Routing homeassistant in network_mode host

Traefik Traefik v2
,
1

Hi,

I'm trying to route homeassistant running in a container in network_mode: host. With my actual config, I get a bad request 400 when typing the domain_name in a browser.

version: "3.3"

services:

  traefik:
    image: "traefik:2.6.3"
    container_name: "traefik"
    command:
      - --log.level=DEBUG
      - --api.insecure=false
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.file.directory=/etc/traefik/
      - --providers.file.watch=true
      - --entrypoints.web.address=:80
      - --entrypoints.web-secure.address=:443

      #TLS DNS Challenge
      - --certificatesResolvers.primary.acme.email=[edited]
      - --certificatesResolvers.primary.acme.storage=acme.json

      - --certificatesResolvers.primary.acme.dnsChallenge=true
      - --certificatesResolvers.primary.acme.dnsChallenge.provider=[edited]
      - --certificatesResolvers.primary.acme.dnsChallenge.delayBeforeCheck=100

      ##------ Plug-ins------
      - --pilot.token=[edited]
      - --experimental.plugins.plugin-log4shell.modulename=github.com/traefik/plugin-log4shell
      - --experimental.plugins.plugin-log4shell.version=v0.1.2

      - --experimental.plugins.fail2ban.modulename=github.com/tomMoulard/fail2ban
      - --experimental.plugins.fail2ban.version=v0.6.6
      ## --------------------
[edited]
    environment:
      - DESEC_TOKEN=[edited]
      - DESEC_NAME=[edited]
    ports:
      - "80:80"
      - "443:443"

    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik:/etc/traefik"
      - "./acme.json:/acme.json"
    extra_hosts:
      - host.docker.internal:172.17.0.1
    restart: unless-stopped


    labels:
      - "traefik.http.routers.api.middlewares=secHeaders@file,traefik-auth"
      # Traefik api labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.tls.domains[0].main=[edited]"
      - "traefik.http.routers.api.tls.domains[0].sans=*.[edited]"
      - "traefik.http.routers.api.rule=Host(`[edited]`)"   
      - "traefik.http.routers.api.service=api@internal"
      #- "traefik.http.routers.api.entrypoints=web"
      - "traefik.http.routers.api.entrypoints=web-secure"
      - "traefik.http.routers.api.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=[edited]"
      - "traefik.http.routers.api.tls=true"
      - "traefik.http.routers.api.tls.certresolver=primary"
      # Redirect to https
      - "traefik.http.routers.redir-to-https.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redir-to-https.entrypoints=web"
      - "traefik.http.routers.redir-to-https.middlewares=redirect-to-https"
      - "traefik.http.routers.redir-to-https.priority=100"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" 
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"

      # Non container services
      # Synology DS-414
      - "traefik.http.routers.ds414.entrypoints=web-secure"
      - "traefik.http.routers.ds414.rule=Host(`[edited]`)"
      - "traefik.http.routers.ds414.service=ds414@file"
      - "traefik.http.routers.ds414.tls.certresolver=primary"

      # Homeassistant
      - "traefik.http.routers.ha.entrypoints=web-secure"
      - "traefik.http.routers.ha.rule=Host(`[edited]`)"
      - "traefik.http.routers.ha.service=ha@file"
      - "traefik.http.routers.ha.tls.certresolver=primary"

    networks:
      - web
      - statistics
networks:
  web:
    external: true
  statistics:
    external: true

My file provider:

[http]
  [http.services]
    [http.services.ha]
      [http.services.ha.loadBalancer]
        [[http.services.ha.loadBalancer.servers]]
          url = "http://192.168.2.20:8123/"

My homeassistant docker-compose:

version: '3'
services:
  homeassistant:
    container_name: homeassistant
    image: "ghcr.io/home-assistant/home-assistant:stable"
    volumes:
      - homeassistant:/config
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
    privileged: true
    healthcheck:
      test: ["CMD", "curl", "-f", "http://192.168.2.20:8123"] #host
      interval: "30s"
      timeout: "10s"
      retries: "10"
    cap_add:
      - NET_ADMIN
      - NET_BIND_SERVICE
      - SYS_ADMIN
    network_mode: "host"
#    labels:
#      - traefik.enable=true
#      - traefik.http.routers.homeassistant.rule=Host(`[edited`)
#      - traefik.http.routers.homeassistant.entrypoints=web-secure
#      - traefik.http.routers.homeassistant.tls=true
#      - traefik.http.routers.homeassistant.tls.certResolver=primary
#      - traefik.http.services.homeassistant.loadbalancer.server.port=8123
volumes:
  homeassistant:
    external: true

The traefik logs show no error, generating the route, the certs, the service points at 192.168.2.20:8123

Can someone point me to the error?
Big thanks in advance

2

I found the answer, well ChapGPT did... :stuck_out_tongue_winking_eye:

There is nothing wrong with Traefik or the docker-compose files....homeassistant needs to accept reverse proxy. So I added the following in the configuration.yaml in homeassistant:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.19.0.0/16  # Replace this with the IP range of your reverse proxy

Now I can access the web interface through the external route.

Many thanks to ChatGPT!!!! :heart_eyes:

3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.