Open virtualbitzz opened 3 months ago
llamafilm
commented
3 months ago The port can be configured in the addon settings. It defaults to 4430. It works fine on my machine running HAOS. You should see a response like this:
% curl -k https://192.168.4.5:4430
{"response":null,"error":"client did not provide an OAuth token","error_description":""}
virtualbitzz
commented
3 months ago I have my port set to 17560, yet the log shows its trying on 443. What am I missing? It doesn't appear to matter which port I attempt to use, in the logs it always attempts to curl on 443
EDIT: I'm running the HA provided VM image on Proxmox. I have at least a dozen other add-ons running on this VM.
llamafilm
commented
3 months ago Please share more details of your curl attempt and the logs.
Sebazzz
commented
2 months ago I'm kind-of in the same boat. I have my network services on my home network proxied behind NGINX proxy manager - so I have no need for the Home Assistant NGINX add-on - but it seems there is dependency on having the nginx proxy requests for the Tesla add-on.
baylanger
commented
2 months ago I'm kind-of in the same boat. I have my network services on my home network proxied behind NGINX proxy manager - so I have no need for the Home Assistant NGINX add-on - but it seems there is dependency on having the nginx proxy requests for the Tesla add-on.
Did you try to search in Issues and Wiki areas? I’m pretty sure someone got this working. You can probably manually configure the proxy manager. If you look around in the files in this repo, you’ll find the proxy configuration.
Sebazzz
commented
2 months ago Did you try to search in Issues and Wiki areas? I’m pretty sure someone got this working. You can probably manually configure the proxy manager. If you look around in the files in this repo, you’ll find the proxy configuration.
I did but I'm not completely following how this add-on even works. From there I can start working towards a solution.
I see there are a few moving parts:
Sebazzz
commented
2 months ago Alright, I made some small progress:
<proxy manager>/data/tesla and added these directives to the nginx proxy:proxy_set_header Host tesla-ha.xxxx;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
return 404;
}
location = /favicon.ico {
log_not_found off;
}
location = /robots.txt {
log_not_found off;
}
location /.well-known/appspecific/com.tesla.3p.public-key.pem {
root /data/tesla;
try_files /com.tesla.3p.public-key.pem =404;
}Unfortunately, I'm stuck at this part:
Using the Home Assistant iOS app, open the Addon Web UI and click Enroll public key in your vehicle. This should launch the Tesla app where it prompts for approval to "allow third-party access to your vehicle". If you have multiple vehicles, you'll need to do this on each of them. Your Tesla app must already be key-paired with the car.
It unfortunately does not open the Tesla app on iOS, but instead opens the web browser - showing that I need to install the Tesla app and then tap "Finish installation" (tapping this button does nothing).
edit: Changing default browser to Safari fixed this.
baylanger
commented
2 months ago @Sebazzz Have you read this discussion ?
If you still need help, please ask in the Discussion above.
virtualbitzz
commented
2 months ago I have my port set to 17560, yet the log shows its trying on 443. What am I missing? It doesn't appear to matter which port I attempt to use, in the logs it always attempts to curl on 443
EDIT: I'm running the HA provided VM image on Proxmox. I have at least a dozen other add-ons running on this VM.
I'm still having the same problem. I cannot determine which port the addon is trying to use on the host. The logs continue to tell me this
curl: (28) Failed to connect to virha.domain.net port 443 after 2001 ms: Timeout was reached
Warning: Problem : timeout. Will retry in 16 seconds. 10 retries left.I have tried using nmap to check for open ports. All of them were closed. 80, 443, 4430, the port that I specified in my earlier example, 1760. All closed.
llamafilm
commented
1 month ago Your public facing port must be 443, that is a requirement from Tesla.
That curl message is trying to reach the public key which is actually hosted by nginx, not by this container. Nginx normally listens on port 443 and I've never tried changing it.
After you get past that part, the proxy in this container listens on port 443 which is exposed as 4430 by default, and that can be changed in the addon config.
techwolfpl
commented
1 month ago I have a similar problem. My logs are similar:
[08:41:48] INFO: Testing public key... curl: (28) Failed to connect to tesla.techwolf.pl port 443 after 2001 ms: Timeout was reached
When I tried to access addon via my host ip it is unavailable, but addon is started, the status is green...
I have kong with letsencrypt configured on my gateway machine and it cant reach addon:
llamafilm
commented
1 month ago I suggest you read the docs. The add on does not serve any HTTPS traffic until after your public key is working properly. The key is hosted by Nginx, so you need to find out why that part isn't working.
techwolfpl
commented
1 month ago What do you mean my public key ? You mean ssl? SSL is working fine. I get secure connection to nginx(kong) but I cant connect from kong to the addon
techwolfpl
commented
1 month ago Maybe I will describe What is my setup. My system gateway is kong (nginx on steroids) that enriches all the traffic with ssl. As you described in the configuration I have tesla proxy addon launched with my domain name that is ssl enabled and port is 4430
Now on kong i have configured route my domain -> ip address of vm with home assistant, port 4430 where addon is running. But addon is not responding on this port so also it cant publish well-known file..
d1scolor
commented
1 week ago Maybe I will describe What is my setup. My system gateway is kong (nginx on steroids) that enriches all the traffic with ssl. As you described in the configuration I have tesla proxy addon launched with my domain name that is ssl enabled and port is 4430
Now on kong i have configured route my domain -> ip address of vm with home assistant, port 4430 where addon is running. But addon is not responding on this port so also it cant publish well-known file..
As I understand it, the add on does not serve the well-known file. The guide assumes you'll use the Home Assistant nginx add-on to serve the file. In your case, if you do not want to set up the add-on, you can copy the com.tesla.3p.public-key.pem file generated on your VM to your gateway system and add some configuration to your nginx to expose it, see example configuration below:
server {
listen 443 ssl;
server_name tesla.example.com;
ssl_certificate /etc/nginx/ssl/www.example.com/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/www.example.com/www.example.com.key;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
return 404;
}
# static public key for Tesla
location /.well-known/appspecific/com.tesla.3p.public-key.pem {
root /var/local/tesla; #change to the actual location where you're storing the .pem file on your gateway
try_files /com.tesla.3p.public-key.pem =404;
}
location = /favicon.ico {
log_not_found off;
}
location = /robots.txt {
log_not_found off;
}
access_log /var/log/nginx/tesla.example.com_access.log;
error_log /var/log/nginx/tesla.example.com_error.log;
}
WhippingBoy01
commented
1 week ago There seems to be a mismatch with the exposed ports, this seems to fix it for me https://github.com/llamafilm/tesla-http-proxy-addon/compare/main...WhippingBoy01:tesla-http-proxy-addon:main
The problem
I can see that I can configure the port that will be used as part of the external URL, but what port is the add-on exposing on the Home Assistant machine? I'm trying to use a separate internal and external port for this service (17560), but use the same external FQDN as Home Assistant, that way I can use the same fqdn and cert as HA. I'm using a Fortigate as an external SSL proxy.
If I nmap home assistant's IP directly (this is the only IP on the box, which is set via DHCP and reserved on the DHCP server) I don't get a response on the port that I set, or 80 or 443 for that matter (I use a random port number for http on HA)
What version of the addon are you using?
2.2.7
What version of Home Assistant Core are you using?
2024.6.1
What type of installation are you running?
Home Assistant OS
What version of Tesla integration are you using?
No response
What region of Tesla API are you using?
North America, Asia-Pacific
What model and year is your vehicle?
2020 Model 3
What is your domain name (FQDN)?
the real URL CNAME's to this mic-2.fortiddns.com
Paste the log output from the addon here
Any additional context or screenshots that help explain the issue
No response