxy in home assistant.

Check the Home Assistant logs. You should see something like:

2024-03-30 22:28:57.467 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy XXX.XXX.XXX.XXX

Add the XXX.XXX.XXX.XXX IP in you home assistant configuration.yml file.

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - ::1
    - 127.0.0.1
    - XXX.XXX.XXX.XXX

This IP changes if you destroy your traefik container / network.
You can allow the CIDR 172.16.0.0/12 so it will be always allowed whatever IP it takes... But it's less secure of course.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment