Network Mode Selection | Nginx HTTPS vs Integrations

Hello,

Currently I have setup a Nginx Reverse Proxy inside my default docker network with a docker-compose file. The Stack I have setup has several services including Home Assistant, Vaultwarden, Portainer, and JellyfFin … from the start every container was set to the default bridge network except for Home Assistant which was set to network_mode=host

After realizing that Nginx could not secure [ HTTPS ] Home Assistant because it was outside the docker default bridge network, which Nginx is contained in, I removed the #network_mode=host and ran docker-compose up -d to recreate the stack with some persistent volumes. Through docker network inspect I can confirm that Home Assistant switched to the default bridge network.

I now realize that my Google Cast devices are failing to connect to Home Assistant because Home Assistant is no longer on the host network but instead within the default bridge network.

As of right now I am either getting Google Cast devices with network_mode=host to work without HTTPS, or the default bridge network works with HTTPS but my Google Cast integration fails.

How can I have both of these things at the same time? It’s almost as if I need Home Assistant to have one foot in each subnet just to communicate with everything correctly … how can this be done if at all ?

Note:
Other containerized services within the default bridge network are running smoothly with Nginx and are accessible from inside and outside the local network ( done via Pihole DNS record for domain to IPv4 )… the only exception to my system working as intended is Home Assistant.

PS: If I find the solution I will reply with it.

Alright so after an agonizing amount of looking into things I discovered this amazing solution! Essentially running a secondary container inside your docker network that connects to the host network and leaving Home Assistant on the host. This allows me to connect to the host with Home Assistant and enjoy all of the benefits of being on the same network as the devices I am targeting for integrations while still establishing HTTPS security outside my local network! If anyone is struggling with this please let minnow and I’ll do my best to assist you with your setup.

This is the example I captured from GitHub thanks to the great user there who posted it. I’ve implemented some tweaks into the code for my personal use but this really did just work like a charm. I’ve decided not to delete this post even after resolving my own issues since I’ve not seen anything posted here on the community for this kind of issue; something I believe would be quite a common problem.

  socat:
    image: alpine/socat:latest
    container_name: socat
    entrypoint: "socat tcp-listen:8122,fork,reuseaddr tcp-connect:192.168.1.110:8123"
    depends_on:
      - nginx-proxy
    environment:
      - LETSENCRYPT_HOST=home.example.com
      - [email protected]
      - VIRTUAL_PORT=8122
      - VIRTUAL_HOST=home.example.com
    ports:
      - 8122:8122
    restart: unless-stopped