0.110: Is internal_url useless when https enabled?

Again, thanks for all your help Petro.

1 Like

Hi could you please share the code or where do I have to change it?
Thanks

Need help with remote access after upgrade from 0.109 to 0.110.5, remote access is not working and config.yaml and front end general config are as below:

Not sure what is stopping remote access, it was working well until version 01.109?

Even the OS upgrade to 4.8 is failing with error 500.
OSupgrade_error
Any help appreciated.

I do not think your external url or your base url should have the port - a.k.a. the 8123. Please remove it and see if that solves your remote access issue.

Petro -

Someone is working on my Netatmo timeouts. My Netatmo server requests were timing out before I implemented the addon but he seems focused on that part of my configuration. Anyway, he commented as follows -

Please check the full Nginx Reverse Proxy guide here.

I think you’re config is missing this:

http:
  use_x_forwarded_for: true
  trusted_proxies: <NGINX IP address here, or 127.0.0.1 if hosted on the same machine>

You probably have to edit your proxy settings as well.
Not sure if this is the only issue.


I’m not sure what he meant by stating “You probably have to edit your proxy settings as well.”
Do you think that will make any difference in my Netatmo timeouts or simply introduce something else to go wrong? I’ve had the Netatmo server timeout issues much longer than the introduction of the Nginx Addon you suggested. Lastly, what is the server that is timing out? Is it HASS related infrastructure or me?

Any feedback would be terrific. PS - TTS is still working fine. Thank you again.

No, this is already included with the addon. The guide you are posting is for home-assistant core users.

So, is this just the big "blow off’. I don’t know what’s wrong. You really cannot do anything with the Netatmo integration but enter credentials and then it displays the camera images. Since you are a moderator do you know where i go from here? BTW - Does the webhook ban, that is constantly being enforced by Netatmo due to response times, come from my PI timing out or are they coming from time outs elsewhere? I assume elsewhere but I feel like I’m trying to point out an issue without anyone really wanting to fix it.

I’ve offered all the help I can as I don’t have netatmo devices. Your previous post indicated that my linked post was missing information. It was not. That’s all I was clarifying.

Moderators of a forum are just… moderators. Nothing more. If you really need help with this, I suggest making a post with a title that reflects your issue to gain notice from other netatmo users.

If there truly is an issue with the integration, then you should be posting an issue on github.

Hi all,

I just realized that you need not use https and SSL. You can simply use the http address, for the Redirect URIs on the application details page at the home connect developer site

Seems to work for me

I changed my front end “Configuration” entry for “External URL” to https://xxxxxxxx.duckdns.org and http://xxxxxxxx.duckdns.org and rebooted OS none of the options worked. I am fully relying on DuckDNS which includes LetsEncrypt and not using NGINX.

It was working prior to upgrade to 0.110.5 with port entry 8123 in “config.yaml” for base_url

What all should be retained in config.yaml? We need the SSL entries. I am seeing bunch of errors in home-assistant.log file

2020-06-08 21:30:26 ERROR (MainThread) [homeassistant.components.script] Sonos TTS script: Error executing script. Service not found for call_service at pos 1: Unable to find service media_player/snapshot
2020-06-08 21:30:26 ERROR (MainThread) [homeassistant.components.script] Garage door alarm4: Error executing script. Service not found for call_service at pos 1: Unable to find service media_player/snapshot
2020-06-08 21:30:26 ERROR (MainThread) [homeassistant.core] Error executing service: <ServiceCall script.garage_door_alarm4 (c:e516a102788342f6a48bb4e3413fb69e)>
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/core.py", line 1269, in catch_exceptions
    await coro_or_task
  File "/usr/src/homeassistant/homeassistant/core.py", line 1288, in _execute_service
    await handler.func(service_call)
  File "/usr/src/homeassistant/homeassistant/components/script/__init__.py", line 207, in service_handler
    await script.async_turn_on(variables=service.data, context=service.context)
  File "/usr/src/homeassistant/homeassistant/components/script/__init__.py", line 284, in async_turn_on
    await self.script.async_run(kwargs.get(ATTR_VARIABLES), context)
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 798, in async_run
    await run.async_run()
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 522, in async_run
    await self._async_run()
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 539, in _async_run
    await self._async_step(log_exceptions=not propagate_exceptions)
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 153, in _async_step
    self, f"_async_{cv.determine_script_action(self._action)}_step"
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 623, in _async_call_service_step
    *self._prep_call_service_step(), blocking=True, context=self._context
  File "/usr/src/homeassistant/homeassistant/core.py", line 1253, in async_call
    task.result()
  File "/usr/src/homeassistant/homeassistant/core.py", line 1288, in _execute_service
    await handler.func(service_call)
  File "/usr/src/homeassistant/homeassistant/components/script/__init__.py", line 207, in service_handler
    await script.async_turn_on(variables=service.data, context=service.context)
  File "/usr/src/homeassistant/homeassistant/components/script/__init__.py", line 284, in async_turn_on
    await self.script.async_run(kwargs.get(ATTR_VARIABLES), context)
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 798, in async_run
    await run.async_run()
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 522, in async_run
    await self._async_run()
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 539, in _async_run
    await self._async_step(log_exceptions=not propagate_exceptions)
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 153, in _async_step
    self, f"_async_{cv.determine_script_action(self._action)}_step"
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 623, in _async_call_service_step
    *self._prep_call_service_step(), blocking=True, context=self._context
  File "/usr/src/homeassistant/homeassistant/core.py", line 1212, in async_call
    raise ServiceNotFound(domain, service) from None
homeassistant.exceptions.ServiceNotFound: Unable to find service media_player/snapshot

Thanks for your reply.

Setting internal url doesn’t change your internal url to whatever you wish. You should be entering what is actually usable.

image
What you have entered there above is not possible because of your configuration. Try to reach that in a browser while on your network (whether it is the local ip or the duckdns address). It won’t happen, because you have ssl (https) configured here:

image

Those two lines will force the use of https://
http:// will never work anywhere

What you should enter in both external and internal is your https://duckdns address. Whether you included :8123 at the end depends on what port you have forwarded in your router. If you use :8123 in a browser to reach your instance, then include it.

1 Like

I changed both internal and external URLs in front end configuration to https://xxxxx.duckdns.org with port 8123 and without port 8123. It still doesn’t work.
Access via local IP using http://192.168.0.202:8123 is working.
After that I tried commenting even commenting SSL entries in configuration.yaml, but after restart both local IP and remote access did not work.
I uncommented config.yaml entries, at least I have local access to look into the issue. This is how entries looks:

config.yaml

Thank you for your advice.

http://192.168.0.202:8123 will not work if you have the below in your configuration.yaml

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

Only https:// would work if those ssl_ lines are present, it is saved, and HA is restarted.

It looks I figured out the issue, when connecting using 192.168.0.202:8123, it is showing message “Not secured” when I clicked it showed me that my Let’sEncrypt certificate has expired.

I need to figure out how to renew it and why is it not renewing it automatically.

The certificate is not valid for your internal ip address. It is valid for the domain name only. So this is expected.

If you want different behavior you would have to use split drain dns or a proxy server like nginx or caddy. Nginx Proxy Manager addon is an option.

Prior to version 0.110 upgrade the certificate was working for both internal and external network access and it was using https for both. Not sure what has changed and why is it showing expired certificate with Jun 7, 2020.? It should have renewed automatically because I never renewed manually.

I figured out the problem. There were two issues:

  1. LetsEncrypt accept_terms: false . Don’t know how and when did it change so I set it to true.
  2. Even after setting above true, DuckDNS server was not starting up with restart of instance or on reboot of host and was, getting grayed out and follow error was seen in DuckDNS log:
    ERROR: Lock file '/data/workdir/lock' present, aborting

I did a search on this forum’s knowledge and basis suggestion, I uninstalled and reinstalled DuckDNS. It is working perfectly.
Thanks to all those who responded and shared their advices it was really helpful.

Petro your post really helped me out. I had the same situation, and my problem was I had setup port forwarding 443–>ip:8123. Your advice makes so much sense, but I was missing it. I switched to 443–>ip:443 and it is working perfectly locally and externally. Thank you!!!

1 Like

Hi @petro I am trying to use your guide, thanks. Unfortunately my HA is running on Synology and it is telling me that port 443 is in use. Would this guide work on another port?

I’m also wondering this… :slight_smile: