{"id":3142,"date":"2023-03-06T21:33:50","date_gmt":"2023-03-06T20:33:50","guid":{"rendered":"https:\/\/enesordek.com\/?p=3142"},"modified":"2023-03-06T21:45:36","modified_gmt":"2023-03-06T20:45:36","slug":"smart-home-dashboard-mit-home-assistant-mqtt-certbot-und-nginx-proxy","status":"publish","type":"post","link":"https:\/\/enesordek.com\/en\/2023\/03\/06\/smart-home-dashboard-mit-home-assistant-mqtt-certbot-und-nginx-proxy\/","title":{"rendered":"Smart Home Dashboard with Home Assistant, MQTT, Certbot and Nginx Proxy"},"content":{"rendered":"\n

Home automation, monitoring and control requires a user interface that is easy to use. There are numerous commercial solutions for this.<\/p>\n\n\n\n

\"\"
My Smart Home Dashboard<\/figcaption><\/figure>\n\n\n\n

If you have high requirements for data security and privacy, a self-hosted smart home solution is the way to go. I tried a few open-source solutions and ended up happy with “Home Assistant”. In this post I want to explain how to get a minimal instance of Home Assistant, MQTT, Certbot and Nginx Proxy up and running with Docker Compose.<\/p>\n\n\n\n\n\n\n\n

Installation docker-compose<\/h2>\n\n\n\n

Using docker-compose, Docker containers can be orchestrated with little effort. I use Debian as the operating system for my server. The instructions at this link describe the necessary installation steps.<\/a><\/p>\n\n\n\n

docker-compose<\/h2>\n\n\n\n

The docker-compose.yml file looks as follows. It contains three services.<\/p>\n\n\n\n

version: '3.5'\nservices:\n  homeassistant:\n    container_name: homeassistant\n    restart: unless-stopped\n    image: ghcr.io\/home-assistant\/home-assistant:stable\n    network_mode: host\n    privileged: true\n    environment:\n      - TZ=Europe\/Berlin<\/strong>\n    volumes:\n      - .\/homeassistant_config:\/config\n      - \/etc\/localtime:\/etc\/localtime:ro\n    depends_on:\n      - mosquitto\n  mosquitto:\n    container_name: mosquitto\n    image: eclipse-mosquitto\n    network_mode: host\n    volumes:\n      - .\/mosquitto_conf:\/mosquitto\/config\n      - .\/mosquitto_data:\/mosquitto\/data\n      - .\/mosquitto_log:\/mosquitto\/log\n  frontend:\n    restart: unless-stopped\n    image: staticfloat\/nginx-certbot\n    ports:\n      - 80:80\/tcp\n      - 443:443\/tcp\n    environment:\n      CERTBOT_EMAIL: owner@company.com<\/strong>\n    volumes:\n      - .\/nginx_conf:\/etc\/nginx\/user.conf.d:ro\n      - letsencrypt:\/etc\/letsencrypt\nvolumes:\n  letsencrypt:<\/code><\/pre>\n\n\n\n
Service: Home Assistant<\/h3>\n\n\n\n
This is the actual Home Assistant service. This service alone with its configuration is sufficient to get a running instance. The service can be accessed in the web browser on port 8123.<\/p>\n\n\n\n
Service: Mosquitto<\/h3>\n\n\n\n
Mosquitto is especially needed if you want to use an MQTT instance to transmit IOT data to Home Assistant. Of course, any instance can be used as well. In my case, I want to have everything on one host.<\/p>\n\n\n\n
Service: nginx-certbot<\/h3>\n\n\n\n
Home Assistant is by default operated without TLS on the insecure port 8123. For encrypted transmission, a web server with TLS encryption enabled is required. I found this image which downloads the latest version of Nginx and Certbot during installation.<\/p>\n\n\n\n
Configuration<\/h2>\n\n\n\n
The container can be started using “docker-compose up”. After or during the first startup, a few changes must be made to the newly created configuration files.<\/p>\n\n\n\n
Home Assistant<\/h3>\n\n\n\n
Home Assistant automatically creates a configuration file in the docker-compose folder during the first operation. In this file you only need to add the part for “http” integration.<\/p>\n\n\n\n
# Loads default set of integrations. Do not remove.\ndefault_config:\n\n# Load frontend themes from the themes folder\nfrontend:\n  themes: !include_dir_merge_named themes\n\n# Text to speech\ntts:\n  - platform: google_translate\n\nautomation: !include automations.yaml\nscript: !include scripts.yaml\nscene: !include scenes.yaml\n\nhttp:\n  use_x_forwarded_for: true\n  trusted_proxies:\n    - 127.0.0.1\n  ip_ban_enabled: true\n  login_attempts_threshold: 5<\/strong><\/code><\/pre>\n\n\n\n
This allows the nginx proxy on application side. It might be necessary to enter a different IP address. Docker has its own IP address space internally that you can use here. The correct address can be found in logs.<\/p>\n\n\n\n
Mosquitto<\/h3>\n\n\n\n
After the first operation of Mosquitto, a configuration file is also created here. This file must be modified further. The following command creates a valid password file. This command must be executed while the program is running.<\/p>\n\n\n\n
 docker-compose exec mosquitto mosquitto_passwd -c \/mosquitto\/config\/mosquitto.passwd mosquitto<\/code><\/pre>\n\n\n\n
Now the Mosquitto configuration can be updated with this file. The result looks like this.<\/p>\n\n\n\n
persistence true\npersistence_location \/mosquitto\/data\/\nlog_dest file \/mosquitto\/log\/mosquitto.log\nlistener 1883\n## Authentication ##\nallow_anonymous false\npassword_file \/mosquitto\/config\/mosquitto.passwd<\/strong><\/code><\/pre>\n\n\n\n
This prevents anonymous connection with Mosquitto.<\/p>\n\n\n\n
Nginx-Certbot<\/h3>\n\n\n\n
In nginx a new file has to be created. The following nginx.conf can be created in the nginx_conf folder.<\/p>\n\n\n\n
map $http_upgrade $connection_upgrade {\n    default upgrade;\n    ''      close;\n}\nserver {\n    listen\t\t80;\n    listen              443 ssl;\n    server_name         example.com;\n    ssl_certificate     \/etc\/letsencrypt\/live\/example.com\/fullchain.pem;\n    ssl_certificate_key \/etc\/letsencrypt\/live\/example.com\/privkey.pem;<\/strong>\n    if ($scheme = http) {\n        return 301 https:\/\/$server_name$request_uri;\n    }\n    proxy_redirect off;\n    location \/ {\n        proxy_set_header        Host $host:$server_port;\n        proxy_set_header        X-Real-IP $remote_addr;\n        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header        X-Forwarded-Proto $scheme;\n        proxy_pass http:\/\/127.0.0.1:8123\/;<\/strong>\n\tproxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection $connection_upgrade;\n    }  \n}\n<\/code><\/pre>\n\n\n\n
The marked digits must be modified if necessary. Instead of the local IP address, you can also simply specify the public IP address of the server.<\/p>\n\n\n\n
Result<\/h2>\n\n\n\n
When you first open Home Assistant, you are guided through the user account setup process and subsequently have an instance that you can use for home automation, monitoring and control.<\/p>\n\n\n
\n
\"\"<\/figure><\/div>\n\n\n
There is no on the possibilities you have with this solution. I plan to map all my energy consumption and production (solar panels) in the dashboard. I also want to include the lighting control of my living room in the dashboard. For fun, I also want to install an indoor surveillance camera whose video output I can view in the Smart Home Dashboard.<\/p>\n","protected":false},"excerpt":{"rendered":"
Home automation, monitoring and control requires a user interface that is easy to use. There are numerous commercial solutions for this. If you have high requirements for data security and privacy, a self-hosted smart home solution is the way to go. I tried a few open-source solutions and ended up happy with “Home Assistant”. In … Continue reading Smart Home Dashboard with Home Assistant, MQTT, Certbot and Nginx Proxy<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_locale":"en_US","_original_post":"https:\/\/enesordek.com\/?p=3136","footnotes":""},"categories":[25,29,8],"tags":[],"class_list":["post-3142","post","type-post","status-publish","format-standard","hentry","category-business","category-elektronik","category-informatik","en-US"],"_links":{"self":[{"href":"https:\/\/enesordek.com\/wp-json\/wp\/v2\/posts\/3142","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/enesordek.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/enesordek.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/enesordek.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/enesordek.com\/wp-json\/wp\/v2\/comments?post=3142"}],"version-history":[{"count":2,"href":"https:\/\/enesordek.com\/wp-json\/wp\/v2\/posts\/3142\/revisions"}],"predecessor-version":[{"id":3148,"href":"https:\/\/enesordek.com\/wp-json\/wp\/v2\/posts\/3142\/revisions\/3148"}],"wp:attachment":[{"href":"https:\/\/enesordek.com\/wp-json\/wp\/v2\/media?parent=3142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/enesordek.com\/wp-json\/wp\/v2\/categories?post=3142"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/enesordek.com\/wp-json\/wp\/v2\/tags?post=3142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}