From 386eaf4848d885052b8c7370a46f88216726f9ff Mon Sep 17 00:00:00 2001 From: mano3m Date: Mon, 19 May 2025 12:13:34 +0200 Subject: [PATCH] Update tesla_fleet.markdown with NGINX public key hosting option. (#37703) --- source/_integrations/tesla_fleet.markdown | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/source/_integrations/tesla_fleet.markdown b/source/_integrations/tesla_fleet.markdown index ff30570ade4..f72272cce2b 100644 --- a/source/_integrations/tesla_fleet.markdown +++ b/source/_integrations/tesla_fleet.markdown @@ -44,7 +44,7 @@ You must have: - A [Tesla](https://tesla.com) account - A [Developer Application](https://developer.tesla.com/en_US/dashboard) -- A web domain and host that you can serve your public key file from. Some free options include: +- A web domain and host that you can serve your public key file from. Either locally (see [NGINX Home Assistant SSL proxy Add-on](https://github.com/home-assistant/addons/blob/master/nginx_proxy/DOCS.md) instructions below), or alternatively, with some free web-options (ordered from easier to more complex): - [FleetKey.cc](https://fleetkey.cc) - [MyTeslamate.com](https://app.myteslamate.com/fleet) - [AWS S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteHosting.html) @@ -54,6 +54,22 @@ You must have: {% include integrations/config_flow.md %} +{% details "Hosting a Public/Private Key Pair with the NGINX Home Assistant SSL proxy Add-on" %} + +While the [Tesla Fleet API documentation Step 3](https://developer.tesla.com/docs/fleet-api/getting-started/what-is-fleet-api#step-3-generate-a-public-private-key-pair) mentions this as a later step, it is recommended that you do this first to ensure key reachability before the rest of the integration. +With this method, it is assumed that the [NGINX Home Assistant SSL proxy Add-on](https://github.com/home-assistant/addons/blob/master/nginx_proxy/DOCS.md) is running as a reverse proxy for external access to your Home Assistant installation. + +1. **Open an SSH Terminal** on your Home Assistant installation using the [Terminal & SSH Add-on](https://www.home-assistant.io/common-tasks/os#installing-and-using-the-ssh-add-on). +2. Run this command to **create a private key**: `openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem` +3. Run this command to **create and associate a public key** with it: `openssl ec -in private-key.pem -pubout -out public-key.pem` +4. **Backup both these files** somewhere safe and private for access later. +5. **Copy the public key** file `public-key.pem` to `/share/tesla/.well-known/appspecific/com.tesla.3p.public-key.pem`. It needs to be exactly this location for Tesla's API to partner with your account correctly. +6. Create a **NGINX configuration file** `nginx_proxy_default_tesla.conf` in `/share` with: `echo 'location /.well-known/appspecific/com.tesla.3p.public-key.pem {\n root /share/tesla;\n}' > /share/nginx_proxy_default_tesla.conf` +7. Close the Terminal and go to Settings->Add-Ons->**NGINX Home Assistant SSL proxy**->Configuration page. Change the `customize.active` option from the default `false` to `true`. Leave the `config.default` option at its default value: `nginx_proxy_default*.conf`. +8. **Restart the NGINX Home Assistant SSL proxy Add-on** on the Settings->Add-Ons->NGINX Home Assistant SSL proxy->Info page and test if the public key file is accessible at `https://my.domain.com/.well-known/appspecific/com.tesla.3p.public-key.pem` + +{% enddetails %} + {% details "Hosting a Public/Private Key Pair" %} While the [Tesla Fleet API documentation Step 3](https://developer.tesla.com/docs/fleet-api/getting-started/what-is-fleet-api#step-3-generate-a-public-private-key-pair) mentions this as a later step, it is recommended that you do this first to ensure key reachability before the rest of the integration.