Comment on I love Home Assistant, but...
mhzawadi@lemmy.horwood.cloud 8 months agoRequiring a full URL will be more of security thing I would guess, as some users put HA on the internet and it could have access to open doors.
Also I have tried things on sub paths and it got very complicated to know where a service was, a domain keeps things easy to setup and manage. As I run internet facing services for my day job, I have to look at both security and easy of maintenance when setting things up.
I would say that if you need a path over domain, its a skill issue and you need to find a better way of working.
Shimitar@feddit.it 8 months ago
Not really… Your attitude is the problem.
Sub paths are simpler to deploy: need only one certificate, need only one subdomain.
In any case you need reverse proxy so security is not the matter here.
Your use cases are not mine and both ways should always be possible.
You never need a subpath over a subdomain, nor viceversa, it is (or should) always be a choice.
mhzawadi@lemmy.horwood.cloud 8 months ago
Ok, I dont get your point of view. As I dont see the need to sub path things.
What I do see is a lot of people who seem to think that a sub-path is good security, cheaper to run and lots of other things.
First off, you can get free lets encrypt certs and even a wildcard cert if you know how. Also you can get a SAN cert with a little config of certbot.
Second, you dont need an A record for every domain. You can use a c-name or even a wildcard to catch any domain name.
Then the security is all crap, if the sub path is on the internet it will get found in time. A domain is just more obvious, you can also name the sub domain anything you want. Case in point is my nextcloud on an owncloud sub domain.
If you start to look into ways to automate all that, then things are trivial to add to. I use OVH for my domains, as they provide an API that I can use with certbot to get any certificate I want for my domain. I can also use the API to provision a new subdomain, be that an A record or c-name. But I have a wildcard subdomain so that I can spin up anything on any subdomain and I dont have to do any setup.
Shimitar@feddit.it 8 months ago
A all my services are behind pam-auth, so nobody unless autheorized can see any subpaths. That fix it for security.
And that make it that browser will ask you to save password and login for each subdomain… But only once for a subpaths.
But beside this, is freedom of choice such difficult to grasp? My use cases are not yours, better be free to choose rather than forced, isn’t it?
I do have few subdomains as well, I know perfectly how to automatize them and in fact I do, but I don’t like having two ways and specially not just because some Dev don’t want to look into supporting subpaths. The number of services not supporting subpaths is the vast minority, so there must be enough people wanting to use them after all. And in all cases, they don’t support subpaths because framework don’t support them (immich) or because devs don’t care (ha).
Stuff like gitea, gerrit, WordPress, all wiki’s I ever tried, arrs, jellyfin, podfetch are just the first that pops into my mind that I use and support subpaths.