this post was submitted on 17 Feb 2024
78 points (85.5% liked)

Selfhosted

40198 readers
1189 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Okay, let me start by saying that I really do love Home Assistant. I believe that it is a fantastic piece of software, with very dedicated developers that are far more talented than I. Although, that being said, I strongly disagree with a number of their design choices.

My most recent problem has been trying to put Home Assistant behind a reverse proxy with a subpath. The Home Assistant developers flat out refuse any contribution that adds support for this. Supposedly, the frontend has hard-coded paths for some views, to me this doesn't sound like a good practice to begin with -- that being said, I mostly program in Go these days (so I'm unsure if this is something that is pretty common in some frameworks or languages). The official solution is to use a subdomain, which I can't do -- I'm trying to route all services through a Tailscale Funnel (which only provides a single domain; I doubt that Tailscale Funnels where ever designed for this purpose, but I'm trying to completely remove Cloudflare Tunnels for my selfhosted services).

The other major problem I've ran into, is that HAOS assumes that you would have no need to run any other Docker services other than those that are add-ons or Home Assistant itself. Which, I'm sorry (not really), Home Assistant add-ons are an absolute pain to deal with! Sure, when they work, they're supper simple, but having to write an add-on for whenever I just want to spin up a single Docker container is not going to work for me.

Now, some smaller issues I've had:

  • There's no way to change the default authentication providers. I host for my (non-techie) family, they're not going to know what the difference between local authentication and command-line authentication is, just that one works and the other doesn't.
  • Everything that is "advanced" requires a workaround. Like mounting external hard drives and sharing it with containers in HAOS requires you to setup the Samba add-on, add the network drive, and then you can use it within containers.

Again, I still really love Home Assistant, it's just getting to a point where things are starting to feel hacky or not thought out all the way. I've considered other self-hosted automation software, but there really isn't any other good alternative (unless you want to be using HomeKit). Also, I'm a programmer first, and far away from being a self-hosting pro (so let me know if I've missed any crucial details that completely flip my perspective on it's head).

If you got to the end of this thanks for reading my rant, you're awesome.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 9 months ago (1 children)

Ok, I dont get your point of view. As I dont see the need to sub path things.

What I do see is a lot of people who seem to think that a sub-path is good security, cheaper to run and lots of other things.

First off, you can get free lets encrypt certs and even a wildcard cert if you know how. Also you can get a SAN cert with a little config of certbot.

Second, you dont need an A record for every domain. You can use a c-name or even a wildcard to catch any domain name.

Then the security is all crap, if the sub path is on the internet it will get found in time. A domain is just more obvious, you can also name the sub domain anything you want. Case in point is my nextcloud on an owncloud sub domain.

If you start to look into ways to automate all that, then things are trivial to add to. I use OVH for my domains, as they provide an API that I can use with certbot to get any certificate I want for my domain. I can also use the API to provision a new subdomain, be that an A record or c-name. But I have a wildcard subdomain so that I can spin up anything on any subdomain and I dont have to do any setup.

[–] [email protected] 1 points 9 months ago

A all my services are behind pam-auth, so nobody unless autheorized can see any subpaths. That fix it for security.

And that make it that browser will ask you to save password and login for each subdomain... But only once for a subpaths.

But beside this, is freedom of choice such difficult to grasp? My use cases are not yours, better be free to choose rather than forced, isn't it?

I do have few subdomains as well, I know perfectly how to automatize them and in fact I do, but I don't like having two ways and specially not just because some Dev don't want to look into supporting subpaths. The number of services not supporting subpaths is the vast minority, so there must be enough people wanting to use them after all. And in all cases, they don't support subpaths because framework don't support them (immich) or because devs don't care (ha).

Stuff like gitea, gerrit, WordPress, all wiki's I ever tried, arrs, jellyfin, podfetch are just the first that pops into my mind that I use and support subpaths.