Docker image to get access to your Home Assistant via OpenVPN and a reverse proxy

This Alpine Linux based image allow you to mount a tunnel to your external host that have to run OpenVPN server and a reverse proxy to access to your Home Assistant. In this container, you have:

• a Rsyslog (for logging)
• a SSH service with root access (if you declare your SSH pub key)
• a OpenVPN client
• a Haproxy configured to get access to your Home Assistant

Installation

git clone https://gitea.zionetrix.net/bn8/ha-remote-vpn /srv/ha-remote-vpn
docker pull brenard/ha-remote-vpn

Configuration

On the container

You have to:

• put your external host IP address or domain name in srv/openvpn/client.conf (on the remote line at the begining of the file)
• put your Home Assistant IP address in srv/haproxy/haproxy.cfg (on the server line at the end of the file)
• pur your SSH public key in srv/ssh/authorized_keys

On your external host

You have to:

• install and configure OpenVPN using the provide srv/openvpn/server.conf and the secret.key file that will be generated by the client container on its first start
• install and configure the reverse proxy of your choice, for instance, Apache2: on a Debian host :
  • Install it : apt install apache2
  • Copy apache2.conf in /etc/apache2/sites-available/home.conf and ajust it for your needs
  • Enable required modules and the site : a2enmod proxy_http proxy_wstunnel rewrite ssl && a2ensite home && service apache2 restart

On your Home Assistant

You have to authorized access via your reverse proxy by adding the following lines in your configuration.yaml file:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.1.160

Note: Adjust your docker container IP address in the list trusted_proxies.

Start the container

cd /srv/ha-remote-vpn
docker run -it --rm -v "$( realpath srv ):/srv" --cap-add=NET_ADMIN brenard/ha-remote-vpn