LetsEncrypt with NginX for Home Assistant!!

This video is a tutorial on how to setup a LetsEncrypt SSL cert with NginX for Home Assistant!

Here is a link to get you started….

https://community.home-assistant.io/t/nginx-reverse-proxy-set-up-guide-docker/54802/8

(0:00) Intro

(2:05) For starters make sure you know your public IP address.

(2:31) Once we do that we can than create a duckdns domain name.

(3:46) Now you are ready to install the new letsencrypt-nginx docker container. We need to get our uid and gid, we do that by typing…

id

It will display the uid and gid for your user, you need that for setting up the container.

Now you are ready to edit the docker-compose.yml file and add in the new docker container.

letsencrypt-nginx:
container_name: letsencrypt-nginx
image: linuxserver/letsencrypt
restart: unless-stopped
volumes:
– /etc/localtime:/etc/localtime:ro
– /home/adrian/docker-nginx:/config
environment:
– PGID=1000
– PUID=1000
– [email protected]
– URL=mydomain.duckdns.org
– SUBDOMAINS=hass,portainer
– VALIDATION=http
– TZ=America/Chicago
ports:
– “80:80”
– “443:443”

Once you have that in there save and close it. Then type….

sudo docker-compose up -d to create the docker container.

Once you have it up and running, you can jump on portainer and see how it looks.

(8:43) Now lets make a few changes to the config so that everything works correctly….

We need to edit our home assistant configuration and comment out the ssl cert and key….

vi configuration.yaml

#ssl_cert: !secret ssl_cert
#ssl_key: !secret ssl_key
base_url: hass.mydomain.duckdns.org

Once you do that save that and then lets go edit the nginx config. For starters we are going to remove the existing config and create a new one…

cd /home/adrian/docker-nginx/nginx/site-confs
rm default
vi default

#### PORT 80 ACTIVE
server {
listen 80;
server_name mydomain.duckdns.org;
return 301 https://$host$request_uri;
}

# main server block
server {
listen 443 ssl default_server;

root /config/www;
index index.html index.htm index.php;

server_name mydomain.duckdns.org;

# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;

# all ssl related config moved to ssl.conf
include /config/nginx/ssl.conf;

client_max_body_size 0;

location / {
try_files $uri $uri/ /index.html /index.php?$args =404;
}
location ~ .php$ {
fastcgi_split_path_info ^(.+.php)(/.+)$;
# With php7-cgi alone:
fastcgi_pass 10.10.10.211:9001;
#fastcgi_pass 127.0.0.1:9001;
# With php7-fpm:
#fastcgi_pass unix:/var/run/php7-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}

### PORTAINER
server {
listen 443 ssl;

root /config/www;
index index.html index.htm index.php;

server_name portainer.mydomain.duckdns.org;

include /config/nginx/ssl.conf;

client_max_body_size 0;

location / {
# auth_basic “Restricted”;
# auth_basic_user_file /config/nginx/.htpasswd;
include /config/nginx/proxy.conf;
proxy_pass http://10.10.10.211:9000;
}
}
### HOMEASSISTANT
server {
listen 443 ssl;

root /config/www;
index index.html index.htm index.php;

server_name hass.mydomain.duckdns.org;

include /config/nginx/ssl.conf;

client_max_body_size 0;

location / {
# auth_basic “Restricted”;
# auth_basic_user_file /config/nginx/.htpasswd;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_buffering off;
proxy_ssl_verify off;
# include /config/nginx/proxy.conf;
proxy_pass http://10.10.10.211:8123;
}
}

# enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf;

save that and then lets jump over to portainer to restart home assistant and letsencrpyt-nginx

Once thats done, you should now be able to access hass at

https://hass.mydomain.duckdns.org

If you like the video, please subscribe to my channel. If you have any questions or comments, hit me up in the comments below. As always, if there are any videos out there you would like to see that I don’t already have out there, let me know in the comments as well.