Which ports do I need to forward to HAOS server?

itm1960 · December 11, 2024, 8:09pm

I plan to access my HAOS server using this URL:

https://mydomain:8123/

My question is, which external port(s) on the router do I need to forward to the HAOS server - 443 (for SSL), 8123 (for HA), or both?

chairstacker · December 11, 2024, 8:21pm

I’d recommend against doing that und for using something like this add-on instead:
hassio-addons/addon-wireguard: WireGuard - Home Assistant Community Add-ons

NathanCu · December 11, 2024, 8:39pm

Agree with Chairstacker.

Dry forwarding a port to your HA box is ill advised. (ESPECIALLY 8123, unencrypted, good way to get immediately pwned)

Put some kind of reverse proxy or other solution to protect it in front. I use NabutCasa. Many recommend a VPN solution like tailscale.

itm1960 · December 11, 2024, 9:02pm

Thanks for the feedback. I run an app on my phone which involves having a third-party VPN running at all times, so adding a VPN is not an option for me.
I also run a web server on a different host, so forwarding port 443 to my HAOS server wouldn’t really work.

michaelblight · December 12, 2024, 10:00am

Something like cloudflared then.

itm1960 · December 12, 2024, 12:08pm

Which particular Cloudflare feature would you be referring to? I’d certainly be happy to move one of my domains to Cloudflare if necessary.

michaelblight · December 13, 2024, 12:29am

cloudflared (the daemon for local cloudflare) - the link I provided is an addon that makes it easy to set up a cloudflare tunnel to access HA externally.

itm1960 · December 13, 2024, 11:28am

Oh thanks I hadn’t noticed that your previous message contained a link - I will look into that and see if it can co-exist with the VPN that’s already on my phone.
My wife’s phone also runs the HA app, but only in order for HA to track her location for home alarm functionality. Would she also be required to run the same tunneling app in order for HA to track her location via the app?
Also, would this solution require me to forward port 443 on my router to the HAOS machine?

itm1960 · December 13, 2024, 12:02pm

Hmmm…I got Cloudflared set up, and authorised with my Cloudflare account, but get “400 Bad Request” when I try to access https://mydomain from my phone. I guess it doesn’t play nicely with the existing VPN, so I may need to go back to plan A, at least in the short term.

So…back to the original question…do ports 443 and 8123 both need to be forwarded on the router to access https://mydomain:8123/ ?

EDIT: it turns out that I also get “400 Bad Request” when I try accessing https://mydomain from other Android devices, which don’t have any VPN’s running. So it seems that my Cloudflared integration isn’t working as it should. I’ve raised a separate Cloudflared question in another thread, but would still really appreciate clarification re. which ports I need to forward to allow “non secure” access in the meantime.