Home Assistant Cloud Access – NGINX

Setting up your Home Assistant for Cloud Access

The goal of this is to setup Hass.io on a Raspberry Pi that allows external access to our home automation hub. This enables me to manage it away from my home and integrate with cloud services.

Components Involved

  1. Home Assistant (Home Automation Hub)
  2. Duck DNS account (a free DDNS service)
  3. NGiNX – (local SSL Proxy)

ducky_iconDuck DNS Steps

Since my internet connection is a through a dynamic external IP address managed by my service provider, it changes quite often (weekly and sometimes daily). It becomes difficult to connect to home services from an external computer once you leave your home’s WiFi.

To address this, Duck DNS is a DDNS (Dynamic DNS) service that provides a public DNS server so anyone can get a “subdomain” to use provided scripts for updating record(s) – instead of trying to remember an IP address, use a domain name that’s kept up-to-date simple and free.

 

alexa-512x512 Home Assistant Steps

My choice of open source home automation for local control and privacy.

 

Pre-Reqs:

  1. Firewall is allowed to pass thru port 443 and 1823 to Hassio local IP address
  2. Home Assistant already setup with base installation
  3. Make a backup  – http://localhost:8123/hassio/snapshots

Hassio Steps:

  1. From the Hassio Add-On Store, the below steps are required for setting up TLS/SSL Proxy
  2. Install DuckDNS and apply token, set accept_terms to true, then add domain list
    1. {
      “lets_encrypt”: {
      “accept_terms”: true,
      “certfile”: “fullchain.pem”,
      “keyfile”: “privkey.pem”
      },
      “token”: “XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX”,
      “domains”: [
      “name1.duckdns.org”,
      “name2.duckdns.org”
      ],
      “seconds”: 300
      }
  3. Install NGINX
  4. Refresh log and should look similar to mine:

    [INFO] Generating dhparams (this will take some time)… Generating DSA parameters, 4096 bit long prime ……….+………….+…….+…..+………..+…..+…………+………….+…+………..+………………..+….+…+…..+…….+………+…..+……………………+..+…….+……+….+…..+.+….+……………………………………+……………………….+……+…+………..+…..+…++++++++++++++++++++++++++++++++++++++* [INFO] Creating ‘snakeoil’ self-signed certificate… Generating a 2048 bit RSA private key ……………….+++ ……………………………………………….+++ writing new private key to ‘/data/ssl-cert-snakeoil.key’ —– [INFO] Running nginx…

  5. Configure the Hassio configuration.xml to disable ssl cert and port

    http:
      base_url: !secret http_base_url
     #api_password: !secret http_password
    #server_port: !secret http_port
    #ssl_certificate: /ssl/fullchain.pem
    #ssl_key: /ssl/privkey.pem
      ip_ban_enabled: true
      login_attempts_threshold: 5
      cors_allowed_origins:
      – https://google.com
      – https://www.home-assistant.io
      – https://subdomain.duckdns.com
    #use_x_forwarded_for: true
      trusted_networks:
      – 127.0.0.1
      – ::1
      – 8.8.8.8
      – 192.168.0.0/24
      – fd00::/8

  6. Restart Home Assistant, Done
    
    
    

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s