How to deal with non-SSL Panel iframe pages inside SSL Hass.io environment?

sth? I don’t know what you mean here…

If you use your solution for something?

I would say name the panel a very long string of random characters similar to a client secret but I think that unless you have cutting-edge encryption running the headers are unencrypted even with https: and might be intercepted.
So I guess we try what @Remko said

I currently have the setup so that I can access my zigbee2mqtt page on a different location with an additional auth token. It’s working in a new tab, but not in the iframe inside home assistant. I believe it has something to do with displaying the alert popup where you have to enter the auth token but I might be wrong, I just don’t see my zigbee2mqtt page, just a plain white page.
Do you know how to manage the separate page with authentication in the iframe tab?

If you are in a HA-Core setup and use the addon, you can also access the zigbee2mqtt addon from the sidebar. So somehow they also managed to integrate this, even with HA authentication.

Is there anything I can do to access my docker containers from within ha remotely and not expose the containers to anyone? Didn’t find anything but maybe Ive overseen something?

I can access my containers using nabu casa but only if i use my local wifi.
I can’t access containers if I’m using different network. I don’t know why. My router is pointing back to my ha ip for dns resolving and I’m using adguard for dns rewrite.

you can try hass_ingress integration.

you can try hass ingress integration, it provides these features:

  • Ingress function similar to Hassio Ingress. (option: work_mode: ingress)
  • Sidebar function similar to Panel_iframe. (option: work_mode: iframe)
  • Work with nginx auth_request for backend services can’t be proxied by ingress. (option: work_mode: auth)
  • Additional http headers passed to the backend service, such as authorization and host, so that we can access the external resources without extra login. (option: work_mode: ingress header: {map})

I used this guide to have an iframe on wled page.

this is my config:


location /mountain/ {
    rewrite /mountain/(.*) /$1  break;
    proxy_pass  http://192.168.0.158;
}

the problem is when I click on config that is the page http://192.168.0.158/settings

my ssl port is 8126 and when I point to xxx.duckdns.org:8126/mountain/ all is good and host is reached… but when I click on other links like xxx.duckdns.org:8126/mountain/settings/

it gave me an error:
Loading of configuration script failed.
Incomplete page data!

how to solve?

can you give more details please? I dont understand how hass_ingress would help me

here Introduce two custom projects for HA ingress

1 Like

Sorry but I still dont understand. I tried the integration with this config:

ingress:
  hyperion:
    title: Hyperion
    icon: mdi:television-ambient-light
    url: http://localhost:8090
  npm:
    title: NGINX Proxy Manager
    icon: phu:nginx
    url: http://localhost:81

And neither Hyperion nor NPM are accessible from the side panel. Not even from the internal network.

Holy shit, this works. Thanks @lovelylain!

1 Like

How did you add and iframe page as sidebar menu item?

HA → Settings → Dashboards → Select one dashboard (or create a new one), then Edit dashboardAdd cardWebpage.

Ok, after all this time I stumbled upon a stupid simple solution to the ingress/non-SSL iframe pages problem without messing around with NGINX (unless you want to). I stood up the Wireguard add-on, provisioned my devices, and… voila, I’m on my home network. Like you can go to your router GUI without remote management active, browse your NAS, SSH to your server, whatever. AND you can use the public wifi at Starbucks without the pucker factor. We even get early quantum resistance in the form of pre-shared keys.
I still have NGINX (the add-on now, which is so much easier to use than the real thing) downgrading
https://blahblah.duckdns.org to
http://xxx.xxx.xxx.xxx:8123
but I don’t think even that’s necessary if you’re going to always be using your VPN any time that you’re not on your home wifi. Then you don’t need duckdns or nginx and can close every port on your router but the one for wireguard.