dream/ 十二月 12, 2018/ linux, 服务器, 树莓派/ 0评论

本文中介绍了在hassbian环境下通过duckdns和Let’s Encrypt实现home assistant的前端页面https访问的。

一. 环境:

树莓派3B+,hassbian 0.10.1

二. 注册duckdns

前往duckdns(https://www.duckdns.org/domains),注册一个子域名,并指向自己的ip(如果没有外部ip,可在路由器设置端口转发,参考通过端口转发实现内网穿透),同时记录下token值。

三. hassbian中安装duckdns

远程连接至树莓派。切换至用户mossbian,并安装duckdns。安装时如果是覆盖安装,需要手动删除duckdns和dehydrated文件夹,并添加–force选项。安装过程中请注意输入域名和token值。

pi@mossbian:~ $ sudo su -s /bin/bash homeassistant 
homeassistant@mossbian:/home/pi $ sudo hassbian-config install duckdns --force
homeassistant@mossbian:~ $ sudo hassbian-config install duckdns --force
Duck DNS 自动更新及 SSL 证书自动生成
原创:Ludeeus <https://github.com/ludeeus>.
本地化:cxlwill <http://cxlwill.cn>.

Please take a moment to setup autorenewal of duckdns.
If no choice is made the installation will exit.

(if your domain is 'example.duckdns.org' type example)
Domain: ***.duckdns.org
Token: 448d0cdf-****-****-****-6d0885792117

Do you want to generate certificates to use SSL(https)? [N/y] : y
Changing to homeassistant user...
正克隆到 'dehydrated'...
remote: Enumerating objects: 8, done.
remote: Counting objects: 100% (8/8), done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 1922 (delta 1), reused 4 (delta 1), pack-reused 1914
接收对象中: 100% (1922/1922), 637.08 KiB | 353.00 KiB/s, 完成.
处理 delta 中: 100% (1200/1200), 完成.
dreamoftime.duckdns.org
CHALLENGETYPE='dns-01'
HOOK='./hook.sh'
# INFO: Using main config file /home/homeassistant/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
+ Done!
# INFO: Using main config file /home/homeassistant/dehydrated/config
Unknown hook this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script
 + Creating chain cache directory /home/homeassistant/dehydrated/chains
Processing dreamoftime.duckdns.org
 + Creating new directory /home/homeassistant/dehydrated/certs/dreamoftime.duckdns.org ...
Unknown hook this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for dreamoftime.duckdns.org
 + 1 pending challenge(s)
 + Deploying challenge tokens...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--    0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--    0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--  100     2    0     2    0     0      1      0 --:--:--  0:00:01 --:--:--     1
OK
 + Responding to challenge for dreamoftime.duckdns.org authorization...
 + Challenge is valid!
 + Cleaning challenge tokens...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--    0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--    0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--  100     2    0     2    0     0      1      0 --:--:--  0:00:01 --:--:--     1
OK
 + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
 + Done!
Creating duckdns folder...
Creating a script file to be used by cron.
Setting premissions...
Creating cron job...
Restarting cron service...
Checking the installation...

Installation done..

Remember to update your configuration.yaml to take advantage of SSL!
Documentation for this can be found here <https://home-assistant.io/components/http/>.

完成后应当能够在/home/homeassistant/dehydrated/certs/***.duckdns.org/目录下至少有一组签名文件。

homeassistant@mossbian:~ $ ls /home/homeassistant/dehydrated/certs/dreamoftime.duckdns.org/
cert-1544605009.csr  chain-1544605009.pem      privkey-1544605009.pem
cert-1544605009.pem  chain.pem                 privkey.pem
cert.csr             fullchain-1544605009.pem
cert.pem             fullchain.pem

四. 修改配置文件并重启服务

修改配置文件configuration.yaml。

sudo vim /home/homeassistant/.homeassistant/configuration.yaml 

添加http项。

http:
  ssl_certificate: /home/homeassistant/dehydrated/certs/***.duckdns.org/fullchain.pem
  ssl_key: /home/homeassistant/dehydrated/certs/***.duckdns.org/privkey.pem
  base_url: ***.duckdns.org:8123

保存退出,然后重启homeassistant服务。

sudo systemctl restart home-assistant@homeassistant.service

五. 可能遇到的问题

如果打不开网页了,请检查日志。如果是SSL无法启动,检查是否已成功申请到ssl证书至/home/homeassistant/dehydrated/certs/。

如果出现权限不够问题,可以修改证书文件所有者为homeassistant,或者删除/home/homeassistant/dehydrated和/home/homeassistant/duckdns后使用homeassistant用户重新安装duckdns。

参考链接:

https://home-assistant.cc

https://github.com/home-assistant/hassbian-scripts/blob/master/docs/duckdns.md

点击数:418

Share this Post

说点什么

avatar
300
  订阅  
提醒