[Support]: Is it possible to access Frigate Docker Container instance via Home Assistant via a proxy (not an addon)

[LaurenceGough]

Describe the problem you are having

Hello,

I redone my whole setup over the last couple of days so I can run the latest Frigate Beta, I'm now using Docker containers for both Home Assistant and Frigate NVR on the same host. A painful process I don't wish to repeat ha...

Something I didn't realise was that the Frigate Proxy appears to be only available as an addon for Home Assistant supervised or HAOS. Are people running this as a Docker container somehow?

This means currently we cannot access Frigate outside of our home network, unless I'm doing something wrong?

As this is the recommended install method, how are people accessing it from outside their house?

Or is everyone just using a VPN, I'd rather not..

Thanks,

Laurence

Version

0.11.0-D2C3CDC

Frigate config file

N/A

Relevant log output

N/A

FFprobe output from your camera

N/A

Frigate stats

No response

Operating system

Debian

Install method

Docker Compose

Coral version

CPU (no coral)

Network connection

Wired

Camera make and model

N/A for this

Any other information that may be helpful

No response

[NickM-27]

I'm now using Docker containers for both Home Assistant and Frigate NVR on the same host

This is the way I have my setup going as well.

As this is the recommended install method, how are people accessing it from outside their house?

I haven't really found a need to access frigate itself outside of the home. Everything I would want (streams, events, notifications, etc.) are all able to come through home assistant or the frigate-hass-card

[LaurenceGough]

I'm now using Docker containers for both Home Assistant and Frigate NVR on the same host

This is the way I have my setup going as well.

As this is the recommended install method, how are people accessing it from outside their house?

I haven't really found a need to access frigate itself outside of the home. Everything I would want (streams, events, notifications, etc.) are all able to come through home assistant or the frigate-hass-card

Thanks Nick.

I wish I checked this before spending a couple of days work on this otherwise I wouldn't have made the switch. It's essential to me.

May I ask how you view events without accessing Frigate itself? This should be ok if this is possible.

Are you going via Media browser into events?

Perhaps I should do HAOS supervised then docker just for Frigate and use the proxy addon. That may be a solution. Hopefully the latest Beta works with that.

[NickM-27]

I use the frigate-HASS-card to view events. It has an event carousel, event picker, and even an event timeline in the current pre-release upcoming version.

[NickM-27]

Here's an example

[DrSpaldo]

Two options I guess would be to run the HA instance within a VM so you can use the supervised version. Note though, the Frigate Proxy addon is currently broken and due to be fixed on the next release. So that won't work, yet.

Second option is running with external access. There are two methods which I have enabled until I decide which to stick with. My latest option, which is by far the easiest, is to use Tailscale. It is a very very easy VPN. It essentially just creating a new IP address for your server to access. There are other ways you can also grant yourself access to your local IP's on an external device as well.

This video is pretty short and explains it quite well:

https://youtu.be/nzBQTJ2isOI

[blakeblackshear]

I run frigate on a dedicated subdomain behind a reverse proxy with Google authentication. I do the same for esphome, home assistant, and a bunch of other containers as well.

[NickM-27]

I run frigate on a dedicated subdomain behind a reverse proxy with Google authentication. I do the same for esphome, home assistant, and a bunch of other containers as well.

Oh dang, Google Authentication sounds really cool, better than basic http login!

Right now I have home assistant on a subdomain with nginx reverse proxy

[sys1aeg]

I use proxy manager(JC21) to do port forwarding and ACL since there is no userid and password

or Just use port foward from your router

[markfrancisonly]

Yes, it is possible and multiple people are doing it for sure

Currently I use pfsense's acme Let's Encrypt , wireguard, and HAProxy add-ons for free domain name validated SSL to encrypt traffic to frigate inside my lan. HAProxy has an access control list (ACL) that only allow access from specific sources inside my network, and then I use wireguard to vpn onto my lan, which satisfies the HAProxy ACL.

This setup requires that I connect to my frigate instance from a trusted device running wireguard, which is a disadvantage of using a vpn vs. pure http proxy auth, but then again all of my firewalled cameras load over WebRTC. For the added security, ability to access any device on my network, yeah it's worth going vpn

Inside Home Assistant, what you want to do is create a new dashboard, open the raw editor and paste the following:

views:
  - path: iframe
    title: Frigate
    type: panel
    cards:
      - type: iframe
        url: http://frigate-hostname:5000
        aspect_ratio: 100%
kiosk_mode:
  hide_header: true

Kiosk mode removes the header row so that you have a seamless experience. The version I'm using is maykar/kiosk-mode from HACS/github. unfortunately maykar has discontinued maintenance, but the frontend component is still working for the time being.

When you remotely connect through your vpn client to your lan, you will have access to your frigate instance.

[LaurenceGough]

Thanks all for the replies, lots to consider and think about. I already have a sort of faux VPN running on my devices all the time for a non root ad blocker to get rid of the worst ads, so I wanted to avoid the hassle, I've no need for a VPN apart from possibly using it for Frigate.

I must say the Frigate 11 Beta 2 build is incredibly fast and responsive when viewing events and seeking through them, super nice work there! This was an area that was a struggle before so it's super sweet to see this completely resolved, thank you!

However, even after setting up the AlexxIT's WebRTC Cards I am not happy with the responsiveness and many cutouts that the camera feed cards offer in Home Assistant - even with only two low res streams, it is much worse when not on your home network, I find 95% of the time the feeds don't even stay streaming then. When using the other streaming options it works OK but nothing amazing compared to Frigate's built in web UI.

I love the responsiveness and easy to use Frigate web UI, it just works great, the streams always work perfectly, easy pinch to zoom within the HA app, easy access to events and recordings, debug view with all the options all built in, wherever you are in the world - perfectly secure in a convenient package.

I wish there was a way to a standalone Frigate container with a non supervised, container version of Home Assistant, then all the web access is locked down and secured by default. It's handy and easy to set-up for people not as clever such as myself!

It seems a bit crazy to run the supervised HA in a container, sort of a docker in a docker system then, but I guess that is an option, it must add to resource and access overheads?

Blake when you talk about Google authentication could you go into further detail please, I take it you don't just mean run off the mill Google authentication MFA app, but some kind of advanced Google authentication setup? Is it seamless and responsive - say you need to check the cameras straight away, can you load it in a few seconds?

Thank you all again.

[NickM-27]

To be clear, you did try the frigate card right? https://github.com/dermotduffy/frigate-hass-card

Also not to speak for Blake but I went ahead and added something similar to my reverse proxy after hearing about that. In my case I use the oauth2-proxy docker container behind my nginx reverse proxy so I can go to frigate.{mymaindomain}.com and it asks me to sign in with Google at which point it takes me directly to frigate ui. I have the Google auth reset after a week (asks to sign in again) and it has worked well so far

[LaurenceGough]

To be clear, you did try the frigate card right? https://github.com/dermotduffy/frigate-hass-card

Also not to speak for Blake but I went ahead and added something similar to my reverse proxy after hearing about that. In my case I use the oauth2-proxy docker container behind my nginx reverse proxy so I can go to frigate.{mymaindomain}.com and it asks me to sign in with Google at which point it takes me directly to frigate ui. I have the Google auth reset after a week (asks to sign in again) and it has worked well so far

Hi Nick,

Yeah to confirm I am using the Frigate HASS card and I've also installed and setup the WebRTC integration.

Sweet, I actually have a spare domain which I could use for that although I did want to avoid having to spin up a proxy or add more services. I'll have to have a play anyway but yeah, I'm not sure if this could ever be implemented in a way which doesn't require the HA proxy addon. It'd be awesome for the not so tech savvy people such as myself and to keep resource use down as you wouldn't need to use HA supervised inside of docker, which seems like a very nested way of doing things if you wish to use the addon with a standalone Frigate installation, not to mention it's currently broken with this new Beta version anyway.

At least now all events and recordings are working well - they weren't working at all after reverting to the previous Beta addon to get Frigate access working again in HA. I guess the database was corrupted or something, but good luck fixing it with the HA supervised addon version.

I wonder if a docker container version of the Frigate Proxy Home Assistant Addon is even possible, I understand they are based on containers but my brain is frazzled. :D

[NickM-27]

I'm not sure if this could ever be implemented in a way which doesn't require the HA proxy addon

I wonder if a docker container version of the Frigate Proxy Home Assistant Addon is even possible, I understand they are based on containers but my brain is frazzled. :D

I'm not sure what you mean, with the proxy approach the only thing the HA proxy addon does is add Frigate to the sidebar as opposed to accessing it through the domain directly in a browser, which I don't see as that much of a difference?

[LaurenceGough]

I'm not sure if this could ever be implemented in a way which doesn't require the HA proxy addon

I wonder if a docker container version of the Frigate Proxy Home Assistant Addon is even possible, I understand they are based on containers but my brain is frazzled. :D

I'm not sure what you mean, with the proxy approach the only thing the HA proxy addon does is add Frigate to the sidebar as opposed to accessing it through the domain directly in a browser, which I don't see as that much of a difference?

I've never actually used the HA Proxy addon, my understanding is it gives the full Frigate experience as running the native HA Frigate Addon? Which appears to be the exact same UI/Experience as running a seperate Frigate container and accessing that directly via its IP.

I was assuming that this HA proxy addon then allows it to work outside of your home network, externally, provided of course you have setup secure HA access externally. Which is nice as it's all contained in one service, with one certificate, easy to setup/use etc.

Perhaps I am totally misunderstanding it (probably).

[NickM-27]

I was assuming that this HA proxy addon then allows it to work outside of your home network, externally, provided of course you have setup secure HA access externally

I believe it would work that way, but that's because supervised HA itself allows this to be the case.

The thing is (at least as far as I know) the core of the logic you are looking for belongs to HA itself (services running in supervisor available through nabu casa) which the container doesn't support, would need to be added by HA team.

[LaurenceGough]

Thanks Nick and ahhhh, I've just found out about the discussions/requests area, my apologies this should have been in the request area.

[blakeblackshear]

In my case I use the oauth2-proxy docker container behind my nginx reverse proxy so I can go to frigate.{mymaindomain}.com and it asks me to sign in with Google at which point it takes me directly to frigate ui.

This is what I do as well. I use Traefik now, but have also used oauth2_proxy in the past with nginx. The downside is you can't authenticate if your internet is down. I think I saw that home assistant added the necessary endpoints to "sign in with home assistant" in the last release, so that could be another option.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[rickgitdone]

https://www.digimoot.com/frigate-nvr-linux-manual-install/

This link shows how to install Frigate as standalone docker and also how to integrate into Home Assistant via HACS ... This method allows you to map external storage to /media ... the issue then is re-mapping the frigate.db to a custom path .. I used /config/frigate.db << if you place the db on any external mapping you will get database is locked error >> and this is not documented anywhere

[NickM-27]

@rickgitdone I have added a PR to add a FAQ to address this issue should it come up https://github.com/blakeblackshear/frigate/pull/3456

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[NickM-27]

Closing this as stale bot seems to have missed it.