Connecting to HA externally - Unable to connect to Home Assistant

Hello

I have been using Home Assistant for about two weeks now, and everything has been going more or less smoothly. Now, I want to be able to access my dashboard when I am away from home, but still be able to access my via local IP.

I started by setting up DuckDNS and LetsEncript, but after many issues, I decided to just try and get the dashboard to be accessed externally first. As a web developer, I know the importance of SSL, and will be adding it later after I get this first part figured out.

First things first, I port forwarded port 8121 on both my mesh network and router. Accessing the local IP via browser or the app works just fine. If I access it externally by IP (107.xxx.xx.xx:8123) one of the following happens:

  • “The server stopped responding”. This means that is connected to the server (port forwarding works) but the server never responded.
  • Home assistant logo appears in the middle of the screen, no text or other graphics
  • Login screen appears. After logging in, the message “Unable to connect to home assistant” appears. If I reload, point #2 happens.

In all cases, it loads extremely slowly. The bottom two are the most common. I feel that the first one happens because the browser times out while waiting for a response. Accessing it over local IP is super fast. I expected it to be slower, but not this slow (I also expected it to work).

Using my Duck DNS subdomain (xx.duckdns.org:8123) I almost always get point #2 from above.

If anyone knows of any tips/tricks/articles/topics that could help me out, I would greatly appreciate it.

Thanks!

There is no chance that I would allow unencrypted access to my HA instance.

There are two options (and possibly more, but these are the most popular):

DuckDNS and LetsEncrypt - in conjunction with a DNS server so you don’t get certificate errors internally.

Nabu Casa.

I’ve taken the liberty of including YouTube videos on how to set each of them up below.

as a web coder you should be able to:
1- set up a duckdns (or any other dns providers to your external IP
2- forward port 8123 to the internal IP of HA
3- assign the dnsname of your local network within your router
4- access http://my.dns.name:8123

you could also use https provided you have a valid ssl certificate :wink:

You would think that I would be abke to figure that out, yes. Unfortanetly, I seem to always get stuck in a hole whenever I try something new, and unfortanelty, this seems to be no exception.

I ended up corrupting my install with a messed up config file (And never setup SSH) but managed to edit out the bad part usong the CLI and a post on the forum.

I think I’m just going to restart with the help of YouTube and hope I don’t mess up again.

Ok, so I got it working, kind of.

Before I did anything, the system loaded completely in under a second.

I added DuckDNS and the certificate from LetsEncript and it connects, but never loads. It takes 8 seconds to display the login page, then spits out a “Unable to connect to Home Assistant. Retrying in xx” message that does not go away even if you reload.

I can access it via homeassistant.local:8123 after bypassing the certificate and it loads fast and just fine on my PC.

However, none of it will load on my iPad, and the app can no longer find the server.

Did you set the duckdns domain in your router?

I used to forwarded port 443 to 8123, which allowed me to differentiate between ‘local’ and ‘remote’ (based in SSID):
internal url: https://my.duck.dns:8123 (which resolves in 192.168.0.10 by my router)
external url https://my.duck.dns (wich resolves in my external IP by my ISP’s DNS)

However, nowadays I configured hairpin DNS, so all is dealt with by my router, no longer any need to differentiate between internal/external :stuck_out_tongue:

I don’t think I understand what you mean by that.

Currently, I have this setup for my router:
image

My configuration.yaml looks like this:

http:
    ssl_certificate: /ssl/fullchain.pen
    ssl_key: /ssl/privkey.pem

use the dns server from your router to ‘spoof’ your (duck)dns name internally…

No need to forward both 8123 and 443
When you use http forward port 80 to 8123 and use http://my.domain.dns/
When you use https forward port 443 to 8123 and use https://my.domain.dns/

(or just forward port 8123 only and use
http://my.domain.dns:8123/ or https://my.domain.dns:8123/)

Good idea, I should just do that instead, remove the need to remember a port number. That still won’t solve the speed and loading issue though.

And my router is unfortunately quite old, and was ISP provided, so I don’t have those kind of settings.

If your router doesn’t support dns, you could try:

Use a reverse proxy like this one. Then remove all SSL options from HA and move your certificate info over to the reverse proxy addon. Then when you go to https://{your duckdns url} it goes to your reverse proxy then to HA and works without issue. And inside your network you can still go to http://homeassistant.local:8123 without any certificate errors.

There are many ways to Rome….
:yum:

I mean its true but imo a reverse proxy is a far simpler option in this case. It works as long as your router can support port forwarding (which the author’s router does). As opposed to buying a new router or trying to flash this ISP router (which seems like a bad plan if even possible as I imagine they’re renting it).

And sure dnsmasq or adguard could work but comes with an additional set of challenges:

  1. Does this ISP router support changing the DNS server to use?
  2. If it does support changing the DNS server, does it actually hand that address to DHCP clients or does it hand its address and expect to be the proxy to the DNS server? The latter won’t work with a DNS server in the LAN (as I found out the hard way with my Netgear Orbi)
  3. Is the author comfortable with their entire network going down when the HA machine restarts? Since the DNS server all clients are using will be down.

Also maybe its just me but I strongly prefer to let something like Nginx handle the complexities of SSL verification and management. Rather then HA which is Home Automation software that also has some SSL options.

I’ve always used my own local dns…even before running HA and now i use hairpin also, which resolved my issue using different ports local/remote…

and http://193.168.0.10:8123 always works, but might throw a certificate error (won’t work on IOS though)

Guess it all comes down how comfortable one is, i happen to be a network engineer, and this is just ‘basics’ to me :wink:

Looks interesting for sure, and worth a shot. I’ll check it out when I have more time since something will most certainly go wrong.

I don’t think so. It is at least 9 years old if not older.

Personally, I would be fine. Other users of the network would hate me though.

I happen not to be one :slight_smile:
I also happen to be pretty bad at UI design (But not bad at UX). Does not quite make sense considering I am a web developer. Oh well, best stick to the backend of things.

My 20 year old linksys wrt54g from 2002 supports it… and is still in use…

I would use a reverse proxy server if i needed one, but i think it’s a bit overkill to run another addon (=docker) just to solve a small issue with duckdns if your router could do the same.

But ofc, it also depends on what hardware HA runs…i would not add too many addons on a RPI3 :thinking:

Rasp Pi 4B. Leftover from a project that failed.

I installed the Proxy plugin, and acessing over local IP still works (So does the external IP).

If I visit my DuckDNS domain name, the browser displays 400: Bad Request over both HTTP and HTTPS. Only did that once.

I realised that I still had the HTTP section of my configuration.yaml commented out, so I uncommented it:

http:
    ssl_certificate: /ssl/fullchain.pen
    ssl_key: /ssl/privkey.pem

But after that, I could only access it over the DuckDNS domain name, and it always timed out on my PC (The iPhone app connected).

What did I do wrong?

EDIT

With the plugin installed and the configuration.yaml code shown above commented out again, my PC reports Unable to connect to Home Assistant. Retrying in -68 seconds... for the DuckDNS domain. The iPad says it cannot connect, and the app says reports an error code of NSURLErrorDomain -1200, could not make a secure connection to the server.

Accessing over local or external IP works fine.

Hey @CentralCommand and @aceindy, is it possible to get this up again over HTTPS? I messed with it again yesterday but kept getting error and eventually gave up. HTTPS and HTTP are still not working over the DuckDNS domain, but both the internal and external domains work fine.

Thanks for your help!