Mind that I am very noob into self-hosting, reverse proxies and the like
When I saw that Caddy automatically handled the HTTPS thingies I was like “this is my moment then to go into self-hosting”. Caddy seemed so simple.
Turns out… I am suddenly discovering that the connection between the caddy machine and the Home Assistant machine (both in the local network) is non-encrypted. So if another appliance in my local network went rogue… bum, all my info gets leaked… right?
This might sound weird because it might actually be super-duper complicated but… how come in 2025 we still don’t auto-encrypt local comms?
Please be kind. Lot’s of love. Hopefully I’ll dig my way to self-hosting wisdom.
Like others are saying, a simple fix to this is to setup the homeassistant machine for https & a self signed cert. Then on the Caddy machine you can configure the https to not verify the origin. That would make the communications more robust, but I think it is still vulnerable to MITM attacks.
Even better: generate a key pair to use for HA, and give the public part to Caddy to use for authenticating the HA server. If HA supports it, you could even generate a client certificate Caddy could use to authenticate against HA.