If you want your HA and other services available outside your network, you can run both. If you want to use Google Assistant/Alexa (without HA Cloud), then you need to have your HA exposed.
What do you mean? It’s 2 different services running on your network. One doesn’t rely on the other.
I was indeed wondering about exposing my HA for google assistant as I wont be using nabucasa for now. I would like to use the assistant + send location updates So I guess it needs to be exposed to the internet?. Could I for example setup the caddy server to provide access to my HA and a nas storage but keep other devices behind a vpn?
If you want it to connect to Google Assistant, yes.
DO NOT EXPOSE a NAS to the internet!
You can use your reverse proxy to expose HA.
When you say keep other devices behind a vpn, it sounds like you think I am referring to a hosted VPN SERVICE, which I am not. Basically you just keep your other devices LOCAL to your network only. You run a VPN server on your network (I love wireguard) and connect to YOUR VPN, not a provider VPN.
Ok so I’ll look into wireguard or another locally hosted vpn solution for all devices other than HA. Access to the NAS could also be enabled over a vpn I guess
Update: I got WireGuard up and running in an lxc container within Proxmox. I do have some questions left and you might be able to answer them as you have a similar setup I guess.
My modem/router has a dynamic IP address. Do you have the same issue? Do you use Duck DNS to ‘solve’ this issue? Where in the Proxmox setup would it be sensible to keep the script running?
The WireGuard android app doesn’t have the option to exclude using the vpn when connected to my home wifi, the ios app does seem to have this feature, am I missing something?
It seems that the ‘AllowedIPs’ client option can be used to filter out traffic, at the moment it is set to the following: Using the catch-all AllowedIPs = 0.0.0.0/0, ::/0 will forward all IPv4 ( 0.0.0.0/0 ) and IPv6 ( ::/0 ) traffic over the VPN. When connected to 4G it seems sensible to only route my actual request that are intended for my local network to be tunneled over the vpn. How would that look?
No. I own several domains and just use the dynamic DNS client on my router. It only needs to update your public IP. If you’re already using duckdns for HA, you’re already updating the IP.
I run a DNS in my home network. In my DNS I point my public “VPN” subnet to the LAN IP address of my router.
Instead of 0.0.0.0/0 put in your actual home subnet. If you are on 192.168.1.0 you would put in 192.168.1.0/24
I have it now set to 192.168.0.0/24 but now only my local network request succeed and for example https://google.com stopped working. Isn’t there a way to just skip the vpn in those cases?
@flamingm0e I found the culprit! It was set to AllowedIPs = 192.168.0.0/24, ::/0 and the second argument (I think it is used for ipv6) caused it to not work. I removed it for now.
And if you’re interested in running Home Assistant as a VM inside Proxmox here’s a one commandline script to do it (very awesome): https://www.youtube.com/watch?v=JAHKftNVTco thx @Zpeed for the link/tip.
Home Assistant on Proxmox, rocks!!! If you’re having issues then reach out
A) Curently I have, nothing in configuration.yaml (took out http: )
I use NGINX PROXY MANAGER addon on my HASSIO installation. Router forwards port 443 to NUC-proxmox-HassOS LAN IP.
Nginx proxy manager routes https://hassio.mydomain.com to the internal IP of HASSIO 192.168.1.12 with clouflare certificates
Nginx proxy manager addon routes also a lot of other things.
This works beautifullly, everything works, including Google Assistant
B) Now I wish to have a separate VM that handles all this (do not want HASSIO to route all my LAN, also because I am planning to put VLAN and other stuff, and I really do not think HASSIO should do other then Home Automation). So I did a simple VM with Ubuntu and CaddyV2 (try it is fantastic BTW, very very simple to use) with this
Of course I change router forward 443 and 80 to this new VM LAN IP.
Everuthing works beautifully, very smooth and easy to program it all. Only thing not working is Google Assistant and HASSIO: when I ask “Ok Google turn off _____” the answer is always, “Google can’t reach the test app” (I never change the name of TEST).
Of course I can reach just fine from my LAN or from outside my network my HASSIO with usual https:// hassio.mydomain.com
Hope I am clear
p.s. maybe I have to add websocket, in Caddyfile?? (I never understood what is for this websocket)
SO if I can access HASSIO fine also Google Assistant shoukld work? Its not my case, I have really no idea
EDIT, problem solved, I forgot, that beside the change from Nginx to Caddy, I also changed from duckdns to mydomain. In Nginx both were working (both there), in Caddy no …