I’m running NCP 26.0.2 which deploys my routers ( FRITZ!Box 7590 AX) ports 80/443 as usual to the net. I want to use NCP’s Apache2 itself as a reverse proxy to expose my “homeassistant.home.net” instance to the same port 443 in order to adress my homeassistant via https. The reason to do it like this is: Letsencrypt certificates exist for the whole domain incl. subdomains thru cname records.
These are the sites config files
GNU nano 5.4 /etc/apache2/sites-enabled/000-default.conf
<VirtualHost _default_:80>
DocumentRoot /var/www/nextcloud
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^.well-known/acme-challenge/ - [L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
LimitRequestBody 0
</Directory>
</VirtualHost>
GNU nano 5.4 /etc/apache2/sites-enabled/nextcloud.conf
### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN ###
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/www/nextcloud
ServerName nextcloudpi.xxx.xx
CustomLog /var/log/apache2/nc-access.log combined
ErrorLog /var/log/apache2/nc-error.log
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/nextcloudpi.xxx.xx/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nextcloudpi.xxx.xx/privkey.pem
# For notify_push app in NC21
ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ http://127.0.0.1:7867/
ProxyPassReverse /push/ http://127.0.0.1:7867/
</VirtualHost>
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
LimitRequestBody 0
SSLRenegBufferSize 10486000
</Directory>
<IfModule mod_headers.c>
GNU nano 5.4 /etc/apache2/sites-enabled/homeassistant.conf
<VirtualHost *:80>
ServerName homeassistant.xxx.xx
ProxyPreserveHost On
ProxyPass /.well-known !
ProxyPass / http://192.168.1.90:8123/
ProxyPassReverse / http://192.168.1.90:8123
</VirtualHost>
#<VirtualHost *:443>
#
# ServerName homeassistant.xxx.xx
# ProxyPreserveHost On
# ProxyPass /.well-known !
# SSLEngine on
# SSLCertificateFile /etc/letsencrypt/live/nextcloudpi.xxx.xx/fullchain.pem
# SSLCertificateKeyFile /etc/letsencrypt/live/nextcloudpi.xxx.xx/privkey.pem
# ProxyPass / http://192.168.1.90:8123/
# ProxyPassReverse / http://192.168.1.90:8123/
#</VirtualHost>
Furthermore the subdomain is covered by the Letsencrypt certificate, ncp itself is listet under the “trusted proxies” section in config.php , external access is configured in homeassistant’s configuration.yaml
I tried different setups but none was successfull . You can see the <VirtualHost *:443> part commented out.
Is my approach generally ok ? What do I oversee?