I’ve managed to install FreedomBox on a clean Debian install, which went smoothly for the most part, including Let’s Encrypt. I like the Plinth and Cockpit combo, and the offered config options through these services.
I’ve installed Home Assistant alongside Freedombox using docker, which I’m able to access from my LAN as normally expected through port 8123, with Plinth & Cockpit on port 80. In Cockpit there is a separate Docker zone under firewall settings.
For the time being, I’d like to access my Home Assistant instance remotely, and I currently don’t have a usecase for remotely accessing any FreedomBox services. In the distant future I might be interested in hosting and accessing a Wordpress instance remotely alongside Home Assistant, and a Matrix server.
“Problem” Description
How do I route any traffic coming from external networks to HomeAssistant instead of towards FreedomBox/Plinth. I’m used to just forwarding port 80 and 443 on my router to my Home Assistant server, which as expectedly, currently resolves to Plinth or whatever Homepage is setup under System → Configure.
My ideal situation I think would be: My-FreeDNS-URL.com → If possible reserved for any future Wordpress instance My-FreeDNS-URL.com/homeassistant → resolving to the Homeassistant instance
With LAN access/ports left unchanged, so locally accessing plinth and underlying apps/services on 80 and HomeAssistant on port 8123.
I’m not sure if Matrix needs port 80/443 as well but I’d be very grateful for any assistance in achieving my ideal situation.
Im not too familiar with docker, but what i did was install HA Core instead and reverse proxied with apache.
i can share my apache configuration if youd like.
When running the docker container, ensure that the home assistant service is running on a port other than 80/443. Such as 8123 you mentioned. Then write an Apache configuration file in /etc/apache/conf-available/my-home-assistant.conf . Then enable it with the command a2enconf my-home-assistant. Then reload Apache. For examples on how to write the configuration, see the files provided by FreedomBox in that directory and /usr/share/freedombox/etc/apache2/conf-available/. With this setup, FreedomBox will manage the webserver, let’s encrypt, dynamic DNS, firewall, auto-updates, distribution-upgrades, and even single-sign on authentication (based on how you write the apache configuration file). Home assistant can just present it’s web UI without doing TLS, domain configuration, etc.
Post post it here. This would be only missing part for a full solution above.
BTW, we have been hoping to have a home assistant app in FreedomBox for a while now. An effort to package home assistant and all of its addons in underway. People with Debian packaging knowledge can help out.
Sure, here’s what I compiled from reading through HA forums. Has been working tick-tock for nearly two years now : )
kindly remove comments marked with # when using
<VirtualHost *:80>
# make sure to obtain your ssl cert first (FBX > Name Services to add domain) as this part will rewrite all requests from port 80 to 443
ServerName my.domain #replace as necessary
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\.well-known/
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost *:443>
ServerName my.domian # replace as necessary
ProxyPreserveHost On
ProxyRequests off
ProxyPass /api/websocket ws://localhost:8123/api/websocket
ProxyPassReverse /api/websocket ws://localhost:8123/api/websocket
ProxyPass / http://localhost:8123/
ProxyPassReverse / http://localhost:8123/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:8123/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:8123/$1 [P,L]
SSLCertificateFile /etc/letsencrypt/live/my.domain/fullchain.pem # pls revise as necessary
SSLCertificateKeyFile /etc/letsencrypt/live/my.domain/privkey.pem #pls revise as necessary
SSLUseStapling off # my personal preference, remove if you do not require
</VirtualHost>
EDIT: A little different to what @sunil shared, I have this under /etc/apache2/sites-available with a static domain. To enable I used sudo a2ensite my-home-assistant
Great news… stuck on HA Core for some time now, this would save a lot of trouble on updates (and save my staying away from docker with “fear I might break my system” : )