在树莓派上折腾了个 Home Assistant 上去,反正用都能用了就顺便配一下反代以便在外面看家里的设备(?为什么会有这样的需求?)
首先编辑 Home Assistant 的 configuration.yaml,我是跑在 Docker 里的,所以看一下配置文件就知道 config 存在哪里了 volumes:
- /home/username/home-assistant/config:/config
http:
# For extra security set this to only accept connections on localhost if NGINX is on the same machine
# Uncommenting this will mean that you can only reach Home Assistant using the proxy, not directly via IP from other clients.
# server_host: 127.0.0.1
use_x_forwarded_for: true
# You must set the trusted proxy IP address so that Home Assistant will properly accept connections
# Set this to your NGINX machine IP, or localhost if hosted on the same machine.
trusted_proxies: <Your_Nginx_Server_ip>
configuration.yaml保存后重启一下 docker servicesudo docker-compose restart
接下来创建一个 Nginx 配置文件
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server
{
listen 443;
listen [::]:443;
server_name hass.yourdomain.moe;
ssl_certificate /etc/letsencrypt/live/yourdomain-moe.crt;
ssl_certificate_key /etc/letsencrypt/live/yourdomain-moe.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # about 40000 sessions
ssl_session_tickets off;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers on;
proxy_buffering off;
location / {
proxy_pass http://<Your_Home_Assistant_ip>:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
#access_log /var/log/nginx/yourdomain.moe.log;
}
hass.yourdomain.moe接下来重启一下 Nginx 服务即可
话说回来我到底有什么必要从外面访问 Home Assistant 啊,于是测试没问题以后就把反代关掉了(((