HomeAssistant via Hass.io with LetsEncrypt

Uncategorized Add comments

One of the problems I have in running hass.io on my Synology NAS (which makes homeassistant really easy to run) is that I can’t set the environment variables to configure the nginx/letsencrypt containers to trivially get certificates.

So I cheated, just like in https://tech.chickenandporn.com/2019/10/20/unifi-with-letsencrypt/ with the following config:

proxyhass:
  container_name: "proxyhass"
  entrypoint:
    - socat
    - tcp-listen:443,fork,reuseaddr
    - tcp:192.168.0.4:8123
  environment:
    - LETSENCRYPT_EMAIL=chickenandporn@gmail.com
    - LETSENCRYPT_HOST=hass.example.com
    - VIRTUAL_HOST=hass.example.com
  image: "alpine/socat:latest"
  networks:
    - proxy
  ports:
    - "443"
  restart: always

Yes, this looks very similar to the other cheating episode, with a few changes on TCP ports. Home Assistant running on hass.io runs it on mode=host so its port is accessible at the host machine. …so my NAS running on 192.168.0.4 (bogus, not really this IP) tcp/8123 accesses the hass.io -based HomeAssistant.

The second change to look out for is that the hass.example.com is obviously not my actual FQDN, and you’d want to use your own here. Although that’s my real gmail address, you want to use your own.

Third change: my nginx proxy is actually on a subnet so that random containers can’t go internetting on me unsupervised. … so I run this socat proxy in the network “proxy” which is served by nginx.

When you start this up, there’s a minute or two that the proxy and the letsencrypt companion require to get a certificate; after that, you are free and clear to both use your own homeassistant from the unwashed internet (it has a login prompt) and considering the Alexa Manual Setup for awesome Alexa goodness. This is, like, 2 of the 4 totally-not-self-redundant requirements.

Leave a Reply

WP Theme & Icons by N.Design Studio
Entries RSS Comments RSS Log in