I’ve seen similar questions asked but I am still trying to wrap my brain around this solution, so I’m starting a new thread to try to get clarity. Apologies for the churn.
The problem: hass.io running on a Raspberry Pi with haaska set up, which means having https (and associated certificates) configured. This prevents me from being able to use the Android/IOS apps internally because I don’t have loopback so I can’t use the external HTTPS URL internally, and the apps won’t accept an internal address because the certificate doesn’t match.
The solution as I understand it: install the NGINX Home Assistant SSL Proxy add-on, configure it, and now THAT handles the https request from the outside (including haaska / Alexa / external app requests from outside the network) and passes requests to HASS, while insecure http works just fine inside because you are on the other side of the proxy.
But the problem with THAT: from what I see in tutorials, you’re supposed to forward all traffic from port 443 to the proxy, and we have a houseful of other machines here, so if I did that there would be several people standing at my desk with pitchforks as I ruined Web access to the rest of the house.
Basically, what would be optimal would be for NGINX to ONLY see requests intended for HASS, so maybe set it up to listen on 8124 or something (and my outside domain would then use the format https://mydomain.com:8124 or subdomains would forward to same, and routers would be set to forward 8124 to it), then forwarding that traffic along to insecure http://myinternalip:8123.
Is that something that can be done or am I completely missing the point?
Thanks for any help!