I have my own domain and use a Cloudflare tunnel (via CloudFlared) to access my instance via https://ha.mydomain.com/. I’m in the process setting up a tablet with Fully Kiosk Browser to mount on the wall. I created a tablet user with local access only. For obvious reasons, if I try to login with that user via the domain above it errors our because that user doesn’t have remote access. I can access locally via https://ha-ip-address.lan:8123 but Fully Kiosk doesn’t seem to do well with insecure connections. I also seem to not be able to access it via http only (I thought I used to be able to do that but haven’t tried in a few years).
What is the proper procedure to set this up so I can access via SSL (or http) locally with a local only user? I also ideally do not want the tablet to have internet access. I thought I could just create a DNS rule in Pi-Hole to redirect my domain to the local IP but it seems I can’t specify port numbers in Pi-Hole.
Any thoughts?
EDIT - It seems that in order for Frigate WebRTC feeds to work I need to connect via SSL, so it seems that http is not an option.
You can use the NGINX Proxy Manager addon to handle SSL and port mapping for you. Pi-hole DNS would send the request to NPM, and that would proxy the request to your http://ha-ip-address.lan:8123/.
It would be easier to set up a different subdomain to access internally (eg ha-int.mydomain.com). If you use the same domain internally and externally, for the last month or so, people (including me) have been having intermittent problems (eg here). However I have recently tried this possible solution and it seems to have worked for me.
Probably to http instead of https.
No idea of using a proxy to to forward from https to https and https do not work with IP addresses on most certificates.