Project

General

Profile

[Solved] Support for SSL proxy to Home assistant: Rewrite Apache2 rules

Added by NachoMas 11 months ago

Hi all,

I'm trying to change my whole server environment from Apache2 to lighttpd but I am having problems with my SSL proxy configuration for Home assistant. I have the following rule in Apache2 to access home assistant with its own domain:

<VirtualHost *:443>
  ServerName hass.myserverdomain
  ServerAlias www.myserverdomain

  ProxyPreserveHost On
  ProxyRequests off
  ProxyPass / http://localhost:8123/
  ProxyPassReverse / http://localhost:8123/
  ProxyPass /api/websocket ws://localhost:8123/api/websocket
  ProxyPassReverse /api/websocket ws://localhost:8123/api/websocket

  RewriteEngine on
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)  ws://localhost:8123/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*)  http://localhost:8123/$1 [P,L]

  ErrorLog /var/log/apache2/hass-error.log
  CustomLog /var/log/apache2/hass-access.log combined

  SSLEngine on
  SSLProxyEngine on
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  SSLProxyCheckPeerExpire off
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
  SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  SSLHonorCipherOrder On
  SSLCertificateFile /etc/letsencrypt/live/myserverdomain/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/myserverdomain/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/myserverdomain/fullchain.pem
</VirtualHost>

and so far I have the SSL certificates in lighttpd via certbot working flawlessly, but I don't get the redirection right. I have so far the following in my lighttpd.conf:
$SERVER["socket"] == "0.0.0.0:443" {
        ssl.engine  = "enable" 
        $HTTP["host"] =~ "(^|www\.)hass.alderaan.dnsalias.net" {
                ssl.pemfile = "/etc/letsencrypt/live/myserverdomain/fullchain.pem" 
                ssl.privkey = "/etc/letsencrypt/live/myserverdomain/privkey.pem" 
                proxy.server = ( "" => (( "host" => "192.168.1.2", "port" => 8123 )))
                server.errorlog = "/var/log/lighttpd/hass-error.log" 
                accesslog.filename = "/var/log/lighttpd/hass-access.log" 
        }
}

which of course is missing all the rewrite rules and does not work. Anyone so kind as to show me how to rewrite the apache2 rewrite rules?

Server: Ubuntu linux with kernel 5.15.0-67-generic
Lighttpd version 1.4.63

Thanks!


Replies (1)

RE: Suspport for SSL proxy to Home assistant: Rewrite Apache2 rules - Added by gstrauss 11 months ago

Try adding this: proxy.header += ( "upgrade" => "enable" ) right below proxy.server

Also, you generally want to define a default certificate in $SERVER["socket"] where ssl.engine = "enable"

    (1-1/1)