Configurator access with Duckdns

complete noob… trying to setup duckdns

i can load home assistant on my local network using and it works fine. but when i try to load the configurator and click on ‘open web UI’ it fails and says this site cant be reached.

i also cant access anything outside of my local network.

not sure if i have my port forwarding correct, it looks like this:

anyone help me access the config we UI and also home assistant from outside my local network?

Hello @tbar05

Are you running Hassio?
if you run Hassio watch this movie :
i think the problem is solve when you watch the movie :wink:

1 Like

yes i am running hassio.

i had already watched that but still couldnt quite get it.

i do have a different error now tho. when i click open web UI i can enter my user/pw but then it comes up with ‘Policy not fulfilled’

That’s an ssl error. You haven’t posted the config yet

this is what is showing now. i added in the line “”, which seems to work, not sure if thats safe/what its supposed to be tho.

i can now access the configurator, so thanks for the help, BUT i still cant access HA from outside my local network

“username”: “admin”,
“password”: “i changed this to my pw”,
“ssl”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”,
“allowed_networks”: [
“banned_ips”: [
“banlimit”: 0,
“ignore_pattern”: [
“dirsfirst”: false,
“enforce_basepath”: false,
“notify_service”: “persistent_notification.create”

1 Like

By doing that you allow the entire internet to brute force your login credentials. If you have a really secure password that could be ok. It would be far more secure though if you make use of the sesame feature.

so are you using an iFrame outside your local network? How is that configured?
I don’t have ssl true in my config (even though I use a reverse proxy with ssl)
I second Daniels comments about using a sesame.

You completely lost me there… How will I tell?

I’m just going to on my phone cellular connection to try and access

well you lost me as that address won’t even be valid!

Do you mean ?

Policy notfulfilled is an SSL error usually - you are trying to access a https site by http …

Sorry, yes that is what I mean. I get a this site can’t be reached message on my phone

so do you have port 3218 forwarded to 3218 in your router?

yes, i do…

Ok, slowly but surely… now works I can access the configurator on my phone

But how to I access the main home assistant page… doesn’t work

well externally you are forwarding 8123 to 443 so you should just use

I must be doing something wrong somewhere else then cause that doesn’t work either

I had similar issue before I switched to using caddy.

try forwarding 8123-8123 and then putting that on the end.

If you’re using SSL just forward external port 443 to your Hassio IP and port 8123
When you access just use:

For the configurator you need to do the same thing from external port 3218 to your Hassio IP and port 3218.
For configurator access use:

For both you need to check they’re within the allowed networks if you have restricted. In the case of configurator you have to set the settings you’ve already set but any IP will be able to reach it.

Be aware that you cannot mix https and http. Either everything is Http or Https otherwise most browser such as Chrome will show empty iframes. On a PC you can always click on the little shield at the end of the URL bar and allow unsafe scripts to run, haven’t found an alternative for mobile devices.

My advice, use the VPN function of your TPLink Router. This way only people with access to your VPN profile will be able to access your HA and you’ll have unrestricted access to your intranet so no need to set up or forward any ports or network configuration. The only caveat is that you need to connect to your VPN whenever you want to access it, or always be connected to it and go through your home network.

after forwarding the 8123 to 8123 it now works. i can access remotley! thank you very much for your help.

i still have the issue where if im not using in the config i cant get the confiurator to work from outside my network…

in the allowed_networks in the config file, how come i cant just add my ip and have it work?

because externally you’re on a dynamic ip that keeps changing.

Did you follow Daniel’s advice and use a sesame???

i couldnt really understand how to use sesme and set it up