Best method for accessing local Home Assistant page securely without configuration of Router Port Forwarding, Duck DNS and SSL Cert Renewal?

Hi all,

I am finding a best method to access my Raspberry Pi Home Assistant HTTPS page from public internet securely, without the need of configuration on following:

  • Router Port Forwarding
  • Duck DNS for Dynamic IP
  • Renewal of SSL Cert every year

It is ok to do these configurations once on my first home, but not for my second, third, etc homes as I need to repeat whole process again for other houses.

To save this configuration time, is there any best method that can achieve this objective?

I found out that there is similar solution mentioned in Nginx Reverse Proxy Set Up Guide – Docker and Caddy Proxy addon for hass.io, but both only solved part of the problems.

Thanks!

If the issue is having to re-configure, then I think you’ve already found a great solution, which I also use. Nginx Reverse Proxy Set Up Guide – Docker. Just add the DuckDNS docker image. There’s really no extra work or reconfiguration when moving.

  • DuckDNS docker image (no need to set up anything more than once, even when you move, using this docker image).
  • Let’s Encrypt which includes nginx (again, no need to set up more than once with this image). It auto-renews certificates, so you’ll never have to worry about that again (there’s a cron job running daily to check certs).

I do have to forward ports in my router for this approach, but that’s 2 minutes work, and only has to be re-done if you change or factory reset your router. I have literally spent 2 minutes on this in total during the last year or more, I just brought my router with me when I moved. DuckDNS takes care of itself, the same for letsencrypt.

You can find the docker images used in my repo under “Docker containers”.

Bottom line is, I didn’t have to change a single thing when I moved last summer, and I really haven’t needed to at any point, unless I wanted to e.g. add a new subdomain in the nginx setup. The only thing you will ever (unless any breaking changes are introduced in updates) have to re-do is the port forwarding, and only whenever you get a new router.

EDIT: Rearranged post to emphasize that this is easy when moving. First post was messy. I blame jetlag :slight_smile:

Hi Aephir,

Thanks for the sharing. Indeed, it is a great solution. :grin:

I am looking forward on better solution than this.

The only way not configure anything is to use the home assistant cloud component.
Enroll and that’s it

Are you sure it is already out?
I mean remote access

No, I think general remote access via HA cloud is not there yet.

You’re right. Only for voice control etc.
I guess the other only option was a thread posted a few months back about a Chinese company offering a sort of proxy service.
It got a lot of flack on privacy issues, but apparently it works.

Suggest a search on the forum for it,

I guess another temporary solution might use something like ngrok.

That’s good for simple stuff, but I think long-running services with lots of websocket connections might prove challenging.

I use nginx on another home server, (a machine which also has a cron job to keep letsencrypt up to date). It forwards incoming requests to hassio.mydomain.com to my HA server. (The hassio.mydomain.com DNS entry is actually an alias for a dyndns address.)

But an alternative is a VPN, if you have something inside your network that can provide it and you’re always connecting using your own devices. I have recently set up OpenVPN – in my case, on my Synology NAS – and use the Viscosity client on my remote Macs and the OpenVPN app on my iOS devices, and I can get to everything. It does involve opening a port on the router, but only one :slight_smile:

Thanks for the info :grinning:

The problem is on open port for router part. If I change to another router in the future, then settings might be slightly different.

Hope that there is a permanent solution for fixing this part.

Ngrok was working good until recently. The reason I ended up with ngrok is because our lame ISPs in Mexico are allowed to have us behind a NAT now. Basically duckDNS, opening ports, etc don’t work for me.

I didn’t pay attention, did a few HA updates, and seems Ngrok stopped working at some point. I went back to my oldest snapshot but it only of 2 weeks ago, and not working there either.