Hello!
I need help with a security question.
I use Home Assistant only in my local network. But for chat-bot implementation, I need external access to HA API.
On my ASUS router, I have DDNS set and I can enable port forwarding so from my DDNS URL I can access HA UI. But I don’t want to expose UI to the internet, I want to have an external connection to API only.
Is there a way to set external access to API (http://IP_ADDRESS:8123/api/) but not to expose UI (http://ip_address:8123/) with router settings or some other tools?
You may be able to do this with NGINX proxy
I found that NGINX proxy is available as a Docker container, will it work for me if I install it as a Docker container?
I think I figured it out.
I did the following:
- Configured my router to use DDNS hostname.
- Installed Nginx Proxy Manager add-on.
- Configured custom port forwarding from my router to my HA server 80 port (now managed by Nginx Proxy Manager).
- In the addon, I added custom location for my hostname “/” with forward hostname and port “homeassistant” and “8123” and additional options:
deny all;
return 404;
- I added another custom location “/api/” with hostname and port “homeassistant/api/” and “8123”
Seems to work.
I hope you are using https on your proxy. Do not pass your credentials through port 80
Thank you for advice. I will configure HTTPS.