I’m setup the same way you are in that respect so I guess yes normal.
About the other issue I’ll just hit Home Assistant’s forum and let them know see if others are having the issue with https. Otherwise I See no reason why this is a Nethserver issue.
A way to get around secure communication from NS to your Home Assistant install would be to either VPN/SSH the machines and then route your reverse proxy through that tunnel. Pain in the rump and not optimal at all but do-able.
I’m trying to wrap my head around that idea. Not sure I fully understand and how this would potentially fix the android application not being able to work with https. Could you clarify?
I am a goof and should have tried the SSL right off the get go. HTTPS does work via the android app and the revers proxy. Your problem with anything https related to Android and HA is more than likely due to a valid SSL cert. I just ran a local LE cert on my NS install with a reverse proxy to a domain I own and the app connected over https without issue.
A simple way I have gotten around this so I am not monkeying around with settings is using Cloudflare with my own domain and using their proxied SSL. I don’t need to worry about renewing SSL certs, can create firewall rules to only accept traffic from the Cloudflare white list and drop all other 443 incoming traffic. I know you are looking for a way to update your dynamic DNS and Cloudflare also has ways of updating that info as well.
I have had issues with my own certs. Now I’m using Nethserver’s default one and yes when I login through the web, I do get this invalid cert warning but able to proceed. So I guess the HA Android app is blocked by that but I not able to test this since I do not own my own domain and all certs I generated have not been approved by a certified authority. So I guess if you would use Nethserver’s default certificate maybe you would have the same problem I have.
So you’re using Cloudfare for your Dynamic DNS Service and their SSL certs then? How much is that costing you per year?
Yes I am but I am also doing it in conjunction with domains I own. There is no cost for me to use the services I am and Cloudflare is also offering near at-cost domain registration. In my opinion you’d be best served going this route (getting a domain), as you can control the DNS/Certs and you only pay for that yearly domain registration.
What you are proposing is for me to get a domain name just for homeassistant. If ever I need to access other services then that one be another cert I will need. Unless I guess I buy a wildcard domain name if that is possible? This is really the first time I’m doing this.
You don’t have to, it just offers you so many options. A simple VPN connection from any mobile/remote device will solve all of your connectivity problems. If you purchase a domain, you do NOT need to buy certificates. There are multiple options for you to get free SSL certs and NethServer offers LetsEncrypt for free.
You can also import a self signed certificate to your mobile android device. It all really comes down to how you want to approach your project and what resources you want to use.
Quoted for emphasis. Seriously, you pretty much never need to buy a server certificate any more. If you really need an EV cert, and don’t believe that EV certs are dead, then you’d need to buy that, but otherwise, use the free ones.
Think of a Domain as a mobile phone…
Sure you can always “borrow” a phone and make a call. Only no one can ever call you back…
If you get the cheapest mobile and rate, the whole world can call you!
How many services does eg Apple provide under apple.com? Or Microsoft.com?
With just one Domain, you can have millions of subdomains…
I did setup a VPN account and it works. The only reason I am not using it is I didn’t want to be VPN connected all the time from my phone also, I have doubts as to how well that would work to geo locate me when I’m away from home and connected on the VPN. I don’t think it would matter just have not tested it yet. Just comes down to not wanting to be VPN connected all the time but you are right, it would solve most of my issues and I wont even need a reverse proxy anymore.
Exactly, like @Andy_Wismerpost gives a better idea of what purchasing a domain can do for you. If we were talking about mechanical stuff this would be one of the primary parts you’d use and what a good majority of people with similar circumstances use. At ~ $10/year or less it is one of the simplest and easiest way to get done what you are after in the long run which is https communications for your HA stuff.
…and “or less” can even be free–see freenom.com. Not the greatest domains, but they can do. But I’d much prefer the nominal cost for a paid domain that I then own.
I just looked into this site and I’m waiting to see how getting their free domain works. If it goes through I’d love to make some tutorials using their offered domains.
The biggest issues I remember (and it’s been a while since I used them) were:
You couldn’t get more than one year on a domain, and
There was no warning before expiration–and if it expires by even a day, it’s gone.
Now, there’s a newer issue, and that’s that you can’t use Cloudflare’s API to update DNS records for freenom’s free domains on Cloudflare’s free plan. If you’re using my guide for Let’s Encrypt DNS validation, this could be a problem.
I hear ya but for a free domain for me to do tutorials on is much more appealing to me so I don’t have to mix/expose the stuff I use on a personal day. This along with a NS droplet ~ a large amount of testing/demo that can be documented for NS. Thank you for the find.