Local DNS records and/or reverse proxy

Hello,

HA OS
Raspberry Pi 4

I am currently setting up new services on my home assistant. I would like to be able to access my home assistant using example.net and other services (such as bookstack) on service.example.net. From the local network only (using VPN at times, but I already have VPN setup on my router) I have installed DNSMasq add-on, and I’m waiting to point my router to the DNS server until I have this sorted out. I have WAF (Wife Approval Factor) to consider here.

What I’m missing how to make this so port numbers are not required in the DNS record (and not using SRV records, since I’m using a browser to point to non-standard ports using http/https) I currently have to enter the ip followed by the port for the service in the browser. I’m pretty new to this stuff, but I’m eager to learn so please be kind. I am thinking maybe Nginx reverse proxy is the way to go? I’ve messed with configuring that, but I’m a little lost drinking a lot of information from the firehose. Can someone help guide me or point me in the direction of a good tutorial that doesn’t specifically work for public access only?

I would also like to use LetsEncrypt for everything. At some point in the future I would like to build a publicly available website, (I already own the domain at this point) but for now I’d like to keep everything to local usage only via LAN VPN.

Does anyone have any suggestions/guidance that can help point me in the right direction?

Sorry, but what you have explained is a salad of weird requirements. What is your end goal?

Access HA using a public domain?
Access HA from outside your house?
Access HA using HTTPS?

Sorry about that. I will attempt to update this to be more organized when I can get to it.

I can currently access it from outside the home. I’d like to have access be via HTTPS. I’d also like to have HA and its add-ons accessible via a domain and subdomains that are only available/accessible on my local network, and not public. I want to provide a local dns record for the domain and subdomains on my local networks.

The only way to do this is something that can make port numbers and url rewrite happen

an SSL terminating reverse proxy or equivalent - something has to grab the url and rewrite it for the internal service Like

Its a complicated setup but possible. There are other proxies available too if NGINX isn’t your jam but basically that’s thbpath you’re heading down if you want to not care about port numbers and share one external domain namespace.

Are there any good guides? What should I be looking/searching for to try and build this?

If you have HA open from outside your network without HTTPS, drop whatever you are doing now and close it!

Using HTTPS will fulfil as well the requirement of accessing with a domain name. The easiest way to do this is to get a public domain from a free dynamic DNS provider supported by the HA Letsencrypt addon. Many use DuckDNS.

If you have an internal DNS server you can let it resolve the public domain as usual, or manually create an A record.

I don’t have HA open outside of the network. I can only access it outside of my home via VPN.

That being said, I do want to use HTTPS anyway, especially since making it accessible via public domain is in the distant future.

Why in the distant future? Duck DSN + Let’s Encrypt and you’ve got HTTPS in minutes.