Aegis – no more hand-editing Nginx/Envoy configs. AI sets up your reverse proxy and TLS from plain English

Share your Projects!
,
1

Hey HA community!

If you want to access your Home Assistant from outside your home — away from your local network, from your phone, from work — you need a reverse proxy with proper HTTPS. Setting one up means
diving into Nginx or Envoy configs, getting TLS right, restarting services, and debugging why it still isn't working. Most people either give up or spend a weekend on it.

That's what Aegis fixes.

The problem it solves:
Configuring a reverse proxy manually — whether Nginx, Traefik, or Envoy — means editing config files, restarting services, and hoping you didn't miss a semicolon. One wrong field and your service
is down. TLS config especially is notoriously fiddly to get right.

What Aegis does differently:
Instead of editing files, you talk to Owl :owl: — an AI assistant built into the dashboard. You type something like:

"Set up HTTPS for my Home Assistant instance using Let's Encrypt"

Owl creates the reverse proxy route, runs the ACME challenge, issues the cert, and wires it to your listener — all validated before it touches Envoy. No YAML. No restarts. No typos.

TLS — all the options, zero manual config:

  • Let's Encrypt / ZeroSSL — automatic issuance and renewal, HTTP-01 and DNS-01 (Cloudflare, Route 53, GoDaddy)
  • Local CA — for LAN setups with no domain. Instant certs, just install the Root CA in your browser once
  • Manual / Webhook — bring your own certs if you have an existing CA

Everything else:

  • Real-time traffic dashboard — every request to your server, live
  • Auto IP blocking — AI patrol sweeps classify traffic and block bots/scanners
  • Runs on ARM64 — Raspberry Pi, Synology NAS, any Docker host
  • Single container, no external dependencies

GitHub (docs + tutorials): GitHub - axieyangb/aegis: Self-hosted Envoy gateway with AI threat analysis, TLS automation, and real-time security dashboard · GitHub
Docker Hub: axieyangb/aegis - Docker Image

Happy to help anyone get their HA instance behind it — especially if you've been putting off setting up HTTPS because the config looked painful.

About Author: Formerly network security at Palo Alto Networks, now Senior Software Engineer at Google specialising in identity, distributed cloud, Kubernetes, and AI. Aegis started as a home lab project and grew into a product.