Access HA Externally using Reverse Proxy

Getting a bit stuck accessing my homeassistant instance from outside my home network, and I’m wondering if it’s related to previous issues I’ve had getting SSL certificates due to ISP incoming port blocks on Port 443.

Basically, I can access the gui internally using home.XXX.duckdns.org, and would like to do the same when I’m not home. As this address is using port 443 to access my home network, I’m wondering if I’m going to have to use a port forward and use the format “home.XXX.duckdns.org:8123” or something similar? I’d love to keep the simple subdomain, but I don’t know how to make that subdomain use a port other than 443 for external traffic!

What I mean is, could I modify nginx in some way such that when I try to access “home.XXX.duckdns.org” it doesn’t use Port 443 externally? I assume that’s not how it works, but it’d be helpful if I could make it work that way!

This issue applies to all my docker containers, not just homeassistant (Heimdall, Portainer, PiHole etc).

To clarify my setup - I’m running Raspbian on an Raspberry Pi 3B+ with home-assistant running in a docker container. I have nginx setup through the linuxserver/letsencrypt image, and am using this as a reverse proxy to access home assistant. Home assistant is running on a docker bridge network, not the host (and I can confirm access through NGINX is set up correctly because I can access it on my local network).

Another question - assuming I do get this working, I’m not sure what security measures I should put in place to keep my home assistant container secure? Or is that not much of an issue when using nginx?

I use Caddy… not NGINX and it does exactly that. Caddy can use the DNS challenge for SSL certificates from LetsEncrypt so no open ports are required and I have a hing numbered port opened to accept incoming sonnections so my port 443 is not exposed or open.

Oh right! I have been using the DNS challenge for SSL certificate creation, but I didn’t realise you could use the same method for accessing subdomains through a browser.

Is there a name for doing this? I’d be interested to see if I can figure out how to set this up with nginx.