Closed baylanger closed 6 months ago
baylanger
commented
6 months ago Open this add-on Web UI in the iOS Home Assistant app and click Generate OAuth Token
Can it be changed to something like ...
Using Home Assistant Companion app or a Web browser, open this add-on and click Generate OAuth Token
baylanger
commented
6 months ago Open this add-on Web UI in the iOS Home Assistant app and click Generate OAuth Token
Can it be changed to something like ...
Using Home Assistant Companion app or a Web browser, open this add-on and click Generate OAuth Token
I just noticed the following:
Return to the add-on Web UI and click Enroll public key in your vehicle. This will launch the Tesla app where it prompts for approval.
The first step above could be done using a Web browser but not the 2nd one.
llamafilm
commented
6 months ago This will not work on a PC because enrolling the public key links you to the Tesla app. I guess it should work on Android too but I don’t have one to test.
You’re right, the home.example.com does not need to be public.
baylanger
commented
6 months ago I was looking into the nginx_tesla.conf and the 2 files in the templates directory.
If someone sets "Allowed Origin tesla.example.com" , is this FQDN defined everywhere in this add-on OR per what I see in nginx config, is it true to say only ' /callback " is relevant for the add-on to work properly? In other words, if home.example.com already points to Home Assistant public IP, is it possible to set "Allowed Origin home.assistant.com" instead of having to create a new "tesla" DNS entry. If I'm offtrack, let me know where to look.
Obviously, like in my case, if someone has no public IP pointing to their Home Assistant, then creating a DNS entry w/ public IP is required.
[edit] rewording...
baylanger
commented
6 months ago I think I'm even more confused after looking at the code... there must be something I don't quite understand unless there's a typo.
Is DOMAIN in run.py is taken from the following add-on configuration entry: "Fully Qualified Domain Name, lowercase w/o https, e.g. home.example.com"
Is the home.example.com the proper example name or should it be tesla.example.com ?
Per this in run.py:
'redirect_uri': f"https://{DOMAIN}/callback"Isn't the callback going to tesla.example.com/callback and not home.example.com ?
Hi,
I was reading the docs and was going to make changes to make a PR, then I figured I should ask.
I wanted to confirm the following, note L7 filtering is via Cloudflare:
Create a DNS record tesla.example.com that points to your public IP Firewall L4 ACL : allow traffic from any public IP to Home Assistant NGINX add-on port 443 Firewall L7 ACL : allow traffic to tesla.example.com/callback [edit 3] To prevent rogue actors to hit the add-on, looks like this entry could be tesla-random-name.example.com. this can probably be limited by country based on the location of Tesla servers and possibly limited even more with Tesla Fleet IPs resolved from a list of FQDNs or ASN 394161 filtering if Tesla API IPs are part of their ASN netblocks.
I don't necessarily plan to update the docs with all mentions of the above.
DNS IP entries... I understand that tesla.example.com home.example.com must be the public IP to reach Home Assistant but is it a requirement for home.example.com to also have a public IP address? For some people, including myself, at home or away I always reach my Home Assistant via a private IP using a VNP (WireGuard) that opens a direct connection on my router. Companion app never reaches Home Assistant over a public IP. Will such a setup break how the proxy/Tesla Fleet API or home.example.com on public Internet DNS must resolve also to a public IP?
[edit # 2] Per the doc I had improperly set the callback origin to home.example.com instead of tesla.example.com , I removed my 1st edit above after realizing I had an error on my setup.
Based on replies, I'll try to make changes to the doc to clarify anything.
Thank you!