How to deal with non-SSL Panel iframe pages inside SSL Hass.io environment?

sth? I don’t know what you mean here…

If you use your solution for something?

I would say name the panel a very long string of random characters similar to a client secret but I think that unless you have cutting-edge encryption running the headers are unencrypted even with https: and might be intercepted.
So I guess we try what @Remko said

I currently have the setup so that I can access my zigbee2mqtt page on a different location with an additional auth token. It’s working in a new tab, but not in the iframe inside home assistant. I believe it has something to do with displaying the alert popup where you have to enter the auth token but I might be wrong, I just don’t see my zigbee2mqtt page, just a plain white page.
Do you know how to manage the separate page with authentication in the iframe tab?

If you are in a HA-Core setup and use the addon, you can also access the zigbee2mqtt addon from the sidebar. So somehow they also managed to integrate this, even with HA authentication.

Is there anything I can do to access my docker containers from within ha remotely and not expose the containers to anyone? Didn’t find anything but maybe Ive overseen something?

I can access my containers using nabu casa but only if i use my local wifi.
I can’t access containers if I’m using different network. I don’t know why. My router is pointing back to my ha ip for dns resolving and I’m using adguard for dns rewrite.

you can try hass_ingress integration.

you can try hass ingress integration, it provides these features:

  • Ingress function similar to Hassio Ingress. (option: work_mode: ingress)
  • Sidebar function similar to Panel_iframe. (option: work_mode: iframe)
  • Work with nginx auth_request for backend services can’t be proxied by ingress. (option: work_mode: auth)
  • Additional http headers passed to the backend service, such as authorization and host, so that we can access the external resources without extra login. (option: work_mode: ingress header: {map})