I have a working setup of Homeassistant running on my Ubuntu server behind Mikotik Router with public IP address.
The server with LAN address 192.168.88.186 uses Apache2 reverse proxy to forward port 443 (https) to 8123 (Homeassistant native port). SSL encryption is done by Apache2 server, homeassistant knows nothing about SSL.
The Mikrotik has Hairpin NAT set up, so that Homeassistant is now available at my public address https://mydomain.com both from inside and outside the LAN.:
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether1
1 chain=dstnat action=dst-nat to-addresses=192.168.88.186 protocol=tcp dst-address=x.x.x.x dst-port=80,443 log=no log-prefix=""
2 chain=srcnat action=masquerade protocol=tcp src-address=192.168.88.0/24 dst-address=192.168.88.186 dst-port=80,443 log=no log-prefix=""
The last step is to make this new instance available at https://mydomain.com, which seems easy by changing 192.168.88.186 to 192.168.88.23 in my reverese proxy config in apache virtual host directives, but this made the new instance available ONLY from outside of LAN. From inside of LAN it says 403 Forbidden.
Since from outside of LAN everything works fine, the problem seems to be related to Hairpin NAT settings and the fact that proxying changed from different ports at localhost to a different IP in the LAN, and therefore some lines for need to be adjusted.
I've tried several configurations without success, need help.