Add-on access works with IP but not with hostname on Android / IOS (ERR_CONNECTION_REFUSED)

Mullerhawk · September 23, 2023, 6:42am

Hi,

In my setup I have Grafana / Tatulli / MotionEye etc setup with own ports to be able to reach them externally. If I access them from my PC with Chrome everything works as it should and my iFrames works fine in HA. But - if I try to access these sites directly from my Android / IOS devices using Chrome browser it only works using IP address.

So for example connecting to Grafana:

http://192.168.0.250:3000 (Works fine from PC, Android, IOS devices)
http://myhostname.domain.com:8123 (Works fine from PC, Android, IOS devices)
http://myhostname.domain.com:3000 (Works fine from PC, but not Android/IOS devices. I get “ERR_CONNECTION_REFUSED” whatever I do when trying to access other ports than 8123 for my add-ons).

I have verified all hassio network configuration. Instance name is correct and is the same as my hostname, DNS settings are OK, I have tried setting the Home Assistant URL both for Internal/External access. But it makes no difference (I have a Nabu Casa subscriptions, but that should not affect things).

So right now Im using http://ipadress:port In my iFrames to get it to work. This is fine when Im home, but this prevents me from accessing Grafana and other addons externally. Right now Im at a loss to where to troubleshoot. Im running latest version of HA on VMware.

fleskefjes · September 23, 2023, 7:04am

Instead of exposing your services directly to the internet I would recommend using a reverse proxy like Nginx. Using a reverse proxy you can add SSL, and only expose port 443. You can set it up with fail2ban, certbot and so on.

Then you set up grafana.yourdomain.com to point to your grafana, homeassistant.yourdomain.com to HA and so on.

Mullerhawk · September 23, 2023, 7:22am

Yeah,

That would be a viable option. But it still does not explain this weird behaviour. Problem for me is I have only one external IP and running other services for SSL.

fleskefjes · September 23, 2023, 7:45am

You don’t need more than one external ip to run Nginx, and you can set up everything behind it.

Mullerhawk · September 23, 2023, 7:47am

Ok,

I started to setup DuckDNS according to this video https://www.youtube.com/watch?v=OMPkISSEKbY. I setup port 9999 externally and port 8123 internally. Followed this video exactly and guess what. Works in the video but I get “ERR_CONNECTION_REFUSED”…

I changed to port forward externally and internally to 8123 and then it works. What the heck is going on here…

Mullerhawk · September 26, 2023, 1:29pm

Apparently this was a bad combination of using Nabu Casa services and missing to apply the port forwarding in my router. So if traffic was going through “hostname” instead of “IP” addresses it traversed over Nabu Casa services and came from the outside. And since I had failed to apply the port forwarding changes after adding them the traffic was stopped. This was only issues with Android/IOS as they were using the application and came from the outside, in Windows it used my local network. #Opps #Clumpsy