使用宝塔反向代里HomeAssistant并添加SSL
在宝塔设置反向代理后直接访问报错:400: Bad Request[*]Home-Assistant使用反向代理要设置白名单,不然会拦截。
找错误中一些巧合
[*]在查第一个400: Bad Request报错原因时,看到一个回答是说因为反代配置加了websocket支持才报错,删掉就不报错了。
[*]而这个和我第二个问题撞上了,很是巧合。
[*]如果当时看到那个回答反其道而行之加上去,说不定早就解决了。
添加反代
[*]目标URL:http://[域名]:8123
[*]发送域名:域名
[*]添加如下代码:
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
这时添加前的:
#PROXY-START/
location ~* .(gif|png|jpg|css|js|woff|woff2)$
{
proxy_pass https://hass.xxx.cn:8123;
proxy_set_header Host hass.xxx.cn;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
expires 12h;
}
location /
{
proxy_pass https://hass.xxx.cn:8123;
proxy_set_header Host hass.xxx.cn;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
add_header Cache-Control no-cache;
}
#PROXY-END/这是添加后的:
#PROXY-START/
location ~* .(gif|png|jpg|css|js|woff|woff2)$
{
proxy_pass https://hass.xxx.cn:8123;
proxy_set_header Host hass.xxx.cn;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
expires 12h;
}
location /
{
proxy_pass https://hass.xxx.cn:8123;
proxy_set_header Host hass.xxx.cn;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
add_header Cache-Control no-cache;
}
#PROXY-END/Home-Assistant方面的设置获取反向代理源IP
[*]直接访问https://[域名]或者http://[域名]
[*]用ip或者http://[域名]:8123登录Home-Assistant
[*]添加SSL支持和反代白名单
[*]把.crt、.key证书文件拷贝到config目录
[*]打开configuration.yaml,添加如下配置(视情况修改),然后重启服务:
http:
base_url: [域名]
ssl_certificate: [.crt文件]
ssl_key: [.key文件]
use_x_forwarded_for: true
trusted_proxies:
- 1.14.147.22
- 172.17.0.1
- 127.0.0.1
- ::1上面最下面那几个ip就是白名单列表,可以把公网IP和本地IP也写上去。
页:
[1]