It seems to be fairly well documented that you need DNS loopback to access HA after DuckDNS has been configured.
I have ports forwarded on the router and I can access HA via the LAN and WAN. The current configuration will call the DuckDNS servers even if I am connected to my LAN. I would like for the iOS app to communicate directly to HA when on the LAN. My web browser can access https://192168.x.x (local address) but there is no certification (as expected). It seems to be the same within iOS app but the app does not let me advance to HA. Is there an easy method to pull the certification so I can access my local HA without certification issues?
Thanks for that. the āNGINX Home Assistant SSL proxyā add on seems to be the better option. āNginx Proxy Managerā also requires āMariaDBā add-on which seems pointless for my basic application. Just need to figure out how to get this setup.
I can confirm I have āDuckDNSā and āNginx home assistant SSL Proxyā add-ons configured so I can access HS remotely via HTTPS and HA locally with HTTP.
If you follow both the instructions in the documentation of those add-ons but comment out (#) or delete the following in configuration.YAML. youāll gain access as intended
Bringing this back from the dead, 2 years laterā¦ Iām trying to follow the instructions given here, in the NGINX documentation, the DuckDNS documentation, and the link posted above. Unfortunately, nothing seems to quite work for me and I suspect itās because of my current setup.
I canāt forward port 443 in my router because I have another server using that one. When I attempt another port, nothing quite works right - I get connection rejected/reset messages for my local IP in the app, security warnings in the desktop, and the external address stops working completely.
Anyone willing to help me sort this mess out?
You donāt need nginx to do this. If ha is doing ssl on 8123 already, all you need is to install the dnsmasq add on and configure an A record for your home assistant server using the fqdn you chose for duckdns. Then devices inside your LAN will be able to access it securely, by name, without hairpinning your firewall. For external access, just do a nat for 8123 instead of trying to port forward 443 to 8123.
Okay so itās possible Iām partially hosedā¦ Iām using Ubiquiti products and, from what I can gather from various forum posts, itās an absolute and colossal PITA to create NAT rules for their equipment. The video instructs us to change the DNS address of the DHCP server to the IP of the HA server; I currently have the primary and secondary set to 4.4.4.4 and 8.8.8.8, respectively. Should I just set the primary IP to that of my HA instance and the secondary to 4.4.4.4 so other devices that donāt care about HA can fall back to the other IP?
Iām also using Ubiquiti gear, and itās quite simple to create NAT rules. In fact, itās so simple that I have automated them so they turn on and off based on whether not not everyone is home. That way, when everyone is at home and there is no need for remote access to HA, the firewall rules are turned off to lessen my attack surface.
That aside, what I did was to only use my HA server for primary DNS and left secondary DNS blank. There is no āother devices that donāt care about HAā. Fallback - for anything on the network - would only take place when and if your HA server became unavailable for some reason. Since I run my gear on reliable hardware, I donāt worry about that. Being able to control my DNS resolution is far more important to me.
Even beyond that, though, Iām not sure what the 4.4.4.4 IP is. Itās likely not what you think it is, either.
