HASS.io on a Raspberry Pi3 in a network that already has a name server and apache2 on port 53/80/443

arretx · March 8, 2019, 10:48pm

Layout using imaginary IP addresses:

Cox Business Account with Static IP
pfSense Firewall
Ubuntu 16.04 LAMP server (192.168.1.100)
HASS.IO running in RPi3 (192.168.1.200)
Webmin and Virtualmin for Linux box management

Problem and Question:

Since the LAMP server receives all port 80/443 and 53 traffic, I’ve had to create a reverse proxy to be able to access Home Assistant via http://hassio.domain.com and https:// and it resolves correctly.

What I can’t figure out how to do is to get https://hassio.domain.com to actually have a valid certificate.

Do I need a certificate on HASS.io, or does Apache handle that, and based on the correct answer, how do I make sure it will work?

anon34565116 · March 9, 2019, 1:46am

The default port if 8123 should work fine for either http or https. Just specify the port in the URL.

arretx · March 9, 2019, 1:55am

So I may be getting hung up on something. I can access the site from http://subdomain.domain.com but the browser shows not secure. Under the certificate, however, it does show a valid certificate…so I’m not sure what’s going on, whether the site is secure, or whether it’s important or not.

As long as I can access the site remotely with the subdomain, I’m okay with that, but are there any security concerns for my system if the browser reports this?

Paul_Flavel · March 9, 2019, 8:38am

Http won’t show a valid certificate. You need to use https.
There are definately security issues accessing your site externally via http instead of https, especially if accessing from a public network.

arretx · March 11, 2019, 7:15pm

I have a reverse proxy that redirects to https:// which if accessed directly or with the redirect, shows as invalid.

Paul_Flavel · March 11, 2019, 7:18pm

I could be mistaken, but you still need a ssl cert for https to work.