Warning issued; Another tech related niche post…<\/p>\n\n\n\n
So you have set up Home Assistant and went with Duck DNS and Let’s Encrypt which is the standard solution but is only 95 % happy since it is not great when you are accessing your instance locally. What to do, aim for 100 % and spend the time to find a better solution or move on with your life. Since you have read this far, you are obviously going the extra mile…<\/p>\n\n\n\n
You are not alone my friend, I walk with you. (Ok, I stop the cheesey writing style now and switch to dry technical writing…). So, we do not want to rely on the Duck DNS entry and take control of things and use our own hosted domain name (ha.webbservern.se in my case) for the Home Assistant instance. At least for me, I did sometimes notice weird connection issues and finally got tired of it and decided to set up my own DNS entry (also using Let’s Encrypt btw, Let’s Encrypt is fantastic) and this Apache configuration (without fiddling with the currently almost working Duck DNS\/Let’s Encryt setup) which I think is the actual meat of this blog post:<\/p>\n\n\n\n
<VirtualHost *:443>\nServerAlias ha.webbservern.se\nServerName ha.webbservern.se\nSSLEngine on\n\tInclude \/etc\/letsencrypt\/options-ssl-apache.conf\n\nSSLProxyEngine on\nSSLProxyVerify none \nSSLProxyCheckPeerCN off\nSSLProxyCheckPeerName off\nSSLProxyCheckPeerExpire off\nProxyPreserveHost On\n\nProxyPass \/api\/websocket wss:\/\/homeassistant:8123\/api\/websocket\nProxyPassReverse \/api\/websocket wss:\/\/homeassistant:8123\/api\/websocket\nProxyPass \/ https:\/\/homeassistant:8123\/\nProxyPassReverse \/ https:\/\/homeassistant:8123\/\nCustomLog ${APACHE_LOG_DIR}\/vhosts\/ha.log combined\n\nRewriteEngine on\nRewriteCond %{HTTP:Upgrade} =websocket [NC]\nRewriteRule \/(.*) wss:\/\/homeassistant:8123\/$1 [P,L]\nRewriteCond %{HTTP:Upgrade} !=websocket [NC]\nRewriteRule \/(.*) https:\/\/homeassistant:8123\/$1 [P,L]\nSSLCertificateFile \/etc\/letsencrypt\/live\/yourdomain\/fullchain.pem\nSSLCertificateKeyFile \/etc\/letsencrypt\/live\/yourdomain\/privkey.pem\n<\/VirtualHost>\n<\/code><\/pre>\n\n\n\nI won’t say each and every line is correct or needed, but yes, it works great, also with the Android Companion app. It is indeed the result of a fair bit of trial and error but I do think it could help others, if search engines will help to index this, since I did see that people have similar issues in various forums when trying to set up a virtual host proxying a https exposed backend with a certificate valid for the default Duck DNS\/Let’s Encrypt setup. Nota bene, it might be needed to enable the Apache module wstunnel: sudo a2enmod proxy_wstunnel<\/p>\n\n\n\n
Some people might be scared by the SSLProxy relaxations above but in this kind of set up this is not a concern for me, we are talking about connections within the LAN and the attack vector is not significantly increased…<\/p>\n","protected":false},"excerpt":{"rendered":"
Warning issued; Another tech related niche post… So you have set up Home Assistant and went with Duck DNS and Let’s Encrypt which is the standard solution but is only 95 % happy since it is not great when you … Continue reading