If you want your HA and other services available outside your network, you can run both. If you want to use Google Assistant/Alexa (without HA Cloud), then you need to have your HA exposed.
What do you mean? It’s 2 different services running on your network. One doesn’t rely on the other.
I was indeed wondering about exposing my HA for google assistant as I wont be using nabucasa for now. I would like to use the assistant + send location updates So I guess it needs to be exposed to the internet?. Could I for example setup the caddy server to provide access to my HA and a nas storage but keep other devices behind a vpn?
If you want it to connect to Google Assistant, yes.
DO NOT EXPOSE a NAS to the internet!
You can use your reverse proxy to expose HA.
When you say keep other devices behind a vpn, it sounds like you think I am referring to a hosted VPN SERVICE, which I am not. Basically you just keep your other devices LOCAL to your network only. You run a VPN server on your network (I love wireguard) and connect to YOUR VPN, not a provider VPN.
Ok so I’ll look into wireguard or another locally hosted vpn solution for all devices other than HA. Access to the NAS could also be enabled over a vpn I guess 
Once you have a VPN set up at home, you can access ANYTHING on your network.
Thx for the info! Should I run the VPN in its own LXC container? Sorry for these nooby questions, Al these networking related stuff is al new for me 
Update: I got WireGuard up and running in an lxc container within Proxmox. I do have some questions left and you might be able to answer them as you have a similar setup I guess.
AllowedIPs = 0.0.0.0/0, ::/0 will forward all IPv4 ( 0.0.0.0/0 ) and IPv6 ( ::/0 ) traffic over the VPN. When connected to 4G it seems sensible to only route my actual request that are intended for my local network to be tunneled over the vpn. How would that look?Thanks in advance
No. I own several domains and just use the dynamic DNS client on my router. It only needs to update your public IP. If you’re already using duckdns for HA, you’re already updating the IP.
I run a DNS in my home network. In my DNS I point my public “VPN” subnet to the LAN IP address of my router.
Instead of 0.0.0.0/0 put in your actual home subnet. If you are on 192.168.1.0 you would put in 192.168.1.0/24
Thanks for the info, not updating duckdns atm, will just create a script in my Proxmox host as my router does not have such client.
I have it now set to 192.168.0.0/24 but now only my local network request succeed and for example https://google.com stopped working. Isn’t there a way to just skip the vpn in those cases?
The default behavior is a “split tunnel” if you only tell it your local subnet.
It shouldn’t affect any other traffic on your phone unless you told your VPN settings (in the Android settings) to block connections without VPN
@flamingm0e I found the culprit! It was set to AllowedIPs = 192.168.0.0/24, ::/0 and the second argument (I think it is used for ipv6) caused it to not work. I removed it for now.
::/0 is invalid I think. fd00::/8 would be the local IPv6 subnet. ::1 is the loop back for v6
That’s the “all” subnet. It’s the equivalent of 0.0.0.0/0 for ipv4
Hey there, just wanted to share my own experience with using “Caddy” to reverse proxy for the “Proxmox” WebUI. Please note that I’m using the Hassio Addon https://github.com/korylprince/hassio-caddy/tree/master/caddy and it works beautifully.
Below is my caddyfile configuration for proxmox, should it benefit anyone.
https://subdomain.duckdns.org:443 {
proxy / https://192.168.xxx.xxx:8006 {
websocket
transparent
insecure_skip_verify
}
}
And if you’re interested in running Home Assistant as a VM inside Proxmox here’s a one commandline script to do it (very awesome): https://www.youtube.com/watch?v=JAHKftNVTco thx @Zpeed for the link/tip.
Home Assistant on Proxmox, rocks!!! If you’re having issues then reach out
hi, I have it all running (but Caddy on a separate VM), everything works, exept Google Assistant.
Anyone with my setup that can help me configure Caddy?
You just use the same URL as you use for HA. There is nothing special you need to do for Google Assistant with Caddy.
Let me explain better my situation
A) Curently I have, nothing in configuration.yaml (took out http: )
I use NGINX PROXY MANAGER addon on my HASSIO installation. Router forwards port 443 to NUC-proxmox-HassOS LAN IP.
Nginx proxy manager routes https://hassio.mydomain.com to the internal IP of HASSIO 192.168.1.12 with clouflare certificates
Nginx proxy manager addon routes also a lot of other things.
This works beautifullly, everything works, including Google Assistant
B) Now I wish to have a separate VM that handles all this (do not want HASSIO to route all my LAN, also because I am planning to put VLAN and other stuff, and I really do not think HASSIO should do other then Home Automation). So I did a simple VM with Ubuntu and CaddyV2 (try it is fantastic BTW, very very simple to use) with this
Of course I change router forward 443 and 80 to this new VM LAN IP.
Caddyfile is
hassio.{$MY_DOMAIN} {
reverse_proxy 192.168.1.12:8123
}
plus of course similar code for all other servers
Everuthing works beautifully, very smooth and easy to program it all. Only thing not working is Google Assistant and HASSIO: when I ask “Ok Google turn off _____” the answer is always, “Google can’t reach the test app” (I never change the name of TEST).
Of course I can reach just fine from my LAN or from outside my network my HASSIO with usual https:// hassio.mydomain.com
Hope I am clear
p.s. maybe I have to add websocket, in Caddyfile?? (I never understood what is for this websocket)
SO if I can access HASSIO fine also Google Assistant shoukld work? Its not my case, I have really no idea
EDIT, problem solved, I forgot, that beside the change from Nginx to Caddy, I also changed from duckdns to mydomain. In Nginx both were working (both there), in Caddy no …
Glad you worked it out 