I am struggling to get a secure (SSL) connection to my HAS system.
This what i have done so far;
I purchased a domain at namechaep (e.g. mydomain.link)
I purchased a SSL certificate at namechaep
I set-up the DDNS service at namecheap
I created a subdomain (e.g. has.mydomain.link)
I setup a reverse proxy server
I created an ALIAS dns record pointing to “has.domain.link” which points to my proxy server
The proxy server (running on a synology nas) has port 80 and 443 open.
The SSL certificate works, because i get a secure connection to the Synology nas.
The reverse proxy server is pointing to my internal HAS server on a separate machine (Running on an Intel NUC) internal IP → https://192.168.20.6 port:8123
I installed NGINX on home assistant.
I get connected from outside to my HAS, but is not a secure connection??
Then next;
11. I translated the SSL certificate to PEM format and installed them in the /SSL directory on the HAS server (both the server.key = privkey.pem and fullchain.pem).
Also by doing so i still do not get a secure connection towards my HAS server.
the certificate is issued to the main domain. When i check the certificate details in the brower i see in the common Name (CN) only the main domain name. “mydomain.link”.
When reading online documentation on reverse proxy, my understanding was that whould open have to open port 80 and 443 to savely reach all other servers behind the proxy server using the domain cerificate.
The certificate only validates my domain.xy, not has.mydomin.xy.
You need to use my domain.xy, when connecting from outside or you need to update the certificate with the alternative name, has.mydomain.xy (or *.mydomain.xy)
I solved the issue in this manner;
On the synology nas for the domain ‘has.mydomain.link’ i created let’s encrypt certificate.
As mentioned in my initial post; the 'has.mydomain.link’is forwarded via reverse proxy to the HAS server in my internal network 192.168.20.6:8123
When now access the HAS server from outside my network ik get a secure connection.