However, while I managed to setup a tunnel and load the login page of home assistant, I can not login.
I see nothing in the logs of either the server or client, other than a couple lines of this:
2022/01/11 21:13:05 http: TLS handshake error from AAAAAAAA: no certificate available for ‘BBBBBB’ with AAA being some random IP I don’t recognize and BBB being the IP of my server.
Trying a couple more times, and I can observe the following in the developer console of firefox
The connection to wss://xxx.xxx.com/api/websocket was interrupted while the page was loading.
Sometimes, i also get a failed POST (400 Bad Request), as can be seen in the following screenshot.
Hey @devleon, yeah this is almost certainly the same issue encountered by folks here, ie boringproxy doesn’t currently support WebSockets, which are apparently required by Home Assistant.
This is the most-requested feature for boringproxy. Even though I don’t currently need WebSockets support myself, I am planning to implement it in the semi-near future. There will definitely be an announcement here when that ships.
In the meantime, my goto recommendation for most people would be to use Cloudflare Tunnel. It’s more production-ready than boringproxy and supports WebSockets. If you’re set on self-hosting, I would look next at frp or sish.
Nice! Cloudflare Tunnel is an excellent product. I’ve been meaning to update my list to point most people in that direction for now.
Long-term, I hope boringproxy and/or TakingNames.io (planning to add a hosted tunneling service) becomes a viable alternative at some point. The potential advantages would be:
End-to-end encryption. With boringproxy by default your TLS certs live on the client machine, so neither the boringproxy server or the VPS it’s running on can decrypt your traffic. Cloudflare takes quite the opposite approach and decrypts everything on their servers. It’s understandable though. There’s no way I know of to run a CDN without doing this.
Transparent bandwidth pricing. Like their free CDN, Cloudflare Tunnel is a loss-leader product. They’re hoping you’ll buy their other services, or encourage your employer to do so. One side-effect of this is that their usage policy for the free products is actually pretty strict. For example you technically should primarily serve HTML web pages, ie not audio/video streaming from something like Jellyfin etc. In practice I’ve heard people say they don’t actually enforce this, but it’s something to keep in mind moving forward, especially if more people start using Cloudflare Tunnel which makes it much easier to get started self-hosting. TakingNames.io tunnels will have a flat subscription fee for a given amount of bandwidth that you can use for whatever you want.
Dead simple OAuth2 flows. TakingNames.io will offer a simple tunnel API similar to the DNS API offered at launch. You could imagine a world where you can install a Nextcloud app on an unused Android phone, do a quick OAuth2 flow to create a tunnel, and your old phone is now 100GB of end-to-end encrypted cloud storage (plus all Nextcloud’s other features) available over the internet. People could self-host without needing to understand the command line, IP addresses, or DNS at all.
I would be curious to hear any thoughts of suggestions you have.
