How to make Home Asisstant public available without VPN?

Hello guys,

I have some services installed and they are all publicly accessible with their corresponding subpath:

Nextcloud: domain.example/nextcloud
Gitea: domain.exmple/gitea
Vaultwarden: domain.exmple/vault
Jellyfin: domain.exmple/jellyfin

I also have Home Asisstant installed and it is working fine on my local network.
My goal i to make Home Asisstant also accesible publicly:

domain.exmple/home

But ithis is not working, because Home Asisstant does not support to be hosted on a subpath:

Is there a possiblity, to host Home Asisstant on a subdomain?
I would like to have Home Asisstant to be reachable with a domain like so:

home.domain.example

I don’t want to use a VPN, because i have already installed ProtonVPN on my mobile phone, and therefore i cannot use a VPN to my home network.

Best regards

You would need to setup a reverse proxy. What webserver do you use?

I am using nginx and i have created for every service a config file in the sites-dietpi folder.

Have a look to Reverse proxy using NGINX - Community Guides - Home Assistant Community

You should be able to start at point 6

There is a nice tutorial in the HA forums to create a reverse proxy with nginx and make it reachable via subdomain:
https://community.home-assistant.io/t/reverse-proxy-with-nginx-using-a-subdomain/196952

I have also found this tutorials, but i am not able to get it work.

Are i am allowed to modifiy the config file /etc/nginx/sites-enabled/default?
Will this file not be overwritten by the lets encrypt certbot and/or a system update?

And, to be honest, i also don’t know how this is working with multiple server blocks in the nginx configs.

I can see you have a few ideas already, though if you want to try Tailscale I think it will be the simplest way, I use it and really easy to set up.

  1. Go to Tailscale and create free account. https://tailscale.com/
  2. In your Tailscale dashboard settings enable HTTPS
  3. Use this link to install Tailscale addon in HA Link to Add-on: dashboard – My Home Assistant
  4. After installing in HA go the configuration, (3 dots) and edit as YAML and paste
funnel: true
proxy: true
userspace_networking: false
  1. Save and start the addon in HA and Open the web ui of the Tailscale and authenticate.

Wait a couple mins max and in the dashboard (machines) in Tailscal ui you will see the url for HA and will now available on the internet.

If go this way and hit any snags I’ll offer any help, but it is easy as 1 2 3 4 5

I don’t think I missed any steps out.

Normally place your configurations in /etc/nginx/sites-available. Insiode this folder is already a default file. Inside this file is a line include /etc/nginx/sites-dietpi/*.conf; which means, you can just place your configs inside /etc/nginx/sites-dietpi. This folder will never gets overriden by nginx because it’s not from the default config.

Then you link your configs to sites-enabled:

sudo ln -s /etc/nginx/sites-dietpi/testsite.com.conf /etc/nginx/sites-enabled/

After that you reload ngninx: sudo systemctl reload nginx
With this method you can have multiple config files in sites-dietpi but only link the ones you want to have enable.

I would not do that

just create a new configuration next to default. I found a nice tutorial

Thank you for you help and fast response, but i don’t want to use an extern service to get access to my home asisstant instance.

But i cannot define other server blocks inside this configs, or do i?

see my post above. You need to create a new configuration next to default file

I have created a file called homeasisstant in the sites-enabled folder.
The contents of this file is following:

server {
	server_name home.domain.example;

    listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.example-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.example-0001/privkey.pem; # managed by Certbot


    location / {
        proxy_pass http://127.0.0.1:8123;
        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /api/websocket {
        proxy_pass http://127.0.0.1:8123/api/websocket;
        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

But with this config i get an error in the logs if i restart nginx:

Jan 23 21:57:37 DietPi nginx[72533]: 2024/01/23 21:57:37 [emerg] 72533#72533: duplicate listen options for [::]:443 in /etc/nginx/sites-enabled/homeasisstant:5
Jan 23 21:57:37 DietPi systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Jan 23 21:57:37 DietPi systemd[1]: Reload failed for nginx.service - A high performance web server and a reverse proxy server.
Jan 23 21:58:53 DietPi systemd[1]: Reloading nginx.service - A high performance web server and a reverse proxy server...
Jan 23 21:58:53 DietPi nginx[72600]: 2024/01/23 21:58:53 [emerg] 72600#72600: duplicate listen options for [::]:443 in /etc/nginx/sites-enabled/homeasisstant:4
Jan 23 21:58:53 DietPi systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Jan 23 21:58:53 DietPi systemd[1]: Reload failed for nginx.service - A high performance web server and a reverse proxy server.

these 2 lines are incorrect for the additional config file. It should be

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot

without http2 ipv6only=on

You can also test and validate your config with the command nginx -t.

@Joulinar Ok, i removed the ones you suggested. But after a nginx -t i get following errors:

2024/01/26 17:10:52 [warn] 264414#264414: conflicting server name "home.domain.example" on [::]:443, ignored
2024/01/26 17:10:52 [warn] 264414#264414: conflicting server name "home.domain.example" on 0.0.0.0:443, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Looks like you configured your host name within 2 different files. I guess once in /etc/nginx/sites-enabled/default and another one within the new file. Best to remove the block from /etc/nginx/sites-enabled/default

It is now working, thank you :smile: