Morning guys - I would be really grateful for some advice with this problem (apologies if it is in not the most appropriate forum - feel free to move it if necessary).
Ultimately, I have followed this guy’s really great video to set up remote access:
and my server has been running absolutely perfectly for months.
However, my broadband contract (with Plusnet) was coming to and end and I decided to switch to NowTV, who were offering me a better deal.
Unfortunately, things have gone wrong when it came to swapping over the routers.
I plugged everything into the new Hub2 router, set up port forwarding, but now I cannot access HA from my browser i.e. when I type https://name.duckdns.org.
I can however, access HA via SSH, which gives me some hope.
Any advice on where to start would be much appreciated as I am pretty stuck.
Are there any basic steps that you need to take, when switching IP provider and router, that I may have overlooked?
Have a look at what IP the new router assigned to the HA server.
Probably not the same as the previous router.
Make sure this matches the port forwarding
Have indeed made sure that I have reassigned the same static IP address, with the new router, for my HA Server.
I then tried https://<ip_address>:8123 and that works, which is a big relief (as mentioned, I had to allow the security exception).
At least I have access to the UI,now, which is definitely a start in the right direction - thanks very much much.
I had another look at that video and I tried the website canyouseeme.org. 8123 was fine but 443 said connection refused - could this be part of the problem?
You can’t do that, you can’t forward 2 external ports to the same internal port on the same IP address.
You should either be forwarding 443 external to 8123 internal. Or if you have Nginx Proxy setup then you should be forwarding 443 to 443. and 80 to 80 (because 80 is needed for LetsEncrypt to renew certificates)
EDIT:
I like Lewis and he makes very good and useful videos, but I disagree strongly with exposing Home Assistant directly to the internet. That is why the Nginx Proxy Add on is in the official store. The Nginx Proxy handles SSL and communication to Home Assistant.
Home Assistant itself remains listening on port 8123, with NO SSL.
Additionally while he mentions having good passwords, he fails to mention that you should also enable 2 Factor Authentication.
However none of this relates to your issue - which is likely as mentioned in the video, ISP routers don’t typically handle NAT Loopback.
I have to say that whilst I am OK with general computing, networking really confuses the heck out of me.
I followed the video exactly, with my old router, and ported both 8123 to 8123 and 443 to 8123 and it just worked, so I was a little bit surprised that the same thing did not work with the new router. That being said, the Plusnet Hub One is probably a better router to begin with - lots of the reviews I have read, about the NowTV Hub2, is that it is a pile of pants.
So you reckon that I need to follow the last third of the video to get things working?
Or, do you I should start again and go down the Nginx Proxy route instead?
to get Alexa to work with HA. Thought I would just mention in case it is relevant (I seem to recall from the first video that port 443 is important in getting Alexa and HA to communicate).
I have had a look at how to check whether CGNAT is running and confirm that my provider is not running it.
I then managed to check my IP address in Google and DuckDns and they are indeed the same.
The only other thing is my WAN IP. I cannot specifically find anything called this.
However, I have found a page that lists all the various connections (which I have pasted with the codes removed). Are any of these another name for the WAN IP?
Thanks for that - I checked the IPv4 Address and that matches up as well (so everything was working as far as far as DuckDNS goes).
I then had a bit of a chat on the Sky forum about the NowTV Hub2 - this is exactly the same model that Sky provide its customers with (just renamed the ER110).
Apparently, you cannot do a port redirection from 443 to 8123 - i.e. only direct mapping is possible from 443 to 443 and 8123 to 8123.
This has really messed my set up as I need the 443 to 8123 to get the Alexa hack to work.
This might be a stupid question but would changing Home Assistant’s default port from 8123 to 443 get round this?
If you had just used the Nginx add-on you would only need to port forward 443 to 443. Nginx will receive the connection and proxy it locally to port 8123. And Alexa would work fine.
You don’t have to the use the router that your ISP provides, you can get your own better router and use that instead - there is normally nothing special about their router that means only it can be used. The only important part is knowing what you need.
If you have FTTC (Fibre to the cabinet) then you need a Modem Router that woks with fibre broadband.
If you have FTTP (Fibre to the premises) then you probably have a separate modem already - that the ISP router plugs in to - in this case you only need a router.
If you still have ADSL broadband, then you need a Modem Router that supports ADSL (most are Fibre these days).
I spent so long trying to get it to work that I gave up - no matter what I tried, 443 to 443 would not work. There was some suggestion on the NowTV forum, that they do not allow you messing with this particular port.
Also, I was told that it was part of the T&C’s of my contract that I had to use the provided hub and nothing else. There are lots of people that ignore this and use their own but I was warned that if something goes wrong and you need help, the ISP won’t help if they detect you are using your own router.
I may well have a go with Nginx anyway, once my new ISP kicks in.
The NAT Loopback is probably still the biggest problem, the router won’t let you go out to the internet and then back in to your internal network. So it probably was the fault of the router rather than any instructions you followed, especially if it was working correctly previously. Yes, they can refuse to help if you change out the router, but only really because they can no longer guarantee anything with regards to your service once they are no longer in charge of ALL the equipment from them right to your house. This isn’t a problem though, because you don’t throw their router away, you keep it handy so that if you do have an issue you can first try swapping back to their router and see if the problem still exists, and then if it does - you are using their equipment and they will help you.
I really don’t think you want to run HA on 443. You’ll get scan bots scrapping this and putting into databases very easily. You really need to stay on non-standard obscure ports if you choose to expose HA to the internet.