Not a networking expert although I have a couple of work domains, my. router is secured by firewall and VPN and I can access HAOS fine from outside the network either with my own VPN connected or Nabu Casu. I subscribe to Nabu Casa as they should all have our support.
Sometimes it causes an issue like when a component needs to specifically be configured either http or HTTPS (Plex from HACs). So as it is today, those things work either from inside or outside the network but not both.
Any compelling reason to only connect to my instance of HA through https and based on the above, what’s my easiest way?
To be honest, I used to run HTTPS only internally and eventually just went back to HTTP. While having the extra security was welcomed, the pain of managing certs, terminating SSL and other headaches, I decided to ditch it and just use standard HTTP for pretty much everything internally. I am very vigilant about my firewall rules and what apps and services are allowed on my management VLAN enough that I’m not really worried about encrypted connections internally.
If it is trusted internal (not over WAN) network you control http is OK.
If you are on network that you do not control, connect over the internet, or have untrusted friend or relative with IT knowledge that are just complete anarchists that live to create trouble for you, then yes, https.
The (2) main purposes of HTTPS are to verify the identity of the website you are connecting to and to encrypt your traffic to and from that website.
Z-Wave JS UI requires that you setup https to scan Z-Wave QR CODES. So that’s why I have it setup I’m my environment.
Edit: The easiest way to set up https is to use a program called XCA. It’s a GUI based program for Windows. After you set it up It’s so easy to use that I can generate certificates for new hosts in 10 seconds.