prigal
commented
1 month ago Update : I will try to fork to do a PR, after reading other addons I may have found how to do it.
Open prigal opened 1 month ago
prigal
commented
1 month ago Update : I will try to fork to do a PR, after reading other addons I may have found how to do it.
Hi, first of all, thank you for creating this addon.
I'm using Tailscale to access my home assistant server and all service it host through addons. I would like to setup Actual with HTTPS with Tailscale. I'm acually using this addon : https://github.com/lmagyar/homeassistant-addon-tailscale/blob/main/tailscale/DOCS.md, it allows to place Tailscale generated certificate (lets encrypt) in /ssl folder and use them for home assistant (it replace /ssl/fulchain.pem and /ssl/privkey.pem).
Tailscale doc on HTTPS : https://tailscale.com/kb/1153/enabling-https
This allow me to use HA with HTTPS with a tailscale subdomain without exposing my server to the internet (only device logged to tailscale vpn can access it) using this kind of url : https://ha.tail123ab.ts.net with this configuration :
Important : I'm not using "funnel" that can expose domains to the public internet and allowing any device without tailscale vpn to access my instance. I'm only using the ability to create a certificate on a public tailscale subdomain that will "route" only if VPN is connected. This enforce HTTPS for apps that require it even if my traffic is already encrypted behind the VPN.
For exemple, I'm using vaultwarden addon to manage my passwords behind the tailscale VPN with this addon : https://github.com/hassio-addons/addon-bitwarden. I was able to configure the addon with these params :
This tell the addon to use the certs file generated by tailscale in the /ssl folder. This way I'm able to access vaultarden over HTTS with this URL : https://ha.tail123ab.ts.net:7727 (on a specific port).
I would like to do the same with Actual Budget because I'm not using Nginx Proxy manager to handle reverse proxy and certs.
When I look their docker-compose I find that I could specify some cert files : https://github.com/actualbudget/actual-server/blob/master/docker-compose.yml. Could you make this env variable accessible using an option in the addon configuration ?
Thank you !