56 lines
1.9 KiB
Markdown
56 lines
1.9 KiB
Markdown
# Docker image to get access to your Home Assistant via OpenVPN and a reverse proxy
|
|
|
|
This Alpine Linux based image allow you to mount a tunnel to your external host that have to run OpenVPN server and a reverse proxy to access to your Home Assistant. In this container, you have:
|
|
|
|
- a Rsyslog (for logging)
|
|
- a SSH service with root access (if you declare your SSH pub key)
|
|
- a OpenVPN client
|
|
- a Haproxy configured to get access to your Home Assistant
|
|
|
|
## Installation
|
|
|
|
```bash
|
|
git clone https://gitea.zionetrix.net/bn8/ha-remote-vpn /srv/ha-remote-vpn
|
|
docker pull brenard/ha-remote-vpn
|
|
```
|
|
|
|
## Configuration
|
|
|
|
### On the container
|
|
|
|
You have to:
|
|
|
|
- put your external host IP address or domain name in `srv/openvpn/client.conf` (on the `remote` line at the begining of the file)
|
|
- put your Home Assistant IP address in `srv/haproxy/haproxy.cfg` (on the `server` line at the end of the file)
|
|
- pur your SSH public key in `srv/ssh/authorized_keys`
|
|
|
|
## On your external host
|
|
|
|
You have to:
|
|
|
|
- install and configure OpenVPN using the provide `srv/openvpn/server.conf` and the `secret.key` file that will be generated by the client container on its first start
|
|
- install and configure the reverse proxy of your choice, for instance, Apache2: on a Debian host :
|
|
- Install it : `apt install apache2`
|
|
- Copy `apache2.conf` in `/etc/apache2/sites-available/home.conf` and ajust it for your needs
|
|
- Enable required modules and the site : `a2enmod proxy_http proxy_wstunnel rewrite ssl && a2ensite home && service apache2 restart`
|
|
|
|
### On your Home Assistant
|
|
|
|
You have to authorized access via your reverse proxy by adding the following lines in your `configuration.yaml` file:
|
|
|
|
```yaml
|
|
http:
|
|
use_x_forwarded_for: true
|
|
trusted_proxies:
|
|
- 192.168.1.160
|
|
```
|
|
|
|
**Note:** Adjust your docker container IP address in the list `trusted_proxies`.
|
|
|
|
## Start the container
|
|
|
|
```bash
|
|
cd /srv/ha-remote-vpn
|
|
docker run -it --rm -v "$( realpath srv ):/srv" --cap-add=NET_ADMIN brenard/ha-remote-vpn
|
|
```
|