ha-remote-vpn/README.md

# Docker image to get access to your Home Assistant via OpenVPN and a reverse proxy

This Alpine Linux based image allow you to mount a tunnel to your external host that have to run OpenVPN server and a reverse proxy to access to your Home Assistant. In this container, you have:

- a Rsyslog (for logging)
- a SSH service with root access (if you declare your SSH pub key)
- a OpenVPN client
- a Haproxy configured to get access to your Home Assistant

## Installation

```bash
git clone https://gitea.zionetrix.net/bn8/ha-remote-vpn /srv/ha-remote-vpn
docker pull brenard/ha-remote-vpn
```

## Configuration

### On the container

You have to:

- put your external host IP address or domain name in `srv/openvpn/client.conf` (on the `remote` line at the begining of the file)
- put your Home Assistant IP address in `srv/haproxy/haproxy.cfg` (on the `server` line at the end of the file)
- pur your SSH public key in `srv/ssh/authorized_keys`

## On your external host

You have to:

- install and configure OpenVPN using the provide `srv/openvpn/server.conf` and the `secret.key` file that will be generated by the client container on its first start
- install and configure the reverse proxy of your choice, for instance, Apache2: on a Debian host :
  - Install it : `apt install apache2`
  - Copy `apache2.conf` in `/etc/apache2/sites-available/home.conf` and ajust it for your needs
  - Enable required modules and the site : `a2enmod proxy_http proxy_wstunnel rewrite ssl && a2ensite home && service apache2 restart`

### On your Home Assistant

You have to authorized access via your reverse proxy by adding the following lines in your `configuration.yaml` file:

```yaml
http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.160
```

**Note:** Adjust your docker container IP address in the list `trusted_proxies`.

## Start the container

```bash
cd /srv/ha-remote-vpn
docker run -it --rm -v "$( realpath srv ):/srv" --cap-add=NET_ADMIN brenard/ha-remote-vpn
```