Cannot connect with local address

I give up and undoubtedly can’t see the forest because of the trees. I turned off the port forwarding, and left the configuration.yaml code to:

server_port: 443
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

Chrome/Safari give an ERR_SSL_PROTOCOL_ERROR

If I remove the server_port: 443 from the yaml file, then same . I’ve tried 2 port forwarding rules to make sure I’m understanding the verbiage of the host vs forwarding port.

neither have worked. I went so far as to turn on both…

I can get to to HASS, but not without the :8123 port address. I’ve turned off AdGuard, as I don’t think I understand the “rewrite” specifics. I’ve turned on NGINX, with no joy. I know this should be simple, and I’m struggling.

Hold the phone!!! I restarted duckdns add-on. removed the 8123 port range pointed to 443, and I left the 443 port range pointed to 8123 turned on…

And now I can access the HASS remotely via LTE on my iphone, so at least that is working, but on my local network gives me ERR_CONNECTION_REFUSED.

So some progress. It’s something local that I have to figure out, but at least I can hit it remotely.

Crap! Disregard, my browser on my iphone was autotyping the :8123 at the end of the dns

The settings of your router are incomplete. You have forwarded the port 443 to 8123 but there is not an IP defined. In other option of your router your should find the IP to forward and the application (the port configuration that you have already done). It should be something like this:

FROM: 443
TO: 8123 192.168.1.x

Hope it helps.

Thanks for the patience Domaray…Actually, it’s been harder than that. With your help and watching lots of videos on the port forwarding of the AT&T 5268ac, I’ve got it working, but not sure I understand the Why and the implications. This should have been a lot simpler.

Here’s what I have implemented for any other AT&T customers struggling…

  1. On the AT&T 5268ac modem, I deleted the 443 range mapped to 8123, and instead, I just open port 443 and leave the “map to port” blank.
  2. I have my base_url in my configuration.yaml back to…
  3. I have the add-on NGINX running with my duckdns domain name.

And it works inside & remotely. Now why it’s that damn complicated, I don’t know. I also don’t know what security implications that presents for me. I will go back and change my dns name later, but any thoughts on this? Part of me learning Home Assistant, is to actually LEARN it. I’m not sure what I learned here. I always planned to use the Nabu Casa to a) help provide some $$ to the development team if I find the app useful, and b) to take advantage of the Alexa functionality.

This “simple” step has me wondering if this entire process is more trouble than it’s worth. I’m working and will march on, but damn depressed at spending 4 days to get here.

So far, this works

Just an opinion here: There should be an option to bypass the host and peer ssl verifications when the internal link is used. For most of the everyday HomeAssistant users, there’s no real need for performing server verification when you are in your internal network. The fact that you are already connected to your internal network (=you know your Wifi password) rules out any impersonation possibility - unless ok someone sneaked in a second server inside your home! Since the mobile apps have already provisioned to distinguish the internal from the external case the certificate verification for the internal case shall be possible to be overridden.
The solution proposed (=to use the external URL for both cases) requires an DNS lookup. This adds an external dependency that somehow defies the rationale of HomeAssistant for keeping everything locally. E.g. what will happen if you reset your router and your internet is down? Your mobile app will not be able to connect to your hass web server even when you are at home, correct?
If the SSL checks are disabled for the internal link, you can put the private IP of your server instead of the domain name there.This will be routable even when the internet is down.

AdGuard addon? Ngix addon? I’ve HA with docker on my synology and i can’t see addons

I used AdGuard add-on.

Unfortunately, I removed because it gets blocked twice and I couldn’t even accessfrom local network, the GUI was like disabled and I had to load a snapshot.

So, now I use the Android app to access remotely and the web browser for local access

Hello, thanks for the thread. I’m having the same issue.

I’m now just using the app for accessing remotely using the DuckDNS url but I can’t seem to access locally on my browser. May I ask what address you found to work, thanks

Hello from me too.
I have similar problem, i cannot access my HA from HA companion app localy, but can access when on mobile data only.
But weird thing is that i can access localy from browser on my phone and from Ariela app.
What can i do to get it rigt?