For internal you will need to setup NAT reflection on your router which basically tells your router if this web address is entered what internal IP address/port to hit.
For external it is a little more difficult to debug. Do you have port 8123 open on your router? If you are using https then you will need to 443 open. If you are trying to SSL (I would suggest it) then you will need to setup NGINX to forward your SSL traffic once it can pass the router to HA.
Hello Thank you for your reply
I am learning all of this so i thank you in advance for you patience .
At the moment i deleted everything. I did have port 443, 8123 in my port forwarding scenario of my routerâŚ
No video or document that i viewed talked about NAT reflection. I will need to inform myself on this
Currently (as a default my router has PPT, L2T2, IPsec, RTSP, H323. SIP as enabled PPPoE is disabled and FTP alg shows 2021.
I tried to install NGINX but it tells me that i need a domain. I gues this is different than the domain from duckdns.
Again thank you
No, use the DuckDNS domain in NGINX. NGINX is a reverse proxy, which routes the incoming traffic from outside the network to the desired location inside your network. It basically tells the system if someone enters the DuckDNS address, then go to this address in your network.
Thank you so much for your reply
I installed Duckdns and configured it according to the forums and the addon is green and configuration yalm with no issues.
PS. I did not install letâs encrypt in the yaml file
I installed and configured Nginx as per the forums
I created 2 port forwarding on my asus ( asus support tells me that it is well configured) as external ports 8123 and 443 and 8123 an internal port pointing to the HA PC
I tried to access my HA from an other pc typing http://a********a.duckdns.org:8123 and as always the connection times out. ( i also tried https://).
It feel that Iâm missing some steps somewhere
You need a port forward from external port 443 to internal port 443 on the machine running NGINX.
Afterwards you access your machine externally through https://yourdomain.duckdns.org or internally through http://ip-of-ha:8123.
Thank you very much for taking the time to respond during your weekend
I did create a port forward from external 443 to internal 443 at the ip of the HA pc
http://HA ip:8123 works well with or without duckdns or nginx
How ever i still cannot reach my HA when using [https://yourdomain.duckdns.org].
I did all that i was suggested to me. however it still does not work.
If i type in google address bar on a laptop in my house on the same network the https://domain.duckdns.org should i expect to reach the laptop on which HA is installed?
could it be a firewall rule that i did not implement and should?
Thank you once again for answering this illiterate individual.
Only if your router supports NAT hairpinning. I would first try it from outside your network and get that working.
It would also be helpful to see your configuration for NGINX and DuckDNS.
Hi Thank you for making yourself available for this
my NGIBX looks like this
domain: arbahomeha.duckdns.org
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
customize:
active: false
default: nginx_proxy_default*.conf
servers: nginx_proxy/*.conf
with port 443/tcp shows 443 and 80/tcp shows disabled
In duckdns add on
lets_encrypt:
accept_terms: true
certfile: fullchain.pem
keyfile: privkey.pem
token: 2my token
domains:
and in configuration.yaml in HA
domain: my domain
access_token: my token
On my router
i have the following port forwarding
=Nginx incoming port 443 local port 443 pointing to my HA laptop
0duckdns incoming port 8123 local port 8123 pointing to my HA laptop
BTW i also asked my daughter to try to access from where she lives
as a matter of completeness here are ma router nat settings (i do not know what you mean by nat hairpinning
able NAT Passthrough to allow a Virtual Private Network (VPN) connection to pass through the router to the network clients.
PPTP Passthrough Enable
L2TP Passthrough Enable
IPSec Passthrough Enable
RTSP Passthrough Enable
H.323 Passthrough Enable
SIP Passthrough Enable
PPPoE Relay Disable
FTP ALG Port 2021
and under basic config it has enable nat yes
I do not know what else to do? or where to look
Thank you
Please format your code correctly as stated in the community guidelines point 11.
You donât need that port forward.
Where in configuration.yaml?
Do you get any errors in the Home Assistant logs, the logs of the DuckDNS add-on or the NGINX add-on?
hi quick reply my daughter tried it and she got this site canât provide a secure connection domain.duckdns.org uses unsuported protocols err|_ssl_version_or_cipher_mismatch
Config.yaml
it is the last entry I typed based upon the website line 23
in the config.yaml beside the basic out of the box settings
I added
switch:
I have not figure out how to copy from the yaml file and past here i tried to replicate the spacing as i see it
I will delete the duckdns port forward and try it again
Sounds like the SSL certificates have not been created.
You donât need this in configuration.yaml, also Home Assistant should throw an error with this config.
Read the link I provided, it explains how to properly format code.
Again any errors in the DuckDNS add-on, the NGINX add-on or Home Assistant logs?
Hello
Both Duckdns and Mginx logs show no errors
Here is a print screen of my configuration.yaml file
The logs for duckdns and for nginx show no errors or warning
nginx
duckdns
I hope the screenshots are visible
who and how should the ssl certificate be generated?
I
Iâm sorry did you read the community guides I linked? No screenshots of code, just properly format your codeâŚ
The following needs to be added to configuration.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
Can you please show the logs of the NGINX and the DuckDNS add-ons (and please no screenshots)? The rest of your config looks fine.
Hello
yes i did read the guideline.
I understand that in linux/unix world spaces indentation, upper case and general text formatting is very important
I did not see how to copy and paste.
what /who is 172.30:33.0/24
I tried to insert the parameter as you stated The configuration.yaml was ok and i checked the configuration and it was valid and then restarted HA. still i did not get access for my PC to HA
I also tried to substitute the ip address given with the duckdns generated ip. same result
here are the latest log
I do not see any issues
[00:22:33] INFO: OK
146.241.18.84
NOCHANGE
[00:27:34] INFO: OK
146.241.18.84
NOCHANGE
[00:33:06] INFO: OK
146.241.18.84
NOCHANGE
[00:38:07] INFO: OK
146.241.18.84
NOCHANGE
[00:43:08] INFO: OK
146.241.18.84
NOCHANGE
[00:48:09] INFO: OK
146.241.18.84
NOCHANGE
[00:53:10] INFO: OK
146.241.18.84
NOCHANGE
[00:58:11] INFO: OK
146.241.18.84
NOCHANGE
[01:03:12] INFO: OK
146.241.18.84
NOCHANGE
[01:08:13] INFO: OK
146.241.18.84
NOCHANGE
[01:13:45] INFO: OK
146.241.18.84
NOCHANGE
[01:18:46] INFO: OK
146.241.18.84
NOCHANGE
01:23:47] INFO: OK
146.241.18.84
NOCHANGE
[01:28:48] INFO: OK
146.241.18.84
NOCHANGE
[01:33:49] INFO: OK
146.241.18.84
NOCHANGE
[01:38:52] INFO: OK
146.241.18.84
NOCHANGE
[01:43:53] INFO: OK
146.241.18.84
NOCHANGE
[01:48:54] INFO: OK
146.241.18.84
NOCHANGE
[01:53:54] INFO: OK
146.241.18.84
NOCHANGE
[01:58:55] INFO: OK
146.241.18.84
NOCHANGE
[02:03:56] INFO: OK
146.241.18.84
NOCHANGE
[02:08:57] INFO: OK
146.241.18.84
NOCHANGE
[02:14:30] INFO: OK
146.241.18.84
NOCHANGE
[02:19:30] INFO: OK
146.241.18.84
NOCHANGE
[02:24:31] INFO: OK
146.241.18.84
NOCHANGE
[s6-init] making user provided files available at /var/run/s6/etcâŚexited 0.
[s6-init] ensuring user provided files have correct permsâŚexited 0.
[fix-attrs.d] applying ownership & permissions fixesâŚ
[fix-attrs.d] done.
[cont-init.d] executing container initialization scriptsâŚ
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[15:05:13] INFO: Running nginxâŚ
thank you so much. your availability and patience is greatly appreciated
You mentioned that the ssl certificate may be missing.
In reading up on this I can acros an HA support page suggesting to input the following
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
do i need to add this somewhere
You copy the text, paste it here, then either highlight the whole text and press the </> button in the top bar or you add ``` at the beginning and at the end of the code lines.
Thatâs the docker network running Home Assistant, your add-ons etc.
That wonât work. This config is to allow NGINX to forward request to Home Assistant.
No, this is only needed if you donât use NGINX.
Are there any files in the directory SSL? If there are not, then the certificates are missing.
For DuckDNS the log at the beginning would be more helpful, as it creates the certificates in the beginning.
hi and good morning
Thank you for responding, patience and teaching
The dockdns is the complete log i see in the addon log page. Today it looks the same with additional time stamps
since early this morning I have been searching my debian 10 laptop (i never used linux OS before this).
The dockdns is the complete log i see in the addon log page. Today it looks the same with additional time stamps
I found under /usr/share/hassio/ssl/
I believe this is what you are asking for
fullchain.pem and privkey.pem files
I cannot open fullchain.pem but opening privkey.pem I see the content
Thank you
Restart the addon to see logs pertaining to certicate request.
I also read now that there are many people with issues with DuckDNS recently, so it might be that the problem is on DuckDNS side and not on your side.
Hi There
Here are duckâs latest log
[s6-init] making user provided files available at /var/run/s6/etcâŚexited 0.
[s6-init] ensuring user provided files have correct permsâŚexited 0.
[fix-attrs.d] applying ownership & permissions fixesâŚ
[fix-attrs.d] done.
[cont-init.d] executing container initialization scriptsâŚ
[cont-init.d] done.
[services.d] starting services
[services.d] done.
tText
Hello
iâm getting utterly frustrated with duckdns. how can i confirm that the issue is on their side and what to do then.
as ma main reason to move to HA was the geofencing function that is much more flexible that on Vera
I was looking at duckdns to allow my daughter who lives abroad to have access to my network and for me to have access from my android phone.
is there an alternative to duckdns that will work with HA and allow my daughter to access my environment
thank you for your contribution