nginx代理,添加ssl证书
环境搭建
目的是在外网访问homeassistant。安全起见,使用https对链接加密,故使用nginx代理。自己买了域名和证书,域名解析器通过cname绑定openfrp域名,openfrp建立隧道穿透至nginx所在机器,即localhost:10005,代理至homeassistant所在机器192.168.30.120:8123。这里homeassistant安装在vmware虚拟机当中,设置了固定ip。
nginx配置文件
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# HTTPS server
server {
listen 10005 ssl;
http2 off;
server_name localhost;
ssl_certificate ssl/your_cert.crt;
ssl_certificate_key ssl/your_cert.key;
location / {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept';
proxy_pass https://192.168.30.666:8123; # 替换为你要转发请求的目标地址和端口
#外网访问报错,会卡在登录之后的页面,具体哪些配置有用我也不清楚
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real_IP $remote_addr;
proxy_http_version 1.1;
}
}
server {
listen 10006;
server_name localhost;
return 301 https://$http_host$request_uri;
}
}
HomeAssistant的配置(shell)
为了方便使用,homeassistant加载项安装了terminal&ssh,配置选项配置密码,从而可以ssh访问。ssh登录,对文件/config/configuration.yaml做更改,内容如下
# Loads default set of integrations. Do not remove.
default_config:
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
http:
base_url: https://yxk.duckdns.org
use_x_forwarded_for: true
trusted_proxies:
- 192.168.30.1 #vmware所在宿主机的ip,或者说nginx所在主机ip
ssl_certificate: /ssl/your_cert.crt
ssl_key: /ssl/your_cert.key
~
HomeAssistant的配置(网页)
设置>系统>网络配置登录的域名

总结
通过以上配置,可以实现HomeAssistant的外网加密访问。但是通过openfrp的方式实现内网穿透始终是不怎么得劲,无奈没有公网ip。有更好的办法欢迎大家交流。
5214

被折叠的 条评论
为什么被折叠?



