1. Allow your proxy to make requests to HA.
Modify and add the following configuration to the /config/configuration.yaml HA file.
http:
server_port: 8123
base_url: https://homeassistant.rlskeels.com
use_x_forwarded_for: true
trusted_proxies:
- 10.1.64.62. Enable necessary Apache modules
a2enmod proxy proxy_http proxy_wstunnel rewrite
systemctl restart apache2.service3. Create a new site file with this config.
vi /etc/apache2/sites-available/homeassistant.rlskeels.com.confNote that the proxy is talking HTTP and WS to the actual Home Assistant server, not HTTPS and WSS.
(Home Assistant) <-----[http/ws]-----> (Reverse Proxy) <-----[https/wss]-----> (Your browser/client)
<VirtualHost *:80>
ServerName homeassistant.example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteCond %{SERVER_NAME} =homeassistant.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName homeassistant.example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://homeassistant.int.example.com:8123/ connectiontimeout=5 timeout=30 keepalive=on
ProxyPassReverse / http://homeassistant.int.example.com:8123/
ProxyPass /api/websocket ws://homeassistant.int.example.com:8123/api/websocket connectiontimeout=5 timeout=30 keepalive=on
ProxyPassReverse /api/websocket ws://homeassistant.int.example.com:8123/api/websocket
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://homeassistant.int.example.com:8123/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://homeassistant.int.example.com:8123/$1 [P,L]
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>4. Restart Apache
systemctl reload apache2.serviceTo certify this VirtualHost (use HTTPS/SSL), use this Certbot guide.