Cannot put an https to my internal adress

bonilla · December 19, 2020, 8:55am

Hello,

I would like to put an https access for my home assistant (hassio - 2020.12.1)
I have already an external access with duckdns and nginx installed and working
I can access to my home assistant with http://hassio.local:8123 but the https isn’t working

The problem with that is that I cannot cast media mounted :

Failed to cast media http://192.168.0.34:8123/media/local/test.mp3?authSig=eyJ0eXAiOiJKV1bo from internal_url (http://192.168.0.34:8123). Please make sure the URL is: Reachable from the cast device and either a publicly resolvable hostname or an IP address

I think my solution could be to pass/activate https to my internal access but I don’t manage to do it

from supervisor my nginx config is like that :

domain: xxxx.duckdns.org
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
customize:
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf

My duckdns config is like that

lets_encrypt:
  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: xxx-40xxc-4xx4-xxx-3xx7axxxx7x3f2
domains:
  - xxx.duckdns.org
aliases: []
seconds: 300

My configuration.yaml is like that (for http part)

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

Thanks for helping me to put https on my internal access !

Burningstone · December 19, 2020, 9:23am

Did you forward port 443 to 8123? Are you able to access https://xxx.duckdns.org (without specifying a port)?

bonilla · December 19, 2020, 9:29am

When I type https://xxx.duckdns.org ,I have 502 Bad Gateway

My only forward from my router is
starting port:8123 finishing port:8123 (on tcp/udp) Ip:192.168.0.34

Burningstone · December 19, 2020, 9:32am

You need to forwart port 443 from your router to port 8123 of the machine running HA.
Afterwards it should be available through https, but also internally it will only be reachable through https unless you install a reverse proxy.

bonilla · December 19, 2020, 9:40am

Thanks,

Is there a way to do the reverse proxy with an docker install of home assistant ?

Burningstone · December 19, 2020, 9:41am

Sure, for example this add-on can be used for NGINX

bonilla · December 19, 2020, 10:08am

I have already that addon
from supervisor my nginx config is like that :

Copy to clipboard

domain: xxxx.duckdns.org
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
customize:
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf

but how can i specify a https for my internal/local adress ?

Burningstone · December 19, 2020, 12:09pm

Oh sorry, I didn’t see the nginx config in your initial post.

You still need to forward port 443 to port 443 of your Home Assistant install and then add the following to configuration.yaml:

homeassistant:
  external_url: https://xxx.duckdns.org

Or configure it in the UI

bonilla · December 19, 2020, 12:37pm

I have tried :

http:
  #base_url: xxx.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  use_x_forwarded_for: true     # To ensure HA understands that client requests come via reverse proxy
  trusted_proxies:
    - 172.30.32.0/23            # In Hass.io we need to add the Docker subnet
    - 127.0.0.1                 # Add the localhost IPv4 address

and

  external_url: https://xxx.duckdns.org
  internal_url: https://xxx.duckdns.org

but no luck…

Burningstone · December 19, 2020, 12:38pm

That’s not what I suggested at all.

Did you forward port 443 from your router to port 443 of the home assistant machine?

bonilla · December 19, 2020, 12:41pm

yes
I have 2 forward for my 192.168.0.34 443 to 443 and 8123 to 8123

Burningstone · December 19, 2020, 12:48pm

Did you rerun letsencrypt? Do you have any errors in your logs? Are you able to acces https://xxx.duckdns.org now?