I am currently setting up new services on my home assistant. I would like to be able to access my home assistant using example.net and other services (such as bookstack) on service.example.net. From the local network only (using VPN at times, but I already have VPN setup on my router) I have installed DNSMasq add-on, and I’m waiting to point my router to the DNS server until I have this sorted out. I have WAF (Wife Approval Factor) to consider here.
What I’m missing how to make this so port numbers are not required in the DNS record (and not using SRV records, since I’m using a browser to point to non-standard ports using http/https) I currently have to enter the ip followed by the port for the service in the browser. I’m pretty new to this stuff, but I’m eager to learn so please be kind. I am thinking maybe Nginx reverse proxy is the way to go? I’ve messed with configuring that, but I’m a little lost drinking a lot of information from the firehose. Can someone help guide me or point me in the direction of a good tutorial that doesn’t specifically work for public access only?
I would also like to use LetsEncrypt for everything. At some point in the future I would like to build a publicly available website, (I already own the domain at this point) but for now I’d like to keep everything to local usage only via LAN VPN.
Does anyone have any suggestions/guidance that can help point me in the right direction?
Sorry about that. I will attempt to update this to be more organized when I can get to it.
I can currently access it from outside the home. I’d like to have access be via HTTPS. I’d also like to have HA and its add-ons accessible via a domain and subdomains that are only available/accessible on my local network, and not public. I want to provide a local dns record for the domain and subdomains on my local networks.
The only way to do this is something that can make port numbers and url rewrite happen
an SSL terminating reverse proxy or equivalent - something has to grab the url and rewrite it for the internal service Like
Its a complicated setup but possible. There are other proxies available too if NGINX isn’t your jam but basically that’s thbpath you’re heading down if you want to not care about port numbers and share one external domain namespace.
If you have HA open from outside your network without HTTPS, drop whatever you are doing now and close it!
Using HTTPS will fulfil as well the requirement of accessing with a domain name. The easiest way to do this is to get a public domain from a free dynamic DNS provider supported by the HA Letsencrypt addon. Many use DuckDNS.
If you have an internal DNS server you can let it resolve the public domain as usual, or manually create an A record.