This relies on go2rtc and the webrtc HACS integration. Make sure you have those installed and working first.
First step is to enable rtsp. Log into the Reolink camera via a web browser and navigate to: settings->network->advanced->server settings(setup). Now tick rtsp and onvif and click save.
Next, add the following to go2rtc.yaml. 192.168.X.XX is the IP of your Reolink camera. Be sure to set your username and password correctly as well.
You need http-flv as an input to get a stable video stream and you need an rtsp input to allow two-way audio. go2rtc will work its magic to combine the two input streams to achieve a single, stable output stream.
Finally, add a webrtc lovelace card in Home Assistant.
The key is to include microphone on the media line. Omit that and it won’t work. Be warned, once you give your browser or mobile app permission, audio will start playing through the doorbell whenever this card is visible.
No, I need to access HA via https or my browser will automatically block the microphone permissions. I’m pretty sure you can turn that off but I already have https, so I didn’t bother looking into it further.
How did you get HTTPS enabled on your HA instance? I’ve tried NabuCasa HomeConnect and while it will turn on HTTPS it still won’t allow hass-frigate-card to handle the two-way audio. The icon just doesn’t come up on the card even when toggled on.
Nginx Proxy Manager. Forwarding the domain to the Home Assistant IP on port 8123 (which should be using http, not https). Then you can add a LetsEncrypt certificate to the domain you are using. Nginx Proxy Manager will handle that for you.
Ensure you add the line for trusted proxy in to your home assistant config, to allow Home Assistant to accept the connection from Nginx Proxy Manager.
If you are getting the pfSense login page then it means that you don’t have NAT loopback setup properly on pfSense - your request for your custom domain is going out to cloudflare, which returns your IP address and you are then coming back into the router from the internet side, which the router is seeing as a request to access the web GUI. You need NAT loopback enabled so that the router recognises that you want to access an internal computer through the port forwarding.
Personally I just run pihole internally and have that as my local DNS server, which pfSense is configured to hand out to clients via DHCP. I can then add the domain in pihole pointing to the IP address of the Nginx Proxy Manager machine.
So a request goes like this:
mydomain > pihole > Nginx Proxy Manager > Proxied to Home Assistant
Remember to follow that pattern, because people often get confused at the pihole step and link the domain to the IP address of the machine running Home Assistant, rather than to the IP of Nginx Proxy Manager.
Hmm. I’m using pfSense as the DNS server using OpenDNS servers. I’m not forwarding any ports to my knowledge because this setup is supposed to rely on DNS-01 implementation to keep everything internal. Is my understanding inaccurate? This was what got me going down that path - Wolfgang's Blog. – as what I thought would be the root cause solution to the problem of not being able to get 2-way audio working on my Reolink PoE doorbell came in Frigate (unraid) on Home Assistant (unRaid). Both will soon migrate to the same dedicated hardware.
Just wanted to say thank you for your help. Unfortunately, it’s still not working. Nginx is using the same IP address of my unraid server (192.168.1.2) but it has its own ports (7818, 1880 and 8443). So when I point the DNS resolver to 192.168.1.2 nothing happens. I put in my url: sub.domain.tld then it acts like it wants to connect but then the address changes to the http://192.168.1.2:7818/nginx/proxy and then nothing happens.
Cloudflare I think has my appropriate records. Let’s Encrypt running on Home Assistant is using Cloudflare as the DNS Challenge I believe. It’s running and has a valid certificate.
In Nginx Proxy Manager (unraid), I set up an SSL certificate by manually uploading fullchain.pem and privkey.pem and having it validate with Cloudflare using my global API key.
The proxy host is set to use http scheme, pointing sub.domain.casa to my HASS instance on Unraid @ 192.168.1.102:8123. But poof. No juice.
Again appreciate your thoughts on this. I’ll do my best to post any solutions I come across as a result of your gut check against my wild failings here.
Since you have Home Assistant doing the SSL already and using Lets Encrypt. Then follow my steps previously for the Host Overrides part of pfSense, but just point it directly to the Home Assistant IP address.
Because the computer will have cached IP addresses - typically after you make this change, you might want to try using Chrome incognito (or the private mode of whatever browser you are using) - this is the quickest way to force changes to be picked up, but if that doesn’t work - just give it a few hours and see if starts working magically after that.
I pinged sub.domain.casa and it returned my HASS IP @ 192.168.1.102. But in the web browser still returning nada.
In an effort to see if I can get two-way audio working I tried the Reolink Integration and I’m getting some SSL errors. So perhaps something is still wonky with Lets Encrypt and my config?
You are using the correct port when you try in the browser right? Home Assistant defaults to 8123 unless it has been changed. It uses this port whether you configured it to use HTTP or HTTPS.
To repair the Reolink issue it looks like you are going to have to add the home assistant domain to your LE config.
Well - it seems that I was forgetful and did not put the :8123 port on. When I did that it went right to a login page for HA. But then it exploded. I logged in with my username and password and then it threw some wild error:
So for Home Assistant you might just need to set the base URL - in the system configuration (in the GUI). Yes your domain SHOULD be covered by the wildcard - but since the repairs thing for the reolink integration is saying it doesn’t support the global wildcard - you will need a certificate specifically for the Home Assistant subdomain.
