Allowing access from external network

I’m new to Home Assistant. I have installed it on a Raspberry Pi 4 and I want to make it accessible from outside my network.

I have followed tutorials on how to do this with duckdns and one of the requirement is to edit the configuration.yaml file and add the following lines:

homeassistant:
  external_url: https://mydomain.duckdns.org:8123
  internal_url: http://my-internal-ip:8123

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

However after restarting Home Assistant, it is no longer accessible, even from local url (http://homeassistant.local:8123/)

If I remove these lines and reboot my Raspberry, Home Assistant becomes available again.

What is wrong with my configuration file ? In the logs I don’t see anything relevant as to why it is not starting. And on top of that, the configuration checker tool says my configuration file is valid

Are you forwarding port 8123 to your Raspberry?
Is you ssl certificate valid?

ok, I have made progress. It seems I can access Home Assistant after all. But only through https :

and the certificate is not valid.

@deluxestyle you replied at the same time as me. Yes I’m forwarding port 8123 to my raspberry, although I’m having a hard time figuring out if this is really working. No, the certificate is not valid, alhtough I don’t see why as it is set to expired on April 6 2022. But obvioulsy it was emitted for domain mydomain-duckdns.org and not homeassistant.local

As soon you have https in your config it can only be reached by https
The ssl certificate is also only for your duckdns domain
Are you using the duckdnks addon?
Internal you have to accept the certificate in your browser

I understand.

Yes, I have installed the duckdns addon. However I cannot get access from outside my network. If I browse to https://my-domain.duckdns.org:8123 I get a ERR_TUNNEL_CONNECTION_FAILED error in my browser. Could this be that port forwarding is not working properly ?

Are you using a proxy or vpn?
Never seen this error

I’m just doing port forwarding in my Asus router dedicated ui :

image789×584 38.5 KB

not sure what you mean vpn vs proxy ? I guess my router acts as the proxy

You also need to set the port internal to 8123 in your router settings

Yes, I did try that but it didn’t change anything. I also tried that, with no luck :

image803×219 11.4 KB

When I ping my domain name provided by duckdns, it fails (host unreachable). I have a optical fiber modem installed by my ISP to which my router is connected. I wonder if something should be done at that level but I don’t have any way to interact with it.

Does dns resolve?

when you ping my-domain.duckdns.org, does it get your real IP address?

and for https://my-domain.duckdns.org:8123/ to work internally, you either need to set up a dns server, or use nginx proxy addon

Ok, so I guess I cannot access it with the domain name from local network. However when I try to access it from outside using a 4G connection, I get ERR_ADDRESS_UNREACHABLE.

If I run port scan from outside, I have the following results :

Nmap scan report for my-domain.duckdns.org (my real ip is found)
Host is up.

PORT     STATE    SERVICE
21/tcp   filtered ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
80/tcp   filtered http
110/tcp  filtered pop3
143/tcp  filtered imap
443/tcp  filtered https
3389/tcp filtered ms-wbt-server

443 is filtered, which may be the problem ? However I did open it with port forwarding in my router configuration as shown above

I believe my problem is that I don’t have a public IP address. My router is behind my ISP modem, and the IP Address I see in my router configuration is NOT the one I see if I search on ‘what’s my IP’. Therefore my router remains ‘hidden’ behind that private IP address.

I will call my ISP tomorrow, I know they offer dynamic public IP address for a small monthly fee.

So this was it in the end. My ISP provided me with a public dynamic IP address and now I can access HA through the duckdns DNS from outside