Access Front End Remotely

Configuration Frontend
1

Hi,

Back at the end of June 2021 in installed Hass.io and the instructions were at Raspberry Pi - Home Assistant

Everything worked fine and I had DuckDNS set to point back to my home’s IP address as assigned by the ISP.

I have my Chrome browser set to start up with a number of tabs, one of them being set to:

https://mydomainname.duckdns.org/lovelace

Quite a while back, this tab would not load and would have the error message “Unable to connect to Home Assistant.”

Due to work etc, I didn’t have time to troubleshoot it so I just left it as I hadn’t really set up too much, so there wasn’t too much to miss.

Anyway, I’m on holidays at the moment so I have a bit of spare time and I’m trying to trouble shoot why I can’t connect via that address.

DuckDNS and WhatIsMyIP show the same so it’s not DuckDNS sending it to the wrong IP Address.

I can log on if I go directly to the IP address http://192.168.178.122:8123/

My FritzBox router has ports 443 and 80 port forwarded as per instructions at Nginx Proxy Manager

Untitled
Untitled1127×63 5.08 KB

Any ideas on what could be the issue? Sure I could just change my browser to point to the IP address directly, but I’m thinking it would be nice to put the HomeAssistant app on my phone and have remote access.

Thanks in advance.

2

Do you need port 8123 forwarded?

3

Not sure.

I went back to my FritzBox and noticed that my port forwarding of 80 and 443 was for HTTP, so I changed them both to HTTPS and tested that. It didn’t work.

I then added 8123 and it still doesn’t work.

Untitled
Untitled1616×65 6.73 KB

4

.122 is your NGINX Proxy Manager IP?

How does the NGINX Proxy Manager IP configuration look like?

5

Just had a look at that picture you attached and none of those port forwards are enabled. not sure if you ticked the box since the screen grab or not.

6

Wasn’t that about the time you had to add use x forward proxies to your config?

http:
   ip_ban_enabled: true
   login_attempts_threshold: 5
#   base_url: example.duckdns.org:8123
   cors_allowed_origins:
    - https://cast.home-assistant.io
   use_x_forwarded_for: true
   trusted_proxies:
     - 172.30.33.0/24  # Add the IP address of the proxy server
7

That tick box isn’t to enable port forwarding. It is for Independant port sharing.

Here is a full screenshot of the section. My IP cameras work fine being accessed from outside the network.

Untitled
Untitled1630×445 34.2 KB

Independent Port Sharing is stated as:

Indicates whether the network device is authorized to configure port sharing via UPnP or PCP independently. If the device is authorized, the number of independently configured port sharing settings is displayed.

8

192.168.178.122 is the address of my Raspberry Pi

When I go into Configurations → Add Ons → NIGINX Proxy Manager, it looks like this:

Untitled2
Untitled21025×482 36.8 KB

If I go into the WebUI it looks like:

Untitled3
Untitled31180×173 14.9 KB

9

When I first set it up back in late June 2021, it worked for a while and then a few months ago, I noticed it (the tab that I had Chrome open when I start Chrome Browser) would error out and it hasn’t worked since.

Is your sample what should appear in my Configuration.yaml file?

Below is my Configuration file date stamped 31 July 2021

> # Configure a default setup of Home Assistant (frontend, api, etc)
> default_config:
> 
> # Text to speech
> tts:
>   - platform: google_translate
>   
>   
> sensor:
>   - platform: systemmonitor
>     resources:
>       - type: disk_use_percent
>         arg: /config
>       - type: memory_free
>       - type: processor_temperature
>       - type: last_boot
> 
> group: !include groups.yaml
> automation: !include automations.yaml
> script: !include scripts.yaml
> scene: !include scenes.yaml
10

Check out the documentation for http - use_x_forward_for

You also need to add the trusted proxy IP.

11

Yeah that sample is what I use to access remotely.

12

While looking at the documentation of the NGINX Proxy Manager Addon I realized that it is no longer maintained.
I’d strongly recommend to not use it anymore since it is the part of software facing the internet, protection your devices from evil.

If you have another docker machine, you could just spin it up there.
I don’t use the addon for about a year now.

I’d also suggest to put your IP cams behind the proxy.

13

Thank you. I have stopped it and clicked “Uninstall”.

Ok, now that I’ve uninstalled NGINX, I did a restart and still don’t have access (I wanted to check after each step) so since it’s late now, I’ll have a look at your link.

I’m not a tech-savvy person but I believe NGINX looked after the trusted certificates from Let’s Encrypt, so I guess, looking at your link, I need to first go to Set up encryption using Let's Encrypt - Home Assistant before adding in the sections from HTTP - Home Assistant since it asks for a SSL_Certificate and SSL_Key

As mentioned, I’ll look at that tomorrow as it’s late and I don’t want to make mistakes due to being tired.

Thanks for your help.

14

There are these 2 official Addons that can bring your HA online with SSL termination:

  • Duck DNS
  • NGINX Home Assistant SSL proxy

Just read and follow the Addon documentation in the Addon Store.

15

I went to my Add-ons and I already had DuckDNS installed.

I looked at the configuration and it looks fine.

> aliases: []
> domains:
>   - myaddress.duckdns.org
> lets_encrypt:
>   accept_terms: false
>   algo: secp384r1
>   certfile: fullchain.pem
>   keyfile: privkey.pem
> seconds: 300
> token: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

In the next section it says:

`

Additionally, you’ll need to configure the Home Assistant Core to pick up the SSL certificates. This is done by setting the following configuration for the HTTP integration configuration in your configuration.yaml :

As you can see from my post of my Configuration.yaml file in a previous post, I didn’t have this, so I added the following to the file:

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

I get a green tick in the file editor, which means my syntax is fine but when I go to Configurations → Settings → Check Configuration, I get the following:

Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']. Got '/ssl/fullchain.pem'
not a file for dictionary value @ data['http']['ssl_key']. Got '/ssl/privkey.pem'. (See /config/configuration.yaml, line 9).
16

And your certificates are there ?

image

17

Hm… according to the documentation this should work. Does the Duck DNS Addon generate the certificates in this folder like Francis pointed out?

If yes, I’d proceed with the NGINX Proxy setup since the http configuration anyway needs to be changed and these parts are removed, because the SSL termination is taken over by the NGINX Proxy:

image
image1449×938 78.9 KB

18

I believe you are planning to used Proxy right?

For NPM to work you will need to redirect the domain to you public IP and then port forward to your Proxy. Remember domain will require 2 port open and forwarded. 80 and 443 (http and https)

Then on NPM you will need to setup the domain proxy to your HA IP which IP:8123 + SSL

If this done correctly you should be able to see HA.

P.S.

New HA require this on your configuration.yaml

http:
   ip_ban_enabled: true
   login_attempts_threshold: 5
#   base_url: example.duckdns.org:8123
   cors_allowed_origins:
    - https://cast.home-assistant.io
   use_x_forwarded_for: true
   trusted_proxies:
     - 172.30.33.0/24  # Add the IP address of the proxy server
19

To be honest, I feel totally lost. I’m worried you guys are going to get frustrated at how dumb I am.

I’ve tried to find an SSL directory and couldn’t find it easily looking through the File Editor and looking through the directory.

I have the Samba add-on installed, so I went to Windows Explorer, right-clicked on Network and then Map Network Drive and I can’t seem to map to it.

network1
network2
network3

I even copied and pasted the username and password from the Samba config to ensure no typos

network4

As mentioned above, I can’t find the folder and nor can I seem to map a drive to it.

If I go to the DuckDNS add-on and look at the notes, it shows my external IP address with “Info ok” and “NoChange” and the IP address stated in the logs match what https://www.whatismyip.com/ shows me

I honestly have no idea. All I know is I followed the instruction guide at the time (back in July) to install Hass.IO (I have seen recently that they don’t call it this anymore) and the instructions went on to say how to install NPM etc so I can remote access.

All I want to be able to do is set up Home Assistant with some nice cards and maybe in the future when I’ve learnt more, some conditions (eg if my motion sensor at the front door detects movement at night, then turn on my bedside light to the colour red at 20% brightness and make an announcement on my Google Home). I would like to be able to access these cards from home via the Home Assistant app on my phone rather than having to remember which company I’ve got a certain device from so I open the correct app to control it remotely (eg I have switches, lights, cameras, etc from Grid Connect, Mi Home, etc).

So before I install the NGINX Home Assistant SSL proxy add-on, I need to find my SSL directory and confirm those files are there.

Besides mapping a drive, can I see them via the file editor in Home Assistant?

If you guys get frustrated at my lack of knowledge and give up on me, I totally understand. I’m almost ready to give up on myself as well.

20

Try to open this in your Windows Explorer \\homeassistant\ssl, alternatively use the IP \\192.168.178.122\ssl

No need to map it to a network drive.

You didn’t mention a use case to access your Home Assistant from outside of your home network?
If you don’t want remote access, you can omit all this Duck DNS and Proxy stuff and just use the IP to access Home Assistant from home via the App.

AFAIK the File Editor is limited to the config folder.

Giving up is not an option :wink: