I have my Home Assistant set up ( Home Assistant Operating System 7.0) with Duck DNS and Let’s Encrypt.
So all https.
Now I’m trying to receive a Webhook from my Nuki Bridge as described here:
Webhook senden, wenn es an der Tür klingelt? (Second Post. English - developer.nuki.io)
The can’t send encrypted, just plain http. Is there a way to set up the Duck DNS Addon that it allows http connections on a different port?
That is not related to duckdns.
HTTPS URL without port suffix will automatically go to port 443.
HTTP URL without port suffix will automatically go to port 80.
Those two ports are defined as well-know ports by the standardisation organisation that controls these port definitions.
But if you choose to use duckdns, then you go through the internet to get to you site, since that is how duckdns works.
Why not just use local IP?
Well. Maybe sort of. From my understanding ‘Let’s Encrypt’ is integrated in the Duck DNS addon of Home Assistant.
I need access from the internet for a lot of things in my home. So I need remote access.
The main question is, how I setup Home Assistant, that encrypted remote access works, but it also allows unencrypted callbacks from the local network.
I beging to see you problem.
Normally a service can be bound to several ports and the ports can then be defined with specific setups.
Port 443 is the standard well-known port for HTTPS, so you would normally bind the service to this port and set up SSL encryption.
Port 80 is the standard well-known port for HTTP, so you would just bind the service to this port.
Problem is that I can not really figure out how to bind the frontend to multiple ports.
Yeah… My first impulse was to set up a reverse Proxy with Apache.
But since the Home Assistant OS is so limited, I’d need another Raspberry Pi for that. I wish the Home Assistant OS could be a vanilla Raspberry Pi OS.
I use the add-on “NGINX Home Assistant SSL proxy” for that. Externally the communication is https, and internal I use the http connection.
Here is a guide: Set up Home Assistant with secure remote access using DuckDNS and Nginx proxy : Konnected Help & Support
The Nginx Home Assistant SSL Proxy addon is the simplest way. I have https access via the fully qualified domain name, and also local http access on port 8123 with either the fully qualified domain name or the local IP address.
I tried the manual for the nuki callback, and it works perfectly with NGINX!
Thanks a lot everyone for pointing me in the right direction! <3
As I wrote I implemented the nuki ring webhook and after testing it, I deactivated it again. Why? Well every bell ring activated the automation. It sounds good, but e. G. The ring to open also activated the automation. When I deactivated the bell, the automation was triggered as well.
So if my kids are sleeping the sound on my Amazon Alexa would be triggered as well… therefore I will have a look if I can fetch if the bell is deactivated and will update the automation!
I use the add-on “NGINX Home Assistant SSL proxy” for that. Externally the communication is https, and internal I use the http connection.
Here is a guide: Set up Home Assistant with secure remote access using DuckDNS and Nginx proxy : Konnected Help & Support
Thanks again for pointing in the right direction! The setup guide was very helpful! For the NGINX Home Assistant SSL proxy to work I had to set up MariaDB first. Somehow it seems to be a prerequisite now, even though the official setup guide doesn’t mention that either.
Anyways… It works now! 
It sounds good, but e. G. The ring to open also activated the automation. When I deactivated the bell, the automation was triggered as well.
So if my kids are sleeping the sound on my Amazon Alexa would be triggered as well… therefore I will have a look if I can fetch if the bell is deactivated and will update the automation!
Yeah… I’m not sure if that is possible. I use an old WiFi electromechanical relay (Tuya local integration) to control my doorbell. That makes things a lot easier… According to the Nuki Bridge HTTP API (developer.nuki.io) it is not possible. ( See # 4.3 - Lock States )