If you want addons to use ssl you could set the certificates in the addon configuration.
For the webpage card looks like you might need to use the domain and https. Did you try that?
Hi David, Yes I tried the https + domain for the webpage card and it was not working in there (although works directly). I’ll have to fumble around this one for a little longer.
I’ve got plex working correctly & I’m also working on getting tautulli to work - where does the cert and key file get stored when using Caddy2? It seems like many add-ons refer back to these locations to pull their config.
Thank you
To complicate things I have the existing cert from a failed attempt with either nginx or dnsmasq that is confounding the addons certs, I think that I need to tease out the way to provide the cert file and key while having it pick up the right https reference. What do you think?
Hi David,
I’ve found cert location (not super hard to find), but one of my subdomains is being tricky and not actually generating a cert folder - I have main domain + 4 other subdomains but no joy for a single additional one - no matter what I name it. Is there a theoretical max certs? or am I just doing something wrong (header issue maybe)?
Thank you in advance.
Don’t know. There’s no max I’m aware of. If @berichta doesn’t respond you can try the caddy server forum.
I think I’m facing a similar issue to these configs - Iframe issue (panel_iframe, Webpage Card), but funny thing is I’m accessing https through https and still getting nothing - I’ll clear cache to confirm.
Hey David, I just saw that this was your post: https://dew-itwebservices.com.au/setting-home-assistant-up-for-secure-access-over-the-internet/, really liked it and I’m going to add the port number to the end of my https references for iframe and give that a try.
I have been meaning to do a post for caddy2 as well. Non standard port is a good idea.
A post for caddy2 would be nice, you certainly are one of a few who have it down.
On my iframe load I’m getting:
[Error] Refused to load https://<sub-domain>.<my-domain>.duckdns.org/index.php/auth/logout?redirect_uri=/ because it does not appear in the frame-ancestors directive of the Content Security Policy.
Did I miss something in my header section?
yes you missed something. What is your Content-Security-Policy ?
Also show your iframe from configuration.yaml
This is in my headers, but I noticed that you have :XXXXX is that a literal *.domain.com:XXXXX or do you insert each port and the duckdns.org domain name in here for subdomain in this reference section?
Content-Security-Policy "frame-ancestors domain.com *.domain.com"
So would yours be:
Content-Security-Policy "frame-ancestors <my-domain>.duckdns.org:8123 *.<my-domain>.duckdns.org:7329 *.<my-domain>.duckdns.org:7115 etc..."
Thanks in advance
I have xxxxx as a placeholder for the port I use. It is the EXTERNAL port to access the subdomain, not the proxied one. Mine is identical to what I show below (except different port and domain)
So say I was using port 12345…
Content-Security-Policy "frame-ancestors domain.com:12345 *.domain.com:12345"
I assume you also removed x-frame-options? (you should have)
That was it, solved it - it looks like my webpage card and panel_iframes are all working both internal on homeassistant.local and externally on my duckdns domain simply sick!! Love that caddy2 works so beautifully across both!
The only weird thing is that I created subdomains and 1 out of 5 didn’t show up in the certs folder with its own unique folder, but the site still directs just fine - wonder why, though if it ain’t broke…anyways huge thank you to you and Berichta for pulling these configs together working on the add-on and presenting a clear method for getting these to work!
About 20 minutes later that folder apparently popped up, so problem solved - great thank you both!
I see folders here \debian\ssl\caddy\certificates\acme-v02.api.letsencrypt.org-directory for all my sub-domains…
Great you got it working.
Interesting enough, my iOS HA app and iOS safari were displaying everything perfectly- created some backups and now I can’t get those to pop up my iframes again on local network (although Firefox displays fine) I’ve reset cache both safari and HA, reset HA, reset router. It says the same content policy error, though I’ve made the changes and they’re persisting? Idk what changes to attempt - I was thinking of resetting the modem too? What other troubleshooting would you recommend?
different browser? Also make sure you aren’t banned ip…
I’m still getting this error when looking at safari:
[Error] Refused to load https://<subdomain>.<my-domain>.duckdns.org/ because it does not appear in the frame-ancestors directive of the Content Security Policy.
Doesn’t matter if I do either of these:
-Server
Content-Security-Policy "frame-ancestors https://<my-domain>.org https://<subdomain1>.<my-domain>.org https://<subdomain2>.<my-domain>.org"
Permissions-Policy "geolocation=(self), microphone=()"
or
-Server
Content-Security-Policy "frame-ancestors <my-domain>.org *.<my-domain>.org"
Permissions-Policy "geolocation=(self), microphone=()"
still getting this error, any clue?
The second one is definitely working for me.
Oh hang on…
On local network?
Is iOS app on local network using the local IP address instead of the domain?
Does it work when on 4G?
So at one point it had worked all around - in local Mac browser, in iOS on wifi network to local HA instance and also outside the network on 4G. Now it only works on wifi local through my firefox browser on iPhone to homeassistant.local and through the safari browser out to the https site - I suppose this is as intended, but odd that for a few hours there was a point that it was working universally; is this just my network sorting things out in NAT loopback redirections and cache?