https support

[fizcris]

Is there an easy way to make it work with https?

Without having to set up a reverse proxy...

[Dilergore]

I kinda have the same question. Just set up https for HomeAssistant, modified the pyscript.conf file accordingly and now it seems like it is not working.

[Dilergore]

Okay, so my working setup is:

• Home Assistant set to SSL
  • using Let's encrypt (using CloudFlare challange)
  • server.domain.com is the domain which this way has an externally valid cert
• My external URL is homeassistant.domain.com
  • This is a CNAME record pointing to server.domain.com
  • Externally my router only accepting traffic from the CloudFlare edge
  • On CloudFlare I have proxy mode set for this traffic
  • My router is forwarding port 443 to the private IP of my HomeAssistant and to port 8123
• Internally server.domain.com points to the private IP of my HomeAssistant
• pyscript.conf is set to
  • hass_host pointing to server.domain.com
  • hass_url pointing to https://server.domain.com:8123

I think what we are missing is a flag in the pyscript.conf to accept untrusted SSL then it would work without needing a valid cert locally.

[charlesbaynham]

For my 2-cents, I was having the same trouble accessing the kernel from my LAN. The problem seemed to that

1. Direct internal access didn't work because the HTTPS certificate is invalid, since it points to my domain
2. Accessing via the domain worked for HTTPS, but then failed when Jupyter (or pyscript?) attempt to launch a connection on a randomised, high port number. These aren't forwarded through the router, so it fails.

To fix it, I enabled port forwarding from my router to my HA instance of all ports above 9999. This rewrites local accesses to the device, but also exposes those ports externally. That might be what you want: I didn't, so I also added a firewall rule preventing WAN access to the same ports on the router.

[acambitsis]

Thanks for the above solution. Would be great if there was a flag to ignore invalid cert for local https access?

[derkork]

As @charlesbaynham wrote, accessing behind a reverse proxy doesn't work because the reverse proxy will not forward the randomized ports. Would it be possible to support this usage scenario?

[zeratax]

i use a self signed cert and even though I installed the cert locally python still rejects it, which is probably also why i can’t connect via jupyter.

i see that this pr mentioned should allow me to just disable the check, but i don’t think the current released version includes this? the pyscript.conf doesn’t show this option and adding it doesn’t seem to do anything.

can i directly install the latest version or is this getting another release?

[mikejhill]

@zeratax for what it's worth, I was able to successfully manually apply the current master and use the new parameter from @acambitsis's changes in #21.

Current master: https://github.com/craigbarratt/hass-pyscript-jupyter/tree/a30ad3cf0dd3f5af2b57a8b39a9fa11f501db1d4

1. Pull the hass_pyscript_kernel directory and use to replace contents of site-packages/hass_pyscript_kernel/.
2. Remove __pycache__ in the same directory if present.
3. Add verify_ssl = False to pyscript.conf.