I am currently using the latest home assistant firmware, together with tailscale, a router that does not support port forwarding due to the von policy(vpn is always enabled on router) and i have two domains that i can use(but dont want to access home assistant through a internet domain, only through tailscale).
How do i proceed with this, is there even a way?
Tailscale doesn’t need port forwarding. Drop a client in HA, another on your phone and you’re all set. Tailscale will also issues free certificates, but I don’t know how usable they are in HA.
I need the certificate for ssl… but dont want my HA pc accessable through a domain.
Then you need to get a certificate issued for the domain you want to use. Easiest way would be DuckDNS + Let’s Encrypt.
tailscale has its own https but cant get it working. isnt duckdns for accessing home assistant through a domain? i dont want access through a public domain. only access through tailscale.
Oh, got it, you want to access HA over SSL through a non-public domain. Then you need your own internal DNS server, your own Certification Authority (CA) and install the root CA cert in each device that will talk to HA. You’ll also have to use the CA to issue the certificate for HA. Perfectly doable but not for the faint of heart.
The privacy tradeoff when using Tailscase is worth it because you avoid all that boiler plate and, while Tailscale does make the certificate domain names public in a Certificate Transparency list, the domain is only accessible from the devices authenticated to your Tailnet.
Yeah i have it set up now like that, i can access my home assistant pc through the tailscale subdomain i was given, and does not work with tailscale disabled. Perfect…with http. Https gives a error. Tailscale can apparantly provide certs but i have no idea how to get them or install them on the HA minipc.
As per the Tailscale docs, the certificate is generated by running tailscale cert on the machine. However, this would only be possible in HA Core.