Hass on https for internal lan

Configuration
21

You don’t have set them on the same port…really, you don’t have to use any port in my opinion.

  • ngnix listen on hass.domain.com:80
  • if client that request connection is router-ip, display auth login…and proxy to localhost:8123
  • if client that request connection is NOT router-ip, proxy to localhost:8123

where 8123 is the port of your hass :slight_smile:

anyway this topic is going OT :wink:

1 Like
22

Yes, you can do that.
I don’t want to expose external services on common ports. Obscurity is not security, but it is a good layer of a secure install.

23

Sorry for digging up this old post, but it is just my problem. Most other Nginx reverse proxy threads are about “location / {…}”, not “location /hass {…}”.

Due to a dyndns I cannot use subdomains (so I’m stuck with FQDN/hass) and because of other things running on the same server I cannot put HASS in the server root.

Is there any progress in that matter?

I must admit, I don’t understand the solution proposed by @elbowz

24

I’ve tried your nginx config, but some weird things happened…

  1. it ignores any combination of IP addressed added to automatically allow access
  2. HASS repeatedly asks me for a password to login, despite the fact their isn’t an API password set.

Any ideas?