Add README.md file
This commit is contained in:
parent
81949e9afa
commit
b54d67e343
2 changed files with 94 additions and 0 deletions
52
README.md
Normal file
52
README.md
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
# Home Assistant add-on to get access to your Home Assistant via OpenVPN and a reverse proxy
|
||||||
|
|
||||||
|
This Home Assistant add-on allow you to mount a tunnel to your external host that have to run OpenVPN server and a reverse proxy to access to your Home Assistant. In this container, you have:
|
||||||
|
|
||||||
|
- a SSH service with root access (if you declare your SSH pub key)
|
||||||
|
- a OpenVPN client
|
||||||
|
- a Haproxy configured to get access to your Home Assistant
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
|
||||||
|
Firstly, you need to add this custom add-on repository:
|
||||||
|
|
||||||
|
[![Open your Home Assistant instance and show the add add-on repository dialog with a specific repository URL pre-filled.](https://my.home-assistant.io/badges/supervisor_add_addon_repository.svg)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgitea.zionetrix.net%2Fbn8%2Fha-remote-vpn-addon)
|
||||||
|
|
||||||
|
When it's done, you could search and install the _Remote VPN access_ addon. Don't forget to enable the _Start on boot_ and _Watchdog_ options. On the first start, the add-on will initialize it's configuration in `addon_configs/xxxxxxxx_ha_remote_vpn`.
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
### On the container
|
||||||
|
|
||||||
|
You have to:
|
||||||
|
|
||||||
|
- put your external host IP address or domain name in `srv/openvpn/client.conf` (on the `remote` line at the begining of the file)
|
||||||
|
- put your Home Assistant local IP address in `srv/haproxy/haproxy.cfg` (on the `server` line at the end of the file). Note: default is `172.30.32.1` and should fit on standard installation.
|
||||||
|
- pur your SSH public key in `srv/ssh/authorized_keys`
|
||||||
|
|
||||||
|
After, restart the addon to apply new configuration.
|
||||||
|
|
||||||
|
## On your external host
|
||||||
|
|
||||||
|
You have to:
|
||||||
|
|
||||||
|
- install and configure OpenVPN using the provide `srv/openvpn/server.conf` and the `secret.key` file that will be generated by the client container on its first start
|
||||||
|
- install and configure the reverse proxy of your choice, for instance, Apache2: on a Debian host :
|
||||||
|
- Install it : `apt install apache2`
|
||||||
|
- Copy `apache2.conf` in `/etc/apache2/sites-available/home.conf` and ajust it for your needs
|
||||||
|
- Enable required modules and the site : `a2enmod proxy_http proxy_wstunnel rewrite ssl && a2ensite home && service apache2 restart`
|
||||||
|
|
||||||
|
### On your Home Assistant
|
||||||
|
|
||||||
|
You have to authorized access via your reverse proxy by adding the following lines in your `configuration.yaml` file:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
http:
|
||||||
|
use_x_forwarded_for: true
|
||||||
|
trusted_proxies:
|
||||||
|
- 172.30.33.1
|
||||||
|
```
|
||||||
|
|
||||||
|
**Note:** Adjust your addon container IP address in the list `trusted_proxies`.
|
||||||
|
|
||||||
|
After, restart the HomeAssistant to apply new HTTP configuration.
|
42
apache2.conf
Normal file
42
apache2.conf
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
<VirtualHost *:80>
|
||||||
|
ServerName ha.example.com
|
||||||
|
|
||||||
|
DocumentRoot /var/www/empty
|
||||||
|
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{REQUEST_URI} !(^/\.well-known/.*$)
|
||||||
|
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [R=307]
|
||||||
|
|
||||||
|
ErrorLog /var/log/apache2/ha.example.com.error.log
|
||||||
|
CustomLog /var/log/apache2/ha.example.com.access.log combined
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<VirtualHost *:443>
|
||||||
|
ServerName ha.example.com
|
||||||
|
|
||||||
|
SSLEngine On
|
||||||
|
#SSLCertificateFile /etc/letsencrypt/live/ha.example.com/cert.pem
|
||||||
|
#SSLCertificateKeyFile /etc/letsencrypt/live/ha.example.com/privkey.pem
|
||||||
|
#SSLCACertificateFile /etc/letsencrypt/live/ha.example.com/chain.pem
|
||||||
|
SSLCertificateFile /etc/ssl/private/ssl-cert-snakeoil.key
|
||||||
|
SSLCertificateKeyFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
|
||||||
|
DocumentRoot /var/www/html
|
||||||
|
|
||||||
|
# Home-Assistant
|
||||||
|
ProxyPreserveHost On
|
||||||
|
ProxyRequests off
|
||||||
|
ProxyPass /api/websocket ws://172.16.88.2:80/api/websocket
|
||||||
|
ProxyPassReverse /api/websocket ws://172.16.88.2:80/api/websocket
|
||||||
|
ProxyPass / http://172.16.88.2:80/
|
||||||
|
ProxyPassReverse / http://172.16.88.2:80/
|
||||||
|
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{HTTP:Upgrade} =websocket [NC]
|
||||||
|
RewriteRule /(.*) ws://172.16.88.2:80/$1 [P,L]
|
||||||
|
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
|
||||||
|
RewriteRule /(.*) http://172.16.88.2:80/$1 [P,L]
|
||||||
|
|
||||||
|
ErrorLog /var/log/apache2/ha.example.com.error.log
|
||||||
|
CustomLog /var/log/apache2/ha.example.com.access.log combined
|
||||||
|
</VirtualHost>
|
Loading…
Reference in a new issue