Completely new to this, and I apologize since this has probably been covered somewhere before, but I did a bit of searching and couldn’t quite find what I needed.
For external access I know if I forward 443 to 8123 for example that I can just use my external IP/hostname alone to acesss the HA web interface. I also saw that the Ngix plugin can help further configure this based on hostname prefix.
However, is there a way I can have HA redirect 80/443 requests internally as well? So that I can just type its IP or homeassistant.local to get to the page without needing to type the port?
After a while I’m terrible at remembering port numbers for all of the http intefaces I have locally.
To clarify, I don’t actually want to change the port that the web server listens on, though I suppose this would technically work. I’m well aware that hosting it on 80 can be problematic for security reasons but this is only really an issue if you have the port forwarded/exposed to the outside for that device. I will absolutely not be giving access to my HA instance on port 80 outside my network. That will probably remain on 8123 and will not be enabled until I setup encryption.
What I’m talking about is local only, an extremely minimal web server that runs on port 80 or 443 who’s only job is to redirect connections to port 8123 for the sole purpose of eliminating the need to specify a port number. I’ve seen this done on some devices where you start by just doing to their address/hostname and once the connection fully resolves the URL will show that you are now actually at a different port than the standard HTTP(S) ones.
I’d imagine this would be done through a supervisor addon.
In the end if there isn’t such a thing, I do run opnsense and it’s probably possible to setup a LAN interface redirection rule for port 8123 that only applies to the device HA OS is running on. I’ve never done it but from what I’ve seen when doing regular WAN port forwards I believe it is doable. I’d just prefer to have HA do it itself so that the configuration is self contained.
For now I know the port, I just know that once I’m really setup, I’ll come back to the interface to add a new device a year from then I’ll probably forget it. Sure it’s an easy google search (unlike CyberPowers PowerPanel which also uses a sub-directory that I’ve only seen written down in an annoying to find, long PDF manual), but I was just trying to do this for polish and so that another user that I guarantee you will never remember the port can check in from time-to-time.
In the end, I guess changing the port that the server listens on is effectively the same as long as I never open that new port to the outside and instead do something like WAN 8123 → LAN 443 @ 192.168.1.X with Let’sEncrypt enabled.
What you’re describing is a “reverse-proxy” and there are addons but it’s overkill for simple port change convenience if you have everything else in place. Typically exposed WAN ports can be translated by the firewall solution as you describe in your last statement so that port 80 or 443 isn’t exposed to the Internet.
And just to be sure, it also affects LAN connections to the interface? Though I suppose even if it doesn’t, one could use the DDNS or otherwise obtained hostname for the public IP and connect to the home assistant dashboard over WAN from inside the network. It’s would be a little silly, but works…