我想为在本地网络中运行的 Home-Assistant(hass)实例设置 Apache 反向代理。
我使用 将本地 hass 实例的流量隧道传输到远程服务器。ssh -N [email protected] -R 8123:localhost:8123
现在我尝试在 Apache 中设置一个简单的反向代理:
<VirtualHost *:443>
ServerName hass.example.com
SSLEngine On
# If you manage SSL certificates by yourself, these paths will differ.
SSLCertificateFile fullchain.pem
SSLCertificateKeyFile privkey.pem
SSLProxyEngine on
SSLProxyProtocol +TLSv1.2 +TLSv1.3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
ProxyPreserveHost On
ProxyRequests Off
ProxyVia On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
# Proxy all traffic to hass
ProxyPass / http://localhost:8123/ nocanon
ProxyPassReverse / http://localhost/
ErrorLog ${APACHE_LOG_DIR}/hass.example.com-error.log
CustomLog ${APACHE_LOG_DIR}/hass.example.com-access.log combined
<IfModule security2_module>
SecRuleEngine off
</IfModule>
</VirtualHost>
<VirtualHost *:80>
ServerName hass.example.com
Redirect permanent / "https://hass.example.com"
ErrorLog ${APACHE_LOG_DIR}/hass.example.com-error.log
CustomLog ${APACHE_LOG_DIR}/hass.example.com-access.log combined
</VirtualHost>
遗憾的是,如果我尝试打开hass.example.com
,浏览器会响应400: Bad Request
。
答案1
归根结底Home-Assistant 阻止反向代理你必须尝试代理 websocket 请求。
调整 hass-config(config/configuration.yaml
):
http:
use_x_forwarded_for: true
trusted_proxies:
- ::1
- 127.0.0.1
ip_ban_enabled: true
login_attempts_threshold: 5
Apache 配置:
<VirtualHost *:443>
ServerName hass.example.com
SSLEngine On
# If you manage SSL certificates by yourself, these paths will differ.
SSLCertificateFile fullchain.pem
SSLCertificateKeyFile privkey.pem
SSLProxyEngine on
SSLProxyProtocol +TLSv1.2 +TLSv1.3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
ProxyPreserveHost On
ProxyRequests Off
ProxyVia On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
# Proxy all traffic to hass
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket
RewriteRule /(.*) ws://localhost:8123/$1 [P]
RewriteCond %{HTTP:Upgrade} !=websocket
RewriteRule /(.*) http://localhost:8123/$1 [P]
ProxyPassReverse / http://localhost:8123
ErrorLog ${APACHE_LOG_DIR}/hass.example.com-error.log
CustomLog ${APACHE_LOG_DIR}/hass.example.com-access.log combined
<IfModule security2_module>
SecRuleEngine off
</IfModule>
</VirtualHost>
<VirtualHost *:80>
ServerName hass.example.com
Redirect permanent / "https://hass.example.com"
ErrorLog ${APACHE_LOG_DIR}/hass.example.com-error.log
CustomLog ${APACHE_LOG_DIR}/hass.example.com-access.log combined
</VirtualHost>