Hi
I’ve vpn conection to Home Assistant server (debian with docker) to view and manage my home. I did’t want to publish it to internet. But now I want to have on site home assistant integration (not cloud one) and also TTS.
I can’t find what part of Home Assistant has to be publish to internet to get it work. Do I need publish all my HA instance on 433 port?
or maybe reverse proxy and fail2ban will be enough?
Just 443 forwarded to 8123 will work. But why not use a reverse proxy - Caddy is incredibly easy to set up.
simple port forwarding will work but isnt very secure.
The best way is publish only needed component through reverse proxy. For example only api (or only one specific request to api)
I dont know what is needed to get google assistant work. Only inforamation in HA manual is “To use Google Assistant, your Home Assistant configuration has to be externally accessible with a hostname and SSL certificate”
but yes, my last options is publish all HA site by reverse proxy.
If by all site you mean anything accessible via ip:8123 then yep… But it does use HA’s secure HA auth to establish the access… That’s how everyone not paying for HA cloud does it.
which runs on the same port as your HA instance, 8123
It doesn’t matter. The main reason to use reverse proxy is ability to drop, allow, forward or change http requests.
With port forwarding all requests are send directly to HA. When you install and configure reverse proxy, you are able to pass only specific requests (for example only https://ha_address/api/* ) even it uses the same port.
I know how reverse proxy works. I misread your other comment.