-
Notifications
You must be signed in to change notification settings - Fork 99
Proxy setup with DuckDNS and Nginx
Important clarification: I use my nabu-casa URL to access HA, so I hadn't configured anything regarding domains and other settings before installing the proxy.
Summary of steps:
- Create a DuckDNS domain.
- Install the DuckDNS addon.
- Install the NGINX Home Assistant SSL proxy addon.
- Install the tesla_http_proxy addon.
- Redirect port 443 on your router.
- Start the addons.
- Create a Tesla developer account.
- Configure tesla_http_proxy.
- Configure vehicles.
- Go to the duckdns.org website.
- Log in using one of the provided services.
- Create a domain name through the interface. In the following, the domain name will be
tesla.duckdns.org. - Ensure that the assigned IP is correct; update manually if necessary.
- Copy the domain name and token from this page.
Complete documentation can be found here. In summary:
- From the Home Assistant interface, go to Supervisor -> Add-on Store.
- Search for the DuckDNS addon and click on it.
- Click on Install.
- Addon Configuration:
domains:
- tesla.duckdns.org
token: <your_token>
aliases: []
lets_encrypt:
accept_terms: true
algo: secp384r1
certfile: fullchain.pem
keyfile: privkey.pem
seconds: 300Complete documentation can be found here. In summary:
- Install the NGINX Home Assistant SSL proxy addon as you did for DuckDNS.
- Add the following block to the configuration.yaml file of Home Assistant (in the /config directory):
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24- Addon Configuration. Note that the main domain is different from
tesla.duckdns.org. I intentionally use a dummy domain because I don't use NGINX to access my HA instance externally:
domain: core-nginx-proxy
hsts: max-age=31536000; includeSubDomains
certfile: fullchain.pem
keyfile: privkey.pem
cloudflare: false
customize:
active: true
default: nginx_proxy_default*.conf
servers: nginx_proxy/nginx_*.confComplete documentation can be found here. In summary:
- Add the GitHub repo to the add-on store:
- Navigate to the add-on store.
- Click on the three dots in the top right, then on Repositories.
- In the Manage add-on repositories window, add the GitHub repo URL:
https://github.com/llamafilm/tesla-http-proxy-addon
- Install the addon as you did for the other two.
- Initial Configuration:
client_id: ""
client_secret: ""
domain: tesla.duckdns.org
debug: true
regenerate_auth: false
region: Europe, Middle East, AfricaFrom your router interface, redirect traffic on port 443 to your HA instance (IP of the client or VM running it). The method varies for each device depending on its interface.
- Launch DuckDNS. Wait a few moments.
- Then launch Nginx. Wait a few moments.
- Start the HTTP proxy. Wait a few moments. It will crash with an error like: FATAL: Fix public key before proceeding. This is normal at this stage; do not try to resolve it.
- Restart Nginx.
At this stage, check that your public key is accessible at https://tesla.duckdns.org/.well-known/appspecific/com.tesla.3p.public-key.pem.
Go to the developer.tesla.com website. For those concerned about creating an account, it seems okay according to what's mentioned on the official GitHub.
Fill out the form with the following parameters:
-
Business Details - will differ based on your country
- Business Name: Personal Use
- Country/Regions: France
- TAX ID: FR00000000000
- Address Line 1: My Home
- City: My City
- Zip Code: 00000
-
Application Access Request
- Application Name: Tesla-Endpoint
- Purpose of Usage: Personal use.
-
Application Access Request
- Authorization Code and Machine to Machine
- Allowed Origin URL(s): https://tesla.duckdns.org
- Allowed Redirect URL(s): https://tesla.duckdns.org/callback
-
Application Access Request Check the boxes:
- Profile Information
- Vehicle Information
- Vehicle Commands
- Vehicle Charging Management
At this stage, your request will be submitted to Tesla. In my case, it was immediately approved. You'll then arrive at the developer dashboard and can access your application.
Copy the Client ID and Client Secret.
Back in HA, on the proxy configuration page, enter the client ID and client secret.
Restart the addon. At this stage, you should be able to access the UI.
Subsequently:
- Click on "Login to Tesla account".
- Authenticate with your credentials.
- You'll be redirected to a URL that will generate a 404 error.
- Copy the URL and paste it in the field provided in the addon interface (below Login to Tesla account).
- Click on "Generate token from URL".
- The refresh token will be displayed. Make sure to copy it.
- Assuming you are using HACS: in HACS > Integrations > Explore & Add Repositories search for "Tesla". Add https://github.com/alandtse/tesla as a custom repository.
- Restart Home Assistant.
- In the HA UI go to "Settings" -> "Devices & Services" then click "+" and search for "Tesla Custom Integration".
- In the setup modal, check "Use fleet API proxy" and click "Submit".
- On the next page, fill out your e-mail address and the refresh token that you copied in the previous section. Everything else should already be filled out for you.
- Click "Submit" to finish setting up the Tesla Custom Integration.
You will now have read-only access to your vehicle(s) and other assets. Just one more step to go:
Steps to repeat for each vehicle:
- Sit in the vehicle with your phone.
- Open the Home Assistant app and go to the proxy addon interface.
- Press Enroll public key in your vehicle.
- A confirmation will be requested to authorize access to your vehicle. Grant access after verifying the domain name.
- If everything goes well, after a few moments, a validation message will be displayed, and you should see a new key in the list of authorized keys for your car. The mention fleet key should be present.