I have set up hassio on an rpi 3 (standard installation) with duckdns. Access via https to the public address works as expected, but when trying to connect to https://hassio.local:8123 I get a warning from the browser that the connection is not secure. Apparently that’s normal behavior.
I can live with that, except I also have a device that sends http post requests to node-red at https://hassio.local:1880 (which I’ve also added to hassio). This fails with “Certificate is invalid for given domain”. How can I set this up correctly?
Yes, the DuckDNS url (e.g. https://myduck.duckdns.org) works from everywhere, including internally. Hence a DNS entry is not needed.
However, https://myduck.duckdns.org:1880 (node red) would require a firewall rule in the router to forward port 1880. I do not want to do this for security reasons (I cannot use a password on node red since the service I’m using to post to node red does not support authentication).
Hence I really need local access, either with a correct certificate (ideal), or without ssl. Once I installed the duckdns add-on, hassio appears to require all traffic to be encrypted (good), but then has this issue with invalid certificate when access locally (for services that are not exposed).
I think I understand now why this should work. My current router lacks the feature (ATT Uverse), but I want to upgrade it with a Pepwave Soho anyway, and then I should be able to do this.
BTW: there is also a dnsmasq add-on for hassio, so that would be another option.
Probably the simplest way is a reverse proxy like Caddy which is really easy to setup and will give you local access as well as access via your domain without opening any additional ports.