Closed DaveDixon closed 3 years ago
danielperna84
commented
3 years ago What installation type do you have? With Home Assistant OS (formerly hassio) the configurator should support what they call ingress, which provides access secured by the Nabu Casa authentication.
DaveDixon
commented
3 years ago It's not hassio. Vanilla homeassistant with python virtual environment. I didn't know that hassio changed it's name, but I have noticed references to HA OS recently, so that explains that. Would I have to switch to HA OS to make this work?
danielperna84
commented
3 years ago That I don't know. I too am running HA in a venv, but without Nabu Casa, and I'm not exposing the Configurator anyways because I consider that to be rather insecure.
However, what you could do is to expose the configurator either directly using the port forwarding of your router, or do it with something like Apache or Nginx as a reverse proxy. For that you'll probably want a domain (the dynamic Duck DNS commonly used is sufficient) and do all that Lets Encrypt stuff. The community has multiple topics that handle this scenario.
If you really want to do that, I highly recommend to use the SESAME option, and if possible also the VERIFY_HOSTNAME to make this more secure. And you'll have to set the credentials in the options as well obviously.
DaveDixon
commented
3 years ago How are you using Configurator, then? I thought about port forwarding, but it adds the complexity of router programming in the event of changes to hardware, software, or network topology. This is a hobby, right? :)
I'll look into Lets Encrypt, SESAME, etc. Thanks for the pointer!
danielperna84
commented
3 years ago I only use it internally and connect via IP. I don't work on my configuration when I'm not at home. So no need to have it available on the internet. 🤷🏼♂️
DaveDixon
commented
3 years ago That arrangement would be fine by me, but I can't get it to work. The more I think about the more I think it's something about the SSL settings and using port 3218 - no SSL problem for IPs without the port. I'll keep digging - thanks for your help!
danielperna84
commented
3 years ago You'll always get SSL warnings when opening the configurator via IP. SSL works by validating the hostname, which of course is missing when you're using the IP. But the warning can just be ignored.
The only issue I see is when you decide to embed the configurator into the Home Assistant UI. By using Nabu Casa you'll have valid SSL for Home Assistant, but either invalid SSL for the configurator, or no SSL at all. Both aren't optimal, and mixing SSL + no SSL doesn't work at all. So I recommend to just bookmark the configurator and keep it out of Home Assistant.
DaveDixon
commented
3 years ago I figured out I can't run it embedded from the HA console. Thanks for your help!!
I've been using hass-configurator for a long time. I just switched up to using nabu.casa for secure remote access. The LAN URL for Configurator no longer works and I can't get to it through the nabu.casa URL, as far as I can tell. The server is on Ubuntu 18.04 running hass version 2021.1.5. The default URL for the hass api doesn't seem to exist. The server uses self-signed certificates for SSL. Any suggestions? Thanks!