Access Home Assistant from outside house network

Hello so I am trying to set up access to my Home Assistant server from outside my house. I have read this thread and still have questions.

Home Assistant access from outside of your home network - Configuration - Home Assistant Community (home-assistant.io)

I know Its a risk to allow outside access but Its just lights and sensors and I want to be able to see my temperature sensor. I am migrating from the defunct Wink hub and it is handy when away to ensure the heat is working.

Im issue and question is I cannot get a static IP address from my ISP and my router gets a non routable IP address from the ISP (IE 192.168.x.x)

So with that issue am I screwed in being able to configure it somehow for remote access? Is there a Home Assistant server somewhere running that my HA can be configured to make an outbound connection to and then I can authenticate through that server??

Thanks

Phil

Hi @mpilihp, take a look at this: Remote access for Home Assistant

Hi thanks, so looks like the second option can be done without any fee if Im reading it right. Goal is for this to not cost anything ongoing so I will give option 2 a try.

Thank You!

Phil

Hi Nick4 so I got through the DuckDNS part but the LetsEncrypt instructions are vague and confusing. Not sure what parts I need to do or from where.

So to request the cert from LetsEncrypt is there a client for the raspberry Pi platform as I dont see one? Can I just request it from a windows PC as it appears that certbot has one for windows.

What is the difference between Home Assistant container and Home Assistant core? How do I know which one I have or which one to do/use?

If I use the certbot on windows to get the cert, how do I then get the file onto my HA platform on raspberry pi?

What file are the configs entered into that is referenced in the Remote access link you sent me.

Sorry for all the questions but I am new to all of this.

Thank You

Phil

You look in Configuration → Info to find out your install method.

To borrow the summary from Discord:

Not sure which install you’re using? If you have system_health enabled you can check Configuration → Info, or see the following.

  • If you bought the Home Assistant Blue, you’re using HassOS, flashed an image, or booted a VM with an image you’re using #homeassistant_os

  • If you installed Linux and then ran a script to install HA and have add-ons then you have #homeassistant_supervised

  • If you’re running docker commands or use a Docker manager and have no add-ons then you have #homeassistant_container

  • Finally, if you use pip to install or upgrade you have #homeassistant_core

Having difficulty chosing an install method? See this blog post for guidance

That blog post summarises the options (but does use old names).

certbot exists for Pi (Linux) - I used to run it before I switched to dehydrated (since certbot doesn’t support my DNS provider). See here for how to install certbot, and here for dehydrated

1 Like

Thanks @Tinkerer for steppin’ in!
@mpilihp regarding your question about the difference HA setup methods, here’s another good summary: Home Assistant Installation Methods

Thanks guys, so I have the HA OS install, it is an image on and SD card.

As for installing Certbot or dehydrated, neither appear to be an available add-on to HA so would need to be installed directly to the OS it appears. I unfortunately do not have direct access to the Raspberry Pi platform, IE I do not have a monitor and where I have to have it plugged in for network access (where switch is) doesn’t allow easy place to work.

That said can I use Certbot windows client and the ftp the file onto the HA platform as I see there is an FTP server add-on available.

Thank You

Phil

Then you can use add-ons for this.

The DuckDNS add-on handles DuckDNS and LetsEncrypt certificates.

The LetsEncrypt add-on does just the certificates, for any domain.

Though, you said:

my router gets a non routable IP address from the ISP (IE 192.168.x.x)

Normally that’s what you’ll see on the LAN side, you did look at the WAN IP?

If so, NabuCasa is the simplest option, and if not you can build your own relay in the cloud.

Hi so my router has 10.0.0.x on the inside, what my PCs connect to. It has the 192.168.x.x on the outside . Are you saying the DuckDNS and LetsEncrypt will not work with this scenario?

I do not want to pay for a service just to host connecting into it. The relay in the cloud solution, is that needed on TOP of DuckDNS and LetsEncrypt Certs setup?

Thank You

Phil

Correct, because as explained in the guide you were directed to your ISP is allocating you private (non-routable) addresses.

You’ve got three choices:

  1. Get your ISP to allocate a routable (public) IP - if this is a mobile broadband connection that may not be possible. They will likely charge for this.
  2. Use the NabuCasa service, which costs
  3. Build your own relay, which you may be able to do for free. You’ll do the magic of DuckDNS and LetsEncrypt there.

OK thanks for the help, I will probably table this idea for now and try to set up phone notifications first and see if I can set it up to just send a notification from my temp sensor when it gets below a certain temp. I have made a simple notification for when a door is opened so that may be an easier route.

Thank you

Phil

There is a plugin available for ZeroTier. Very easy to set up, and their website is very informative.