Created
March 8, 2020 16:14
-
-
Save gaieges/936bdf91e01e4cc782eb047e5873089b to your computer and use it in GitHub Desktop.
Homeassistant with traefik 2.2 for TLS in docker-compose in network_mode: host
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '2.1' | |
services: | |
homeassistant: | |
restart: always | |
image: homeassistant/raspberrypi3-homeassistant | |
expose: | |
- 8123 | |
ports: | |
- "8123:8123" | |
devices: | |
- /dev/ttyACM0 | |
volumes: | |
- ./config:/config | |
network_mode: host | |
labels: | |
- "traefik.enable=true" | |
- "traefik.http.routers.hahttp.rule=Host(`MY_DOMAIN`)" | |
- "traefik.http.routers.ha.rule=Host(`MY_DOMAIN`)" | |
- "traefik.http.routers.ha.tls=true" | |
- "traefik.http.routers.ha.tls.certresolver=le" | |
- "traefik.http.routers.ha.tls.domains[0].main=MY_DOMAIN" | |
- "traefik.http.services.homeassistant.loadbalancer.server.port=8123" | |
traefik: | |
restart: always | |
image: traefik:v2.2 | |
command: | |
- "--api.dashboard=true" | |
- "--api.insecure=true" | |
- "--accesslog=true" | |
- "--providers.docker" | |
- "--providers.docker.exposedbydefault=false" | |
- "--entryPoints.web.address=:80" | |
- "--entrypoints.websecure.address=:443" | |
- "--certificatesresolvers.le.acme.tlschallenge=true" | |
- "--certificatesresolvers.le.acme.email=MY_EMAIL" | |
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json" | |
ports: | |
- 80:80 | |
- 8080:8080 | |
- 443:443 | |
volumes: | |
- "/var/run/docker.sock:/var/run/docker.sock:ro" | |
- "./letsencrypt:/letsencrypt" | |
extra_hosts: | |
- host.docker.internal:172.17.0.1 | |
3 years later and "extra_hosts" still does the job, thank you!
This took me hours to find - thanks for the help my man! :D
If you want to avoid adding a "magic" IP address you can use
extra_hosts:
- "host.docker.internal:host-gateway"
make sure you are using linux and docker >v20.10.
If you receive "400 Bad Request" error, you need to whitelist the IP of the docker proxy in home assistant.
Check the Home Assistant logs. You should see something like:
2024-03-30 22:28:57.467 ERROR (MainThread) [homeassistant.components.http.forwarded] Received X-Forwarded-For header from an untrusted proxy XXX.XXX.XXX.XXX
Add the XXX.XXX.XXX.XXX
IP in you home assistant configuration.yml
file.
http:
use_x_forwarded_for: true
trusted_proxies:
- ::1
- 127.0.0.1
- XXX.XXX.XXX.XXX
This IP changes if you destroy your traefik container / network.
You can allow the CIDR 172.16.0.0/12
so it will be always allowed whatever IP it takes... But it's less secure of course.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for this gist, helped me get my HA working.