HomeAssistant: Local testing with Nginx Reverse Proxy — macOS
Setting up Nginx Reverse Proxy for Home Assistant posed challenges, resolved through a Docker Compose file for local testing. With Home Assistant and Nginx in “172.25.0.0/16” network, using port binding due to Docker Desktop limitations. “trusted_proxies=172.25.0.0/16” in configuration.yaml secures Nginx traffic. Optimized nginx.conf ensures smooth WebSocket support.
Introduction
Setting up an Nginx Reverse Proxy for Home Assistant presented its challenges, requiring dedicated effort to overcome. Through perseverance and experimentation, I successfully configured the setup and streamlined it into a functional Docker Compose file tailored for local testing.
Clone the Repository
To begin, clone the GitHub repository containing the essential Docker Compose YAML file and necessary configuration files crucial for replicating and understanding the setup.
git clone https://github.com/Gatsby-Lee/moon-rapi
Bringing Up Services
Navigate to the home-assistant directory and execute the Docker Compose command to initiate the services, ensuring both Home Assistant and Nginx are deployed seamlessly within the designated “172.25.0.0/16” network.
cd home-assistant
docker-compose up
# open
http://localhost
Details: docker-compose.yaml
The compose.yaml file orchestrates the deployment of Home Assistant and Nginx, leveraging Docker’s capabilities while addressing specific challenges like Docker Desktop’s limitation with network_mode=host
. Instead, it optimizes connectivity through port binding with the defined subnet (172.25.0.0/16) to manage the traffic between Nginx and Home Assistant.
The subnet (172.25.0.0/16) is predefined to make sure the incoming traffic of the IPs from the Nginx reverse proxy.
version: '3.8'
services:
homeassistant:
container_name: homeassistant
image: ghcr.io/home-assistant/home-assistant:stable
volumes:
- ./config:/config
- /etc/localtime:/etc/localtime:ro
environment:
- TZ=America/Los_Angeles
restart: unless-stopped
# network_mode: bridge
ports:
- 8123:8123
reverse_proxy:
image: nginx:latest
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
restart: unless-stopped
# network_mode: bridge
ports:
- "80:80"
- "443:443"
networks:
custom_network:
driver: bridge
ipam:
config:
- subnet: 172.25.0.0/16
Details: configuration.yaml
In the configuration.yaml file, crucial modifications include integrating “trusted_proxies=172.25.0.0/16”. This configuration step is pivotal, as it enables Home Assistant to authenticate and process incoming requests from the Nginx reverse proxy seamlessly. To maintain clarity and simplicity, secondary configuration files such as automation.yaml, scripts.yaml, and scenes.yaml remain commented out, leveraging the consolidated settings within configuration.yaml.
# Loads default set of integrations. Do not remove.
default_config:
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
## commented out since missed if custom configuration.yaml is set.
# automation: !include automations.yaml
# script: !include scripts.yaml
# scene: !include scenes.yaml
## how to validate
# ref: https://www.home-assistant.io/common-tasks/container/#configuration-check
## wowbro custom change
# https://www.home-assistant.io/integrations/http/
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.25.0.0/16
Details: nginx.conf
The nginx.conf file is meticulously configured to optimize traffic routing to Home Assistant, ensuring robust WebSocket support and reliable communication pathways. This setup is essential for enhancing performance and user experience across the integrated home automation ecosystem.
By adopting these refined configurations and strategic approaches, the setup not only resolves initial challenges effectively but also establishes a scalable foundation for expanding and integrating additional smart home functionalities seamlessly.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://homeassistant:8123/;
add_header X-Served-By $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}