I am rebuilding my system and I have a few questions related to network set up. I have installed a new Unifi system, set up IoT VLAN and opened port for HA. That part I THINK is right. My questions lie with setting up DuckDNS and Let’s Encrypt. I plan on doing more self hosting stuff in the future. Can/Should I be doing things like Dynamic DNS and certificates via an entity outside of HA such as my router or some other container in the “system” or is it better to handle HA’s requirements inside of HA itself?
Additionally, in my current config I can only reach the HA brain via the DuckDNS URL. What sort of set up is required to have the unit accessible when the internet is down? Seems with the mobile app it is the URL or nothing. What do I need to be doing for internal access when on local LAN?
I am running it on the HA Blue hardware and I plan to rebuild from scratch if that matters. I am sketchy on the network set up and making sure things are all secure. Bit paranoid lol. So if you have any good set up guides on this portion it would be appreciated. Thanks.
It doesn’t really matter how you setup dynamic DNS and SSL. I prefer to handle dynamic DNS on the router, incase it’s smart enough to refresh the IP after DHCP renews it. I do SSL on a seperate nginx instance, but I run a few other sites; it might be easier to configure it directly on home assistant, but I haven’t tried.
If you want some extra security, I’d look into mTLS, as that establishes some cert based authentication at the TLS layer before HTTP, but it can be complicated to configure.
I have a number of apps I would like to implement down the road that will likely need some sort of connection either externally or internally via some sort of VPN. It is all very confusing as I everything I read seems to have me adding 4 or 5 more components for DNS, firewalling…etc when can’t my Unifi system just do that stuff? I paid more than enough that it should handle these tasks. It does DNS already, so why do I need an external DNS server? Very confusing. Why I have not moved forward on anything, it all feels over complicated and too many ways to screw it up.