Configurator access with Duckdns

tbar05 · November 22, 2018, 11:24am

complete noob… trying to setup duckdns

i can load home assistant on my local network using https://myname.duckdns.org/states and it works fine. but when i try to load the configurator and click on ‘open web UI’ it fails and says this site cant be reached.

i also cant access anything outside of my local network.

not sure if i have my port forwarding correct, it looks like this:

[Album] Imgur

anyone help me access the config we UI and also home assistant from outside my local network?

rubendijk · November 22, 2018, 11:41am

Hello @tbar05

Are you running Hassio?
if you run Hassio watch this movie : https://www.youtube.com/watch?v=VUTPAoB27iQ
i think the problem is solve when you watch the movie

tbar05 · November 22, 2018, 8:30pm

yes i am running hassio.

i had already watched that but still couldnt quite get it.

i do have a different error now tho. when i click open web UI i can enter my user/pw but then it comes up with ‘Policy not fulfilled’

DavidFW1960 · November 22, 2018, 8:45pm

That’s an ssl error. You haven’t posted the config yet

tbar05 · November 22, 2018, 8:59pm

this is what is showing now. i added in the line “0.0.0.0/0”, which seems to work, not sure if thats safe/what its supposed to be tho.

i can now access the configurator, so thanks for the help, BUT i still cant access HA from outside my local network

{
“username”: “admin”,
“password”: “i changed this to my pw”,
“ssl”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”,
“allowed_networks”: [
“192.168.0.0/16”,
“172.30.0.0/16”,
“0.0.0.0/0”
],
“banned_ips”: [
“8.8.8.8”
],
“banlimit”: 0,
“ignore_pattern”: [
“pycache”
],
“dirsfirst”: false,
“enforce_basepath”: false,
“notify_service”: “persistent_notification.create”
}

danielperna84 · November 22, 2018, 9:29pm

By doing that you allow the entire internet to brute force your login credentials. If you have a really secure password that could be ok. It would be far more secure though if you make use of the sesame feature.

DavidFW1960 · November 22, 2018, 9:38pm

so are you using an iFrame outside your local network? How is that configured?
I don’t have ssl true in my config (even though I use a reverse proxy with ssl)
I second Daniels comments about using a sesame.

tbar05 · November 23, 2018, 12:59am

You completely lost me there… How will I tell?

I’m just going to https://myduckname.duckdns.org.au on my phone cellular connection to try and access

DavidFW1960 · November 23, 2018, 1:02am

well you lost me as that address won’t even be valid!

Do you mean https://domain.duckdns.org:3218 ?

Policy notfulfilled is an SSL error usually - you are trying to access a https site by http …

tbar05 · November 23, 2018, 1:13am

Sorry, yes that is what I mean. I get a this site can’t be reached message on my phone

DavidFW1960 · November 23, 2018, 1:15am

so do you have port 3218 forwarded to 3218 in your router?

tbar05 · November 23, 2018, 1:46am

yes, i do…

[Album] Imgur

tbar05 · November 23, 2018, 2:52am

Ok, slowly but surely…

https://domain.duckdns.org:3218 now works I can access the configurator on my phone

But how to I access the main home assistant page…
https://domain.duckdns.org:8123 doesn’t work

DavidFW1960 · November 23, 2018, 4:53am

well externally you are forwarding 8123 to 443 so you should just use https://domain.duckdns.org

tbar05 · November 23, 2018, 5:15am

I must be doing something wrong somewhere else then cause that doesn’t work either

DavidFW1960 · November 23, 2018, 5:24am

I had similar issue before I switched to using caddy.

try forwarding 8123-8123 and then putting that on the end.

gurbina93 · November 23, 2018, 6:34am

If you’re using SSL just forward external port 443 to your Hassio IP and port 8123
When you access just use:
Https://tournament.duckdns.org

For the configurator you need to do the same thing from external port 3218 to your Hassio IP and port 3218.
For configurator access use:
Https://tournament.duckdns.org:3218

For both you need to check they’re within the allowed networks if you have restricted. In the case of configurator you have to set the settings you’ve already set but any IP will be able to reach it.

Be aware that you cannot mix https and http. Either everything is Http or Https otherwise most browser such as Chrome will show empty iframes. On a PC you can always click on the little shield at the end of the URL bar and allow unsafe scripts to run, haven’t found an alternative for mobile devices.

My advice, use the VPN function of your TPLink Router. This way only people with access to your VPN profile will be able to access your HA and you’ll have unrestricted access to your intranet so no need to set up or forward any ports or network configuration. The only caveat is that you need to connect to your VPN whenever you want to access it, or always be connected to it and go through your home network.

tbar05 · November 23, 2018, 6:37am

after forwarding the 8123 to 8123 it now works. i can access remotley! thank you very much for your help.

i still have the issue where if im not using 0.0.0.0/0 in the config i cant get the confiurator to work from outside my network…

in the allowed_networks in the config file, how come i cant just add my ip and have it work?

DavidFW1960 · November 23, 2018, 6:55am

because externally you’re on a dynamic ip that keeps changing.

Did you follow Daniel’s advice and use a sesame???

tbar05 · November 24, 2018, 1:34am

i couldnt really understand how to use sesme and set it up