HomeAssistant behind a Proxy

I’m a fan of home automation. I like sensors and I like to know what’s going on at home even I’m lying on the beach in Thailand. I installed HomeAssistant a couple of months ago on a Raspberry Pi 4. I added all my sensors (which I already had) and it works perfectly. I have a lot of Xiaomi bluetooth devices and that worked also with build in bluetooth from the Raspberry Pi.

But I did not found a solution to make it accessible from outside my home network in combination with working bluetooth through a docker container.

Usually I always use docker in combination with the magic of nginx-proxy and nginx-letsencrypt-companion containers. Until now it always worked without any problems. But this time, it did not. The problem was that I wanted to use the bluetooth of my raspberry pi inside the container. In this case I need to run HomeAssistant with network_mode host. And if you do this, nginx-proxy can’t proxy to this container as they are not on the same network.

I researched a lot, but I did not found a solution which worked.

A few weeks later I read a post about one guy who made it work with Traefik. I already heard a lot about Traefik, but I always was fine with my setup so I never tried it. Why not give it a try right?

The traefik docker compose file looks like this:

version: "3.9"

services:

  traefik:
    image: "traefik:v2.5"
    container_name: "traefik"
    ports:
      - "443:443"
      - "80:80"
      - "8080:8080"
    environment:
      CLOUDFLARE_EMAIL: ${CF_EMAIL}
      CLOUDFLARE_API_KEY: ${CF_API_KEY}
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik.yml:/traefik.yml:ro"
    extra_hosts:
      - host.docker.internal:172.17.0.1
    networks:
      - web

networks:
   web:
     external: true

and the HomeAssistant file looks like

version: "3.9"
services:
    homeassistant:
        container_name: homeassistant
        image: homeassistant/raspberrypi4-homeassistant:stable
        volumes:
            - ./config:/config
            - /etc/localtime:/etc/localtime:ro
        privileged: true
        network_mode: "host"
        labels:
            - "traefik.enable=true"
            - "traefik.http.services.homeassistant.loadbalancer.server.port=8123"
            - "traefik.http.routers.homeassistant.rule=Host(`your.domain.com`)"
            - "traefik.http.routers.homeassistant.entrypoints=websecure"
            - "traefik.http.routers.homeassistant.tls=true"
            - "traefik.http.routers.homeassistant.tls.certresolver=lets-encr"
        restart: unless-stopped

and guess what? It didn’t worked. I got an error in the container when trying to access it. But it was just a configuration issue in HomeAssistant, I added the following part to my configuration.yaml:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.x.x.x     <-- here comes your address (you see it in the logs)

After that, I restarted the container and it worked. :smiley:

I finally got it working on my domain with bluetooth. Now I can watch how Speedy (that’s the name of our vacuum robot) cleans the apartment while I’m enjoying a coffee with my girlfriend.