![]() ![]() There must be something else I need to do? If I insert a Local DNS Record on PiHole to redirect my name to my local IP for my Home Assistant it results in a “retry” connection screen and won’t come up. I just tried this because I have pihole on my network and it doesn’t work. When on the LAN with that setup, you will not go through the proxy. If you are able to manage opnsense, you can do it So, everyone will be happy: HA continue using HTTPS, your browser will not complain about the mismatch for the IP address vs. With PiHole on your LAN (always useful, avoid ads!) you can have a “fake” DNS server and resolve as your local IP. avoid the whining of the browser when you do httpS://HA_IP_ADDRESS:8123 you can install yet another tool.keep HA on HTTPS and nevertheless have the proxy for external access.Your opnsense firewall will need to punch a lot of holes to make it work and I am not sure it will even work. From a network point of view, it doesn’t make a lot of sense to proxy on the LAN to an external IP. If that is the case, then on NGINX you should proxy to the internal IP and not duckdns one. If from your LAN, you go to http S://HA_IP_ADDRESS:8123 it should work with a warning from the browser. However, at the moment, you have HA running with HTTPS (and duckdns)? So, the message from Tinkerer is just that. Normally if you have an HTTPS proxy, then, there is usually no real need to run HTTPS on HA as well.A native, not proxied HA instance is using HTTP or HTTPS but not both.Is it true that when there’s a proxy I won’t be able to use the external address from within my home network to get to HA? ![]() ![]() If you’re using a proxy server then your internal URL for Home Assistant on 192.168.0.42 will look like: Breaking up the connection on the firewall (down- and upstream are using TLS).Yesterday, I found this page: that explains a few methods to implementation, similar to what I’m talking about: Because of that, I’d rather have my own version of it that I control. Anyway, I see the cloud as something powerful but also potentially nefarious. I’ve found that there are open sourced apps like Nextcloud and Owncloud which can be used for the same cloud-like Google Photos experience allowing me to seamlessly take pictures and back them up to storage (at home). The main reason I’d like to move on this right now is because of Google Photos locking down their storage space. I’m sure the further we go, the more I’m going to want to expose so I’d like to understand how to do it and implement this solution now. Some of the services, like Home Assistant, already have TLS coverage and some do not. I’ve now got a few services that I’m hosting and I’d like to put them all behind a security layer so I don’t need to kick off OpenVPN when I want to use something remotely. I like the idea of seamless use of mobile apps integrated with my home network via solid encryption. I don’t like using the VPN except in an emergency because takes extra steps and time. I can use the Android app to get to my home new work and it works great. Thanks yeah, I have that set up and I’m also using TOTP with it for 2-step security. OPNsense allows some of that but it seems to be all menu driven…Īnyone have a good resource for setting up OPNsense to handle reverse-proxy using nginx or HAProxy for Home Assistant? Is there a way to enable both secure HTTP and insecure at the same time? I found a few threads in the community of people who are using nginx reverse-proxy with Home Assistant possibly in TLS mode but it looks like they’re running it manually so they’ve hacked the config files. I think that’s why I cannot get to HTTP version of my Home Assistant, only HTTPS. I’ve already set up my HA installation with the duckdns add-on and let’s encrypt is running on it. After several hours of Googling lots of various terms and trying nearly everything I could find, I gave up. I tried nginx for a while, and then HAProxy and then back to nginx. OPNsense has plug-ins for let’s encrypt and nginx or HAProxy so I spent the better part of today trying to get it working with Home Assistant. I really want to offload my let’s encrypt/duckdns stuff to my router (running OPNsense) so I can host more services behind TLS. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |