i don’t understand.
you need to forward port 443 to 8123 for the ip address of your HA machine to access it over https.
port 80 is for unsecure communication as far as i understand it.
It appears you didn’t use a Python Virtual environment. Be aware that this will cause you problems if you install any other Python programs (like AppDaemon) also outside of a virtual environment.
Port 80 is the default for HTTP. Port 443 is the default for HTTPS. You don’t have to use them, you can use any port.
https:// means port 443 is required if you don’t specify the port. For example, if you use port 44443 you would forward that on the router to your HA system (you can forward it to port 8123), and then connect with https://yourhost.example.org:44443/
I guess I understood that. I just didn’t convey it very well. 
thanks for clarifying it for me.
MySetup:
Raspberry Pi3 B
16Gb HD (microSD)
debian stretch
lighttpd 1.4.45
HASS 0.75.2
Soooooo…I also use Lighttpd to serve some pages, mainly because I have pihole running (another awesome program that blocks ads, but enough of the free advertisement).
I had apache2 running with a reverse proxy but since Lighttpd is lightweight I decided to keep it… plus every time I update pihole it install Lighttpd again!
I’m trying to do the reverse proxy, etc… I have no clue how to.
For the HTTP conf, I had:
<VirtualHost *:80>
# I like serving hass on a alias.... for ease of mind:
ServerName hass.myservername.com
ServerSignature Off
ProxyPreserveHost On
ProxyRequests Off
# related to certbot and the cert generation process:
ProxyPass /.well-known http://hass.myservername.com/local/.well-known
ProxyPassReverse /.well-known http://hass.myservername.comlocal/.well-known
# portion to forward HASS:
ProxyPass / http://10.0.0.0:8123/ disablereuse=on
ProxyPassReverse / http://10.0.0.0:8123/
ProxyPass /api/websocket ws://10.0.0.0:8123/api/websocket disablereuse=on
ProxyPassReverse /api/websocket ws://10.0.0.0:8123/api/websocket
# to make sure it forwards all the time:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>
the for the HTTPS conf:
### HASS hosted Pi ###
<VirtualHost _default_:443>
# I like serving hass on a alias.... for ease of mind
ServerName hass.myservername.com
ServerSignature Off
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
# the one below serves the certbot certificate
ProxyPass /.well-known https://hass.myservername.com/local/.well-known
ProxyPassReverse /.well-known https://hass.myservername.com/local/.well-known
Alias /.well-known /home/homeassistant/.homeassistant/www/.well-known
# this is the HASS portion
ProxyPass / http://10.0.0.0:8123/ disablereuse=on
ProxyPassReverse / http://10.0.0.0:8123/
ProxyPass /api/websocket ws://10.0.0.0:8123/api/websocket disablereuse=on
ProxyPassReverse /api/websocket ws://10.0.0.0:8123/api/websocket
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/hass.andreslopez.us/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/hass.myservername.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/hass.myservername.com/chain.pem
# lines below: from one of the post from the forum....is needed to work! websockects, etc...
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://10.0.0.0:8123/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://10.0.0.0:8123/$1 [P,L]
</VirtualHost>
If anybody has any idea what needs to be done to get this working on Lighttpd, please let me know… currently I’m not serving HASS outside from my network…since I can’t do it through https…