Okay, let me start by saying that I really do love Home Assistant. I believe that it is a fantastic piece of software, with very dedicated developers that are far more talented than I. Although, that being said, I strongly disagree with a number of their design choices.
My most recent problem has been trying to put Home Assistant behind a reverse proxy with a subpath. The Home Assistant developers flat out refuse any contribution that adds support for this. Supposedly, the frontend has hard-coded paths for some views, to me this doesn’t sound like a good practice to begin with – that being said, I mostly program in Go these days (so I’m unsure if this is something that is pretty common in some frameworks or languages). The official solution is to use a subdomain, which I can’t do – I’m trying to route all services through a Tailscale Funnel (which only provides a single domain; I doubt that Tailscale Funnels where ever designed for this purpose, but I’m trying to completely remove Cloudflare Tunnels for my selfhosted services).
The other major problem I’ve ran into, is that HAOS assumes that you would have no need to run any other Docker services other than those that are add-ons or Home Assistant itself. Which, I’m sorry (not really), Home Assistant add-ons are an absolute pain to deal with! Sure, when they work, they’re supper simple, but having to write an add-on for whenever I just want to spin up a single Docker container is not going to work for me.
Now, some smaller issues I’ve had:
- There’s no way to change the default authentication providers. I host for my (non-techie) family, they’re not going to know what the difference between local authentication and command-line authentication is, just that one works and the other doesn’t.
- Everything that is “advanced” requires a workaround. Like mounting external hard drives and sharing it with containers in HAOS requires you to setup the Samba add-on, add the network drive, and then you can use it within containers.
Again, I still really love Home Assistant, it’s just getting to a point where things are starting to feel hacky or not thought out all the way. I’ve considered other self-hosted automation software, but there really isn’t any other good alternative (unless you want to be using HomeKit). Also, I’m a programmer first, and far away from being a self-hosting pro (so let me know if I’ve missed any crucial details that completely flip my perspective on it’s head).
If you got to the end of this thanks for reading my rant, you’re awesome.
I second the complaint about subpaths. I have all my services on a single domain, except for HA. It’s for security by obscurity, when you issue a certificate for a subdomain you start getting malicious traffic probing for vulnerabilities almost immediately. I don’t have this problems for services with non-obvious subpaths.
I can’t understand the stubbornness of developers to accept patches for fixing this problem.
LetsEncrypt can hand out wildcard certs if you are able to add TXT records to your domain, if that helps any.I realised this was a stupid comment that doesn’t help any.
No no, that’s how i’m working around the problem now, but i’m sure sni sniffing will sooner or later make my domain well known
Have you considered not using the Home Assistant OS? You don’t need to run it to use Home Assistant. You can instead set your host up with some other OS, like Debian, and then run Home Assistant in a docker container (or containers, plural) and run any other containers you want.
I’m not doing this myself so can’t speak to its limitations, but from what I’ve heard, if you’re familiar with Docker then it’s pretty straightforward.
A lot of apps use hard coded paths, so using a subdomain per app makes it much easier to use them all. Traefik has middleware, including stripPrefix, which allow you to strip a path prefix before forwarding the path to the app, though - have you tried that approach?
Strip prefix won’t work if the frontend expects to find paths at absolute locations. You would need to patch the html, css and js on the fly, which is somewhere between ugly and (almost) impossible.
I would also suggest to simply use custom (sub) domains. Especially in your intranet you can have whatever domains you want.
This was going to be my suggestion. Just run home assistant as a Docker container, problem solved!
Still no subpaths, changing default authentication providers, and there can still be workarounds that feel hackish (I’ve used HA is a container before) the difference is that you’ll do less in Home Assistant, so you avoid them as much as possible.
You can’t use add-ons when running HA as a docker container, which basically lobotomizes it.
Yes you can. It requires those docker containers to be installed and plugged into it on a stand alone system. This is exactly what HAOS is doing behind the scenes for is users and why many stick with it.
Addons are just other containers, you can run them next to ha
Add ons are just shitty packaging of other software. Just run the other software directly.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CGNAT Carrier-Grade NAT HA Home Assistant automation software ~ High Availability HASS Home Assistant automation software IP Internet Protocol LXC Linux Containers NAS Network-Attached Storage NAT Network Address Translation Plex Brand of media server package RPi Raspberry Pi brand of SBC SAN Storage Area Network SBC Single-Board Computer SSL Secure Sockets Layer, for transparent encryption SSO Single Sign-On TCP Transmission Control Protocol, most often over IP TLS Transport Layer Security, supersedes SSL VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
17 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.
[Thread #519 for this sub, first seen 17th Feb 2024, 08:05] [FAQ] [Full list] [Contact] [Source code]
Caddy and Rewrite / strip_prefix doesn’t work?
reverse Proxy based on the /homass and then internally strip the prefix from /homass/x to just /x ?
I think your missing the point of HAOS, it’s an appliance. You don’t manage it like a normal self host system.
Once you treat it as an appliance, it’s great. Also there is a portainer agent you can run that will connect to a portainer instance.
As for your tunnel issues, maybe the tunnel thing is your biggest issue. I run all my self host stuff on its own subdomain, if I want to route something home I use the site to site VPN I have. Even a cheap ovh vps could be a way to run stuff on subdomains
Require a subdinain should not be mandatory in 2024.
Sub paths should be such a basic feature that’s ridiculous devs don’t even take that into consideration.
Why? Because a software requiring absolute paths is as old and obsolete as an msdos program, and the only real reason it happens today is… Bad design choices or limited frameworks.
Requiring a full URL will be more of security thing I would guess, as some users put HA on the internet and it could have access to open doors.
Also I have tried things on sub paths and it got very complicated to know where a service was, a domain keeps things easy to setup and manage. As I run internet facing services for my day job, I have to look at both security and easy of maintenance when setting things up.
I would say that if you need a path over domain, its a skill issue and you need to find a better way of working.
Not really… Your attitude is the problem.
Sub paths are simpler to deploy: need only one certificate, need only one subdomain.
In any case you need reverse proxy so security is not the matter here.
Your use cases are not mine and both ways should always be possible.
You never need a subpath over a subdomain, nor viceversa, it is (or should) always be a choice.
I just used a Cloudflare Tunnel.
I’m always very wary of systems that require a user to deviate as much from the “usual” structure almost all other services use. HAOS has really weird configs and “all the functionality” that presumably breaks when you use docker and don’t have the supervisor for docker… well… If what HA did was the way to go… whi is it that tons of services use docker’s rather powerful internal networking features just fine but HA of all things can’t do that and requires weird addons that for some reason cannot live on any other system than a Debian with weirdly specific modifications (bye bye cgroupsv2)? This will break most other functionality of that host Debian. I mean… if only there was a widespread-way to provide a highly customized Linux kernel in an ephemeral environment that can just be plugged in and out of a host machine without changing the host machine itself… Nah, can’t have that, let’s cause more overhead with a VM…
I’m not willing to make that kind of modifications to my whole setup just for HA and in the long run, this rift between “the way it’s usually done” and “The HA-Way” will become bigger and bigger, causing more and more problems.
I will first admit that I am quite ignorant to Home Assistant.
I am a happy openHAB user for 5+ years. Have you considered switching to see if you like it?
I tried Home Assistant once or twice but never felt comfortable enough to switch.
I run stuff locally and can connect over VPN to my home and operate as if I am inside the home. I have not looked into these other cloudflare tunnels or tail scale as I don’t think it would provide any advantage to my current setup.
OpenVPN server running on my router does the trick.
I am a happy openHAB user for 5+ years. Have you considered switching to see if you like it?
I actually have considered it, and I’m still thinking about it.
I run stuff locally and can connect over VPN to my home and operate as if I am inside the home. I have not looked into these other cloudflare tunnels or tail scale as I don’t think it would provide any advantage to my current setup.
I have a strange setup. My ISP is Starlink (so I’m behind a CGNAT), meaning I kinda need another service to access them outside the network, but (as mentioned) I mainly host for my family who wouldn’t know how to work another app or VPN.
