I am finding a best method to access my Raspberry Pi Home Assistant HTTPS page from public internet securely, without the need of configuration on following:
Router Port Forwarding
Duck DNS for Dynamic IP
Renewal of SSL Cert every year
It is ok to do these configurations once on my first home, but not for my second, third, etc homes as I need to repeat whole process again for other houses.
To save this configuration time, is there any best method that can achieve this objective?
If the issue is having to re-configure, then I think you’ve already found a great solution, which I also use. Nginx Reverse Proxy Set Up Guide – Docker. Just add the DuckDNS docker image. There’s really no extra work or reconfiguration when moving.
DuckDNS docker image (no need to set up anything more than once, even when you move, using this docker image).
Let’s Encrypt which includes nginx (again, no need to set up more than once with this image). It auto-renews certificates, so you’ll never have to worry about that again (there’s a cron job running daily to check certs).
I do have to forward ports in my router for this approach, but that’s 2 minutes work, and only has to be re-done if you change or factory reset your router. I have literally spent 2 minutes on this in total during the last year or more, I just brought my router with me when I moved. DuckDNS takes care of itself, the same for letsencrypt.
You can find the docker images used in my repo under “Docker containers”.
Bottom line is, I didn’t have to change a single thing when I moved last summer, and I really haven’t needed to at any point, unless I wanted to e.g. add a new subdomain in the nginx setup. The only thing you will ever (unless any breaking changes are introduced in updates) have to re-do is the port forwarding, and only whenever you get a new router.
EDIT: Rearranged post to emphasize that this is easy when moving. First post was messy. I blame jetlag
You’re right. Only for voice control etc.
I guess the other only option was a thread posted a few months back about a Chinese company offering a sort of proxy service.
It got a lot of flack on privacy issues, but apparently it works.
I guess another temporary solution might use something like ngrok.
That’s good for simple stuff, but I think long-running services with lots of websocket connections might prove challenging.
I use nginx on another home server, (a machine which also has a cron job to keep letsencrypt up to date). It forwards incoming requests to hassio.mydomain.com to my HA server. (The hassio.mydomain.com DNS entry is actually an alias for a dyndns address.)
But an alternative is a VPN, if you have something inside your network that can provide it and you’re always connecting using your own devices. I have recently set up OpenVPN – in my case, on my Synology NAS – and use the Viscosity client on my remote Macs and the OpenVPN app on my iOS devices, and I can get to everything. It does involve opening a port on the router, but only one
Ngrok was working good until recently. The reason I ended up with ngrok is because our lame ISPs in Mexico are allowed to have us behind a NAT now. Basically duckDNS, opening ports, etc don’t work for me.
I didn’t pay attention, did a few HA updates, and seems Ngrok stopped working at some point. I went back to my oldest snapshot but it only of 2 weeks ago, and not working there either.
