Overall practice would suggest that you need to install tower on your “intranet”, while this might be a good solution to some i think that if tower and Ansible do such a good job with working on ‘cloud’ provisioning then its pretty normal to place your tower setup on the internet too (depending on what line of work you are in)
This does come with some problems, getting a proper certificate for the domain is one and its open for attacks. Sure you can say you have a strong password but that doesn’t mean bad guys ‘cant’ bring it down by means of ddos or brute force on your machine which just makes it all more messy. For this issue i am using Cloudflare, some say its ‘sketchy’ but i believe it does a lot of simple jobs really well. By adding cloudflare not only do you have a proper dns setup world wide. You will also get free ssl certificate on top of it. (yes Cloudflare ‘could’ intercept stuff, but if you have so much trouble with that, get the strict ssl setup)
So, just go to cloudflare, change your dns to use theirs. Then in your settings go to the ssl setup.
And make sure you setup this one:
If you get the Flexible SSL you will go into a redirect loop, so don’t use that one!