vi /var/homeassistant/homeassistant/configuration.yaml
----------
# Enable Reverse Proxy
http:
use_x_forwarded_for: true
trusted_proxies:
- 10.10.10.0/24
- 127.0.0.1
# Enable WebSocket
websocket_api:
----------
2. apache2 설정 예제
echo "Listen 443" >> /etc/apache2/ports.conf
a2enmod proxy_wstunnel
vi /etc/apache2/sites-available/hass_reverse_proxy.conf
----------
###########################################################
# /etc/apache2/sites-available/hass_reverse_proxy.conf
#
# Add the following to Home Assistant's configuration.yaml:
###########################################################
#http:
# use_x_forwarded_for: true
# trusted_proxies:
# - 10.10.10.0/24
# - 10.10.10.108
# - 127.0.0.1
#
#websocket_api:
###########################################################
<VirtualHost _default_:443>
ServerName localhost:443
ErrorLog "${APACHE_LOG_DIR}/home_assistant_error.log"
TransferLog "${APACHE_LOG_DIR}/home_assistant_access.log"
SSLEngine on
SSLCertificateFile /etc/ssl/opizero/certs/ssl-cert.crt
SSLCertificateKeyFile /etc/ssl/opizero/private/ssl-cert.key
ProxyPreserveHost On
ProxyRequests off
ProxyPass /api/websocket ws://10.10.10.108:8123/api/websocket
ProxyPassReverse /api/websocket ws://10.10.10.108:8123/api/websocket
ProxyPass / http://10.10.10.108:8123/
ProxyPassReverse / http://10.10.10.108:8123/
# fix websockets for addons and apis
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule ^/?(.*) "ws://10.10.10.108:8123/$1" [P,L]
</VirtualHost>
----------
a2ensite hass_reverse_proxy
systemctl restart apache2
3.ngix 설정 예제
vi /etc/nginx/sites-available/hass_reverse_proxy
----------
###########################################################
# /etc/nginx/sites-available/hass_reverse_proxy
#
# Add the following to Home Assistant's configuration.yaml:
###########################################################
#http:
# use_x_forwarded_for: true
# trusted_proxies:
# - 10.10.10.0/24
# - 10.10.10.108
# - 127.0.0.1
#
#websocket_api:
###########################################################
server {
listen [::]:443 ssl default_server http2 ipv6only=off;
server_name 'hasu0707.duckdns.org';
# These shouldn't need to be changed
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl_protocols TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
proxy_buffering off;
location / {
proxy_pass http://localhost:8123/;
proxy_http_version 1.1;
proxy_redirect http:// https://;
proxy_cache_bypass $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
# self signed certificate
ssl_certificate '/etc/ssl/opizero2/certs/ssl-cert.crt';
ssl_certificate_key '/etc/ssl/opizero2/private/ssl-cert.key';
}
server {
# managed by Certbot
if ($host = 'hasu0707.duckdns.org') {
return 301 https://$host$request_uri;
}
listen 80;
server_name 'hasu0707.duckdns.org';
# managed by Certbot
return 404;
}
----------
ln -s /etc/nginx/sites-available/hass_reverse_proxy /etc/nginx/sites-enabled/hass_reverse_proxy
systemctl restart nginx