I’ve vpn conection to Home Assistant server (debian with docker) to view and manage my home. I did’t want to publish it to internet. But now I want to have on site home assistant integration (not cloud one) and also TTS.
I can’t find what part of Home Assistant has to be publish to internet to get it work. Do I need publish all my HA instance on 433 port?
or maybe reverse proxy and fail2ban will be enough?
If by all site you mean anything accessible via ip:8123 then yep… But it does use HA’s secure HA auth to establish the access… That’s how everyone not paying for HA cloud does it.
It doesn’t matter. The main reason to use reverse proxy is ability to drop, allow, forward or change http requests.
With port forwarding all requests are send directly to HA. When you install and configure reverse proxy, you are able to pass only specific requests (for example only https://ha_address/api/* ) even it uses the same port.