I’m a casual networking/developer beginner. Looking at the steps to configure access to home assistant through nginx… I noticed that step 8 is to forward all web traffic (HTTP and HTTPS) through the server running HA.
This would force all traffic, even for my connected devices, through the server would it not? I’m running on a pi, so I’m assuming there will be serious latency and throughput issues if I were to run like this. Can anyone confirm my understanding?
Incoming and outgoing are 3 different things. Forwarding ports would mean traffic that originates outside your network would go to HA.
Your normal web browsing from inside your network is not affected.
That’s my concern though. I’m not convinced that having all outside web traffic going through my pi would be a good idea.
I don’t understand your concern. Maybe we are talking 2 different things.
“all outsite web traffic going through your pi”:
No outside web traffic would go “through” your pi. Say you had an external ip of x.x.x.x. If you port foward, then if you are NOT inside your network, you type http://x.x.x.x then that will be served by HA. That is ALL that happens. That is all that gets to your pi. NO other traffic goes “through” your pi.
Edit: Are you talking about the PI being the reverse proxy with many other services behind it? Is HA on the same PI?
Right. Both HA and nginx would be running on the same host (pi).
Do you have other services you are going to proxy behind nginx?
For now, no. I’m going to try to crawl before I walk/run, haha.
edit: I think the end goal would be to run 1 host (pi) as HA, and then have a small cluster of pis for kubernetes with nginx and other services later on…
Not too sure. I have a beefy box that I run pfSense on and use HA proxy for things coming in from the outside.
Internally, I have a NUC that has HA and a few other things. I use nginx on the NUC for an internal reverse proxy.
I’ll have to defer to others that have more experience with the PI and the limits of it. I’m guessing that a PI would be fine for nginx if all it is doing is proxying. You could try it and see how it goes.
