# Home Assistant add-on to get access to your Home Assistant via OpenVPN and a reverse proxy This Home Assistant add-on allow you to mount a tunnel to your external host that have to run OpenVPN server and a reverse proxy to access to your Home Assistant. In this container, you have: - a SSH service with root access (if you declare your SSH pub key) - a OpenVPN client - a Haproxy configured to get access to your Home Assistant ## Installation Firstly, you need to add this custom add-on repository: [![Open your Home Assistant instance and show the add add-on repository dialog with a specific repository URL pre-filled.](https://my.home-assistant.io/badges/supervisor_add_addon_repository.svg)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgitea.zionetrix.net%2Fbn8%2Fha-remote-vpn-addon) When it's done, you could search and install the _Remote VPN access_ addon. Don't forget to enable the _Start on boot_ and _Watchdog_ options. On the first start, the add-on will initialize it's configuration in `addon_configs/xxxxxxxx_ha_remote_vpn`. ## Configuration ### On the container You have to: - put your external host IP address or domain name in `srv/openvpn/client.conf` (on the `remote` line at the begining of the file) - put your Home Assistant local IP address in `srv/haproxy/haproxy.cfg` (on the `server` line at the end of the file). Note: default is `172.30.32.1` and should fit on standard installation. - pur your SSH public key in `srv/ssh/authorized_keys` After, restart the addon to apply new configuration. ## On your external host You have to: - install and configure OpenVPN using the provide `srv/openvpn/server.conf` and the `secret.key` file that will be generated by the client container on its first start - install and configure the reverse proxy of your choice, for instance, Apache2: on a Debian host : - Install it : `apt install apache2` - Copy `apache2.conf` in `/etc/apache2/sites-available/home.conf` and ajust it for your needs - Enable required modules and the site : `a2enmod proxy_http proxy_wstunnel rewrite ssl && a2ensite home && service apache2 restart` ### On your Home Assistant You have to authorized access via your reverse proxy by adding the following lines in your `configuration.yaml` file: ```yaml http: use_x_forwarded_for: true trusted_proxies: - 172.30.33.1 ``` **Note:** Adjust your addon container IP address in the list `trusted_proxies`. After, restart the HomeAssistant to apply new HTTP configuration.