I can access it either via https:IP:8443, ha.local:8443, cloudflare domain + tunnel
I also have nginx proxy manager add-on
no http access
Remote access seems fine but local has problems due to no certificate. This is especially problematic with companion app (I know, I can just use the remote address only but I’d like to fix this if possible just because it’s annoying me -.-)
I’ve been browsing the web and countless solutions later I ended up installing nginx proxy manager and trying to use a self-signed certificate but I can’t seem to make this work at all.
I already have a certificate for cloudflare so I’m not sure how to continue to have https local access with my self-signed certificate.
I had duckdns previously and it worked fine (took ages until google stopped claiming my website is dangerous but other than that, fine) but since I moved to the cloudflare tunnel solution, I can’t seem to make local access to work fine.
I repeat, local access via https works but it bugs me when the browser complains and companion app doesn’t work. If anything, it’s an exercise to learn something, not an actual problem.
If I got this right you have remote access using cloudflare tunnel.
It is possible to set up https on local host using lets encrypt and nginx proxy.
I’m running this is on docker. I bought a domain and add it on a provider site.
I set up reverse proxy for that domain and got ssl cert for that domain using dns challenge in nginx as it has support for lets encrypt.
In adguard i use dns rewrite to point my domain to my ha ip address.
And this is it. You have ssl cert running on domain that is not accessible over net as I don’t update my dynamic ip address.
And now you can build a bunch of subdomains for each container in the same way.
I’m using nabu casa for remote access and today I found out for an awesome integration for accessing my other containers over nabu casa cloud. And this is all I need and want.
To be able to give myself access to the containers I want over net and disable access on containers I don’t want to be accessed remotely.
It is possible to set up https on local host using lets encrypt and nginx proxy.
I guess this is the part I don’t quite understand. Can you please expand a bit on this?
I have a domain already with cloudflare and I’m also using tunneling for the remote. But I am not sure I understand how to fix the local part. I did import the cloudflare origin certificate in nginx using dns challenge but I guess I’m stuck after this point.
I will try. Now. obviously you can’t have one domain that will be accessible remotely and locally at the same time. My domain is not accessible over net as I don’t want it to be. I use it only for my local network and to gain ssl certs for it. So my local connection to my ha instance is encrypt with ssl and to other containers.
I’m using dynu.com. There I set up my domain and all subdomains.
As I’m using docker I have nginx container that has built in let encrypt.
The rest is fairly easy. Go to nginx control panel, add proxy host, choose http scheme, add ha ip and port 8123 and ask for ssl certificate using dns challange.
It give me a cert for that domain. As I don’t want to update my ip for that domain I use adguard dns rewrite option. What that does is just make dns answer to that domain and it is pointing back to my ha ip address.
Of course i use adguard as dns resolver and did set up my main local wifi router, not provider router, to use my ha ip address for dns resolving.
I think I understand what you mean but I also think there may be some confusion from how I presented the issue
I am fine with access, my main problem is that the local access for HA is now a HTTPS address (which is great) but that is problematic for the companion app because it doesn’t have a valid certificate.
I do have the cloudflare certificate for the remote version (via the domain I have with cloudflare) but I was wondering if it’s possible to have 2 certificates, one that serves cloudflare domain path and the other to serve local connection.
Now. obviously you can’t have one domain that will be accessible remotely and locally at the same time
To clarify this, I don’t want to access locally with the domain, I want to use HA hostname (in this case “ha”) and have a self-signed certificate that I can also install on iOS to have the companion app stop complaining
I already imported the cloudflare ssl certificate via dns challenge but I’m having trouble making a similar thing for the self-signed certificate so that ha.local (aka homeassistant.local) to use.
Maybe this way of describing things is better? I’m not sure either how to best say it
LE: I could totally misunderstand some concepts and think I can do something that’s not possible but I haven’t figured if that’s the case yet, lol
I understand this approach as this was the my first approach or attempt to use ssl on local host.
This has some drawbacks. First off all you have to import that cert in your browser as trusted cert, you also have to import it in all devices that will be using it, like mobile phone, because they will complain about the cert. Complain goes because it is your custom made cert.
In the way I set this thing up nothing is complaining about the cert, as it is legit. This cost me 20 € per year. All certs, and I’m currently have 15 of them, are renewed automatically every 3 months, I think.
And I don’t have to think about it. And that is way this is better approach. Yes, it does cost some money but that money is not worth of hassle with my custom made cert.
Yeah, I understand but, I think it’s fine, I will be the only one that will use this local path that requires the self-signed cert and I’m willing to go with it since I only actually need it on my iPhone for the companion app. If I needed it on more than 1 device, I might have reconsidered
You don’t have to do that. You can grab yourself free domain. It will be something like mydomain.inmyspace.org. You can do that on this dynu site. At least this was before I switched to payed domain.
And get cert for it like I described. The downside is that you will have a very very long domain name and you can use up to 4 subdomains with it.
thank you