{"id":8371,"date":"2024-09-27T16:53:33","date_gmt":"2024-09-27T07:53:33","guid":{"rendered":"https:\/\/hasu0707.duckdns.org\/blog\/?p=8371"},"modified":"2024-09-27T16:57:44","modified_gmt":"2024-09-27T07:57:44","slug":"home-assistant-reverse-proxy","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=8371","title":{"rendered":"Home Assistant Reverse Proxy"},"content":{"rendered":"\n<span style=\"font-family: \ub3cb\uc6c0\uccb4, \uad74\ub9bc\uccb4, \ub098\ub214\uace0\ub515\ucf54\ub529, \uad81\uc11c\uccb4; font-size: 12pt;\"><strong>1.Home Assistant \uc5d0\uc11c Reverse Proxy \ud5c8\uc6a9<\/strong><br \/><br \/>&nbsp; vi \/var\/homeassistant\/homeassistant\/configuration.yaml<br \/>----------<br \/># Enable Reverse Proxy<br \/>http:<br \/>&nbsp; use_x_forwarded_for: true<br \/>&nbsp; trusted_proxies:<br \/>&nbsp; &nbsp; - 10.10.10.0\/24<br \/>&nbsp; &nbsp; - 127.0.0.1<br \/><br \/># Enable WebSocket<br \/>websocket_api:<br \/>----------<br \/><br \/><br \/><br \/><strong>2. apache2 \uc124\uc815 \uc608\uc81c<\/strong><br \/><br \/>&nbsp; echo \"Listen 443\" &gt;&gt; \/etc\/apache2\/ports.conf<br \/>&nbsp; a2enmod proxy_wstunnel<br \/>&nbsp; vi \/etc\/apache2\/sites-available\/hass_reverse_proxy.conf<br \/>----------<br \/><span style=\"color: #843fa1;\">###########################################################<\/span><br \/><span style=\"color: #843fa1;\"># \/etc\/apache2\/sites-available\/hass_reverse_proxy.conf<\/span><br \/><span style=\"color: #843fa1;\">#<\/span><br \/><span style=\"color: #843fa1;\"># Add the following to Home Assistant's configuration.yaml:<\/span><br \/><span style=\"color: #843fa1;\">###########################################################<\/span><br \/><span style=\"color: #843fa1;\">#http:<\/span><br \/><span style=\"color: #843fa1;\"># &nbsp;use_x_forwarded_for: true<\/span><br \/><span style=\"color: #843fa1;\"># &nbsp;trusted_proxies:<\/span><br \/><span style=\"color: #843fa1;\"># &nbsp; &nbsp;- 10.10.10.0\/24<\/span><br \/><span style=\"color: #843fa1;\"># &nbsp; &nbsp;- 10.10.10.108<\/span><br \/><span style=\"color: #843fa1;\"># &nbsp; &nbsp;- 127.0.0.1<\/span><br \/><span style=\"color: #843fa1;\">#<\/span><br \/><span style=\"color: #843fa1;\">#websocket_api:<\/span><br \/><span style=\"color: #843fa1;\">###########################################################<\/span><br \/><br \/><span style=\"color: #843fa1;\">&lt;VirtualHost _default_:443&gt;<\/span><br \/><span style=\"color: #843fa1;\">&nbsp; ServerName localhost:443<\/span><br \/><br \/><span style=\"color: #843fa1;\">&nbsp; ErrorLog \"${APACHE_LOG_DIR}\/home_assistant_error.log\"<\/span><br \/><span style=\"color: #843fa1;\">&nbsp; TransferLog \"${APACHE_LOG_DIR}\/home_assistant_access.log\"<\/span><br \/><br \/><span style=\"color: #843fa1;\">&nbsp; SSLEngine on<\/span><br \/><span style=\"color: #843fa1;\">&nbsp; SSLCertificateFile &nbsp;\/etc\/ssl\/opizero\/certs\/ssl-cert.crt<\/span><br \/><span style=\"color: #843fa1;\">&nbsp; SSLCertificateKeyFile \/etc\/ssl\/opizero\/private\/ssl-cert.key<\/span><br \/><br \/><span style=\"color: #843fa1;\">&nbsp; ProxyPreserveHost On<\/span><br \/><span style=\"color: #843fa1;\">&nbsp; ProxyRequests off<\/span><br \/><br \/><span style=\"color: #843fa1;\">&nbsp; ProxyPass \/api\/websocket ws:\/\/10.10.10.108:8123\/api\/websocket<\/span><br \/><span style=\"color: #843fa1;\">&nbsp; ProxyPassReverse \/api\/websocket ws:\/\/10.10.10.108:8123\/api\/websocket<\/span><br \/><span style=\"color: #843fa1;\">&nbsp; ProxyPass \/ http:\/\/10.10.10.108:8123\/<\/span><br \/><span style=\"color: #843fa1;\">&nbsp; ProxyPassReverse \/ http:\/\/10.10.10.108:8123\/<\/span><br \/><br \/><span style=\"color: #843fa1;\">&nbsp; # fix websockets for addons and apis<\/span><br \/><span style=\"color: #843fa1;\">&nbsp; RewriteEngine On<\/span><br \/><span style=\"color: #843fa1;\">&nbsp; RewriteCond %{HTTP:Upgrade} websocket [NC]<\/span><br \/><span style=\"color: #843fa1;\">&nbsp; RewriteRule ^\/?(.*) \"ws:\/\/10.10.10.108:8123\/$1\" [P,L]<\/span><br \/><span style=\"color: #843fa1;\">&lt;\/VirtualHost&gt;<\/span><br \/>----------<br \/>&nbsp; a2ensite hass_reverse_proxy<br \/>&nbsp; systemctl restart apache2<br \/><br \/><br \/><br \/><strong>3.ngix \uc124\uc815 \uc608\uc81c<\/strong><br \/><br \/>&nbsp; vi \/etc\/nginx\/sites-available\/hass_reverse_proxy<br \/>----------<br \/><span style=\"color: #236fa1;\">###########################################################<\/span><br \/><span style=\"color: #236fa1;\"># \/etc\/nginx\/sites-available\/hass_reverse_proxy<\/span><br \/><span style=\"color: #236fa1;\">#<\/span><br \/><span style=\"color: #236fa1;\"># Add the following to Home Assistant's configuration.yaml:<\/span><br \/><span style=\"color: #236fa1;\">###########################################################<\/span><br \/><span style=\"color: #236fa1;\">#http:<\/span><br \/><span style=\"color: #236fa1;\"># &nbsp;use_x_forwarded_for: true<\/span><br \/><span style=\"color: #236fa1;\"># &nbsp;trusted_proxies:<\/span><br \/><span style=\"color: #236fa1;\"># &nbsp; &nbsp;- 10.10.10.0\/24<\/span><br \/><span style=\"color: #236fa1;\"># &nbsp; &nbsp;- 10.10.10.108<\/span><br \/><span style=\"color: #236fa1;\"># &nbsp; &nbsp;- 127.0.0.1<\/span><br \/><span style=\"color: #236fa1;\">#<\/span><br \/><span style=\"color: #236fa1;\">#websocket_api:<\/span><br \/><span style=\"color: #236fa1;\">###########################################################<\/span><br \/><br \/><span style=\"color: #236fa1;\">server {<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; listen [::]:443 ssl default_server http2 ipv6only=off;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; server_name 'hasu0707.duckdns.org';<\/span><br \/><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; # These shouldn't need to be changed<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; add_header Strict-Transport-Security \"max-age=31536000; includeSubdomains\";<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; ssl_protocols TLSv1.2;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; ssl_ciphers \"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4\";<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; ssl_prefer_server_ciphers on;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; ssl_session_cache shared:SSL:10m;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; proxy_buffering off;<\/span><br \/><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; location \/ {<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; &nbsp; &nbsp; proxy_pass &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;http:\/\/localhost:8123\/;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; &nbsp; &nbsp; proxy_http_version &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;1.1;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; &nbsp; &nbsp; proxy_redirect &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;http:\/\/ https:\/\/;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; &nbsp; &nbsp; proxy_cache_bypass &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;$http_upgrade;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header Connection &nbsp; &nbsp; &nbsp; &nbsp; \"upgrade\";<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header Host &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $host;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header Upgrade &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;$http_upgrade;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header X-Forwarded-Host &nbsp; $host;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header X-Forwarded-Port &nbsp; $server_port;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header X-Forwarded-Proto &nbsp;$scheme;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header X-Forwared-For &nbsp; &nbsp; $proxy_add_x_forwarded_for;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header X-Real-IP &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;$remote_addr;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; }<\/span><br \/><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; # self signed certificate<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; ssl_certificate '\/etc\/ssl\/opizero2\/certs\/ssl-cert.crt';<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; ssl_certificate_key '\/etc\/ssl\/opizero2\/private\/ssl-cert.key';<\/span><br \/><span style=\"color: #236fa1;\">}<\/span><br \/><br \/><span style=\"color: #236fa1;\">server {<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; # managed by Certbot<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; if ($host = 'hasu0707.duckdns.org') {<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; &nbsp; &nbsp; return 301 https:\/\/$host$request_uri;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; }<\/span><br \/><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; listen 80;<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; server_name 'hasu0707.duckdns.org';<\/span><br \/><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; # managed by Certbot<\/span><br \/><span style=\"color: #236fa1;\">&nbsp; &nbsp; return 404;<\/span><br \/><span style=\"color: #236fa1;\">}<\/span><br \/>----------<br \/>&nbsp; ln -s \/etc\/nginx\/sites-available\/hass_reverse_proxy \/etc\/nginx\/sites-enabled\/hass_reverse_proxy<br \/>&nbsp; systemctl restart nginx<br \/><\/span>\n","protected":false},"excerpt":{"rendered":"<p>1.Home Assistant \uc5d0\uc11c Reverse Proxy \ud5c8\uc6a9 &nbsp; vi \/var\/homeassistant\/homeassistant\/configuration.yaml&#8212;&#8212;&#8212;-# Enable Reverse Proxyhttp:&nbsp; use_x_forwarded_for: true&nbsp; trusted_proxies:&nbsp; &nbsp; &#8211; 10.10.10.0\/24&nbsp; &nbsp; &#8211; 127.0.0.1 # Enable WebSocketwebsocket_api:&#8212;&#8212;&#8212;- 2. apache2 \uc124\uc815 \uc608\uc81c &nbsp; echo &#8220;Listen 443&#8221; &gt;&gt; \/etc\/apache2\/ports.conf&nbsp; a2enmod proxy_wstunnel&nbsp; vi \/etc\/apache2\/sites-available\/hass_reverse_proxy.conf&#8212;&#8212;&#8212;-############################################################ \/etc\/apache2\/sites-available\/hass_reverse_proxy.conf## Add the following to Home Assistant&#8217;s configuration.yaml:############################################################http:# &nbsp;use_x_forwarded_for: true# &nbsp;trusted_proxies:# &nbsp; &nbsp;&#8211; 10.10.10.0\/24# &nbsp; &nbsp;&#8211; 10.10.10.108# [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[93],"tags":[],"class_list":["post-8371","post","type-post","status-publish","format-standard","hentry","category-computing_iot"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/8371","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8371"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/8371\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8371"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8371"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8371"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}