So I was trying to enable remote access to my HA installation.
I enabled the DuckDNS Add-on, configured a URL at DuckDNS.org and configured the add-on as specified in the documentation. In addition, I forwarded port 443 on my router to port 8123 of the IP at which my HA install exists.
I also added the following lines to my configuration.yaml file:
After restarting HA I’m unable to reach my HA installation using https://my-domain.duckdns.org (I think I know why - I need to put the Pi on which HA runs in the DMZ of my internet gateway). However, what’s worse, is that while I can reach the HA install using https://ip-address:8123 I’m unable to login using the credentials that I previously used. HA simply responds with an “Unable to connect to Home Assistant - RETRY” message.
Can anyone help me regain access to my HA installation!
Your modem/router must support NAT loopback to be able to connect to a host on your LAN with your WAN address.
That makes that in some cases you can only use your DuckDNS hostname from a foreign network.
What do you mean by “And then”? After using http or what?
I have been struggling with this too lately and there seem to be a lot confusion about it in the many topics I read about it.
I would also think that @samnewman86 is not using SSL (Let’s Encrypt) anymore since he’s able to connect over http.
There are a few things to consider (this is what I have discovered so far):
Have you signed up for a DuckDNS subdomain AND configured Let’s Encrypt
Do you connect from your LAN or from a foreign network to your HA
Do you use a browser or the mobile app (a browser can bypass the problem with the certificate, the app not)
Does your modem/router support NAT Loopback (if yes: you can use your DuckDNS domain to connect, both from WAN & LAN)
Feel free to correct me.
The solution seems to be the " NGINX Home Assistant SSL proxy" Add-on
I am 100% sure that you connect locally over http if you setup a reverse proxy (like NGINX). That’s one of the main reason people use a reverse proxy with HA to be able to have a httos connection externally, but not having the overhead of https for local connections.
I’m running this setup for years.