Accessing HA internally after enabling encryption

Hi,

I’ve recently installed HA and seem to have hit a bit of an issue. I’ve followed through the tutorials on setting up duckdns and letsencrypt and everything seems to be working fine if I try to access HA externally. If I’m logged on to my wifi at home though and try to access HA, it doesn’t work. From reading the forums I gather this is because the security certificate isn’t set up for a 192.168.X.X domain and because my router doesn’t support loopback.

Assuming I don’t want to buy a new router, is there a way I can get round this issue? I’ve read stuff about setting up nginx or dnsmasq, but this seems quite involved and further down the rabbit hole than I was ideally trying to go. Is there a simpler method I could use (i.e. just generating another ssl certificate for my 192.168.* addresses and have it work alongside my duckdns one somehow)?

I’m running HA on a raspberry pi 3 and my router is: Huawei HG523a (from talktalk).

Cheers,

Tony

Sadly I don’t think there is a way to achieve this without a reverse proxy which handles the certificate. Why is it important for you to be able to use the local IP?

~Cheers

Did you also try accessing it using https:
https://192.168.X.X:8123

I can access both https://xxx.duckdns.org and https://192.168.X.X:8123

I had to restart my router though to access hass through the duckdns address while being on the local network (a Xiaomi Mini)

Note that http://192.168.X.X:8123 (standard http), is not accessible.

I’ve had luck reaching my local address using HTTPS. Please note the (S). So I can reach my box using:
https://192.168.X.X:8123

I also wanted to find a solution for this for some RESTful API calls and didn’t want to go out on the internet just to reach a box that was local to my network, Your mileage may vary, but worth giving it a try.

Thanks for the suggestions guys.

I’d like to be able to use the the local IP because I plan on mostly using HA from my phone and when I’m home my phone automatically logs on to my wifi, so it would just be a bit annoying if I need to turn off wifi on my phone to do something in HA.

I’ve tried https://192.168.X.X:8123 and sadly it’s not working. I think this is because my router doesn’t support loopback (based on what I’ve read on other forum posts).

I guess I’ll have to start looking at nginx.

Cheers,

Tony

as @PhyberApex said, why do you need to use the local IP?
You can use the remote URL you use to connect inside your home as well, no need to turn of the wifi for that.

You could try to set the hostname to get locally resolved in your router if it supports that, that would prevent the need to have the request go outside to the internet just to come back to your instance.

Except, as they said in the first post:

So they can either replace the router, or take the cheaper option and find a workaround, such as using NGINX for remote access and direct access internally. Sure, that’s a bit clunky, having 2 different URLs, but it saves buying new hardware.

Should spare the trouble and invest 28$ in a decent router :slight_smile:

Using 2 url will sink, for sure, the wife acceptance factor ^^

Depends on where you live, and what your options (and budget are) :wink: There are many places where ISPs lock you to only the modem/router they issue, never mind that depending on where you live a decent router may be a significant piece of somebody’s wages.

Not that it matters for me, since my goal is to avoid the wife ever needing to use the GUI - if she needs it then I’ve failed to make the automation work appropriately. Even then, she’ll only need it from inside the house.

1 Like

Like in my place, but this little device allow for mac address modification, so the modem cannot see the difference :slight_smile:

Concerning the budget, I guess 28$ is not a big budget, and someone with such low wages might not really invest hundreds $ in home automation ^^

Thanks for all the advice on this guys. In the end I just swapped out my router as it seemed the easiest option. Luckily my parents had an old Netgear one lying around which doesn’t seem to throw up the same issue, so I’m just using that for now.