Cannot access HA from internet

did you use proxy server? or pure from HA?

No proxy server. I have enabled port 8123 forwarding on my router. And login page is being displayed
correctly. Somehow HA is not accepting provided credentials.

And I have no clue why…

This is the link I have after trying to log in:

http://domainname:8123/auth/authorize?response_type=code&redirect_uri=http%3A%2F%2Fdomainname%3A8123%2F%3Fauth_callback%3D1&client_id=http%3A%2F%2Fdomainname%3A8123%2F&state=ey

There is some reference to auth_callback, not sure what it is…

In settings > General there is also a parameter to specify the external URL. Did you notice this setting? BTW if this works you can add the NGINX Proxy manager add-on to secure you URL.

Did not work.

Adder external_url like

external_url: “http://domainname:8123

  • tried also without port number -

into configuration.yaml, restarted server, still the same. Like HA was trying to get some feedback from me…?

I’d suggest using the Caddy 2 add-on in combination with the official Duckdns add-on. Very easy to set up, I can share my Caddyfile when needed.

Is there any way I can check logs for failed login attempts?

Log in locally and select your profile, scroll down and look if tokens are created for your domain.

Thanks, seems the problem was related to my routers set up. Changed port forwarding settings and now I can open HA from internet.

I’m struggling to get this going because of port 80 being used, I’d like to have it us the duckdns addon because it’s already using the dns challenge option, which would get around the port issue. I’d be interested in a working caddyfile for an example. Thanks in advance

My Caddyfile looks like this:

{
	email [email protected]
}

(common) {
        header {
                Strict-Transport-Security "max-age=31536000; includeSubdomains"
                X-XSS-Protection "1; mode=block"
                X-Content-Type-Options "nosniff"
                Referrer-Policy "same-origin"
                -Server
                Content-Security-Policy "frame-ancestors your_domain.duckdns.org:12345 *.your_domain.duckdns.org:12345"
		Permissions-Policy "geolocation=(self)"
        }
}

your_domain.duckdns.org {
        import common
        reverse_proxy localhost:8123 {
        }

Replace the email-address for your own, change your_domain for what you use, don’t change any of the numbers under header, the parts under header will give you better security.

1 Like

Thanks for the quick reply. Do you have any custom settings in the addon configuration? For some reason I’m getting the following error, ‘run: loading initial config: loading new config: http app module: start: tcp: listening on :80: listen tcp :80: bind: address already in use’. Everything is default here, Trying to get this to pull in from the duckdns addon, since it’s already successfully doing DNS challenge, if that’s possible. Don’t want to open any ports.

I’m having these settings under Network:
image

And in my router I have forwarded these two port to the IP of the HA Core server.

Thanks for the answers. I was tying to do the dns challenge and not port forward, if I’m not mistaken and that’s possible. If it isn’t then I’ll definitely set it up via port forwading.

Try asking for help in the Caddy2 topic that’s in an earlier post, the guy that created the add-on, or others in that topic, should be able to help you.

Just wanted to let you know that thanks to your help, it’s finally working. I just had to forward 443 to my home assistant server. Thanks again.

Great! I’m glad that I was able to help you :slight_smile:

Can you indicate which of the above posts provided the solution? So that others with a similar problem can find the solution more quickly? As starter of the topic you should be able to tick a solution-box.

I didn’t start this discussion, just added to it. Your example config help me.