You already gave that link, hassio is always installed in Docker. I’m not quite sure why anyone would install hassio-core.
I understand that some people want to use their machines for ‘other things’ but any extra packages (not HA related) surely just reduce uptime and reliability.
And you can do that using the above hassio installation method getting all the goodies too.
I’m happy to keep my HA machine for HA
1 Like
Particularly when a Pi is so cheap anyway. I have half a dozen Pi’s all dedicated to specific purposes.
1 Like
thanks, so i installed ha on my raspberry pi using manual supervised install. everything working back to normal now and i have add-on store. now will try your method of setting up ssl. will keep you posted.
I was able to successfully setup ssl on ha. Thanks again for the help. I just needed add-on store that’s all.
Finally! The ONLY mistake I kept making was step 3. Instead of forwarding 443 to 443, I was forwarding it to 8123, because of my previous integration. Once I fixed this step, everything started working like a charm! Thank you!
1 Like
You are welcome.
I got VERY frustrated trying to get this to work, so I know where you are coming from.
To be fair, others have managed to get this to work with other ports but keeping https traffic (normally on 443) on 443 throughout just seems logical and ‘right’ somehow
1 Like
Thanks a thousand times, it finally worked 
I don’t get that anyone is suggesting it works with duckdns addon only, I’ve been trying everything.
Someone mentioned voice assist working better with the paying cloud service, any merit to this?
That is true, I think (not tried it myself) though as you intimate, there are other means for both Alexa and Google. (See other threads)
Can I just say thank you, and thank you some more for this.It has taken most of the day but I have got there. I now have internal and external access to HA.
It was fiddly as I had to keep changing port from 443 to 8123 so I could then uncomment out the http bit etc but it now works and it hasnt done since I started HA over a year ago.
Just to confirm I do not have port 80 redirected but everything else is as you described!
If you read the thread in detail I noted that port 80 did not seem necessary to me and I deleted it and everything did (and continues to) work as intended.
So can you mark your other thread as solved ?
ive been going in circles for days now, somebody please help me!
I followed the steps from Mutts post #24
configuration.yaml: nothing
duckdns config (typed quotes in but they remove themselves when I save):
lets_encrypt:
accept_terms: true
certfile: fullchain.pem
keyfile: privkey.pem
token: MYTOKENFROMDUCKDNS
domains:
mydomainXXXXXX.duckdns.org
seconds: 300
nginx config:
“domain”: “mydomainXXXXXX.duckdns.org”
“certfile”: “fullchain.pem”
“keyfile”: “privkey.pem”
“hsts”: “max-age=31536000; includeSubDomains”
“customize”:
“active”: false
“default”: “nginx_proxy_default*.conf”
“servers”: “nginx_proxy/*.conf”
on my router ive set 443 to 443 and 8123 to 8123
ive tried
mydomainXXXXXX.duckdns
mydomainXXXXXX.duckdns
mydomainXXXXXX.duckdns:443
mydomainXXXXXX.duckdns:8123
https://mydomainXXXXXX.duckdns:443 (without spaces)
https://mydomainXXXXXX.duckdns:8123 (without spaces)
mydomainXXXXXX.duckdns:443
mydomainXXXXXX.duckdns:8123
all of them just give connection timed out.
can somebody please tell me what im doing wrong or give me any tips how I might fix it?
Thanks!
What are you using for an editor ?
Hi Muttly, thanks for replying
typing into the duckDNS config window before save:
but reverts to before after save.
duckDNS log:
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[08:04:18] INFO: OK
79.69.171.130
NOCHANGE
# INFO: Using main config file /data/workdir/config
Processing XXXXXXXX.duckdns.org
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Aug 8 07:11:40 2020 GMT Certificate will not expire
(Longer than 30 days). Skipping renew!
[08:09:22] INFO: OK
79.69.171.130
NOCHANGE
[08:14:23] INFO: OK
79.69.171.130
NOCHANGE
[08:19:24] INFO: OK
79.69.171.130
NOCHANGE
nginx log:
...
[services.d] starting services
[services.d] done.
[08:07:21] INFO: Starting NGinx...
[08:07:21] INFO: Starting the Manager...
[5/12/2020] [8:07:25 AM] [Migrate ] › ℹ info Current database version: 20190227065017
[5/12/2020] [8:07:25 AM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...
[5/12/2020] [8:07:25 AM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[5/12/2020] [8:07:25 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
[5/12/2020] [8:07:25 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
[5/12/2020] [8:07:25 AM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized
[5/12/2020] [8:07:25 AM] [SSL ] › ℹ info Renewing SSL certs close to expiry...
[5/12/2020] [8:07:25 AM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized
[5/12/2020] [8:07:25 AM] [Global ] › ℹ info Backend PID 533 listening on port 3000 ...
[5/12/2020] [8:07:27 AM] [Nginx ] › ℹ info Reloading Nginx
[5/12/2020] [8:07:27 AM] [SSL ] › ℹ info Renew Complete
all seems to be working so I dont know whats going wrong!
router page:
| Enable | Service | Protocol | External host | Internal host | External Port | Internal Port | Options |
|---|---|---|---|---|---|---|---|
| Hassio_1 | TCP | * | 192.168.1.60 | 80 | 80 | ||
| Hassio_2 | TCP | * | 192.168.1.60 | 8123 | 8123 | ||
| Hassio_3 | TCP | * | 192.168.1.60 | 443 | 443 |
ive also checked the IP on the router page against the IP on duckDNS and they match so dont think there is CGNAT issue
Nick,
From how long you’ve been on the forum and the quality of your investigations, formatting of posts and clarity of actions, I’m very impressed.
You are clearly not an idiot and have worked through this quite well.
I have updated my solution above with the information you have brought to light.
However : - 1. When something doesn’t work, reduce it to the basics. 2. Get the fundamentals working then enhance it till it breaks, so you know where your problem is.
I notice that my ‘new’ duckDNS config has a list item for domains “-”, yours does not (probably does not matter but …)
I also notice that (though I NEVER added this myself) my config now says “cloudflare: false” (but without the quotes) I see that your logs reference cloudflare, so disable what’s allowing that and include the “cloudflare: false” bit (again this is just working through the possibilities.
I agree that you do not seem to have a CGNAT issue 
DO NOT FORWARD 8123 traffic ANYWHERE This is direct unencrypted traffic it should not be on the internet as such
You do not need port 80 so remove your Hassio_1 and Hassio_2 rules
Your nginx config seems to have lead in and lead out quotes rather than just plain ASCII quotes, please confirm that this is just that you did not chose ‘preformatted text’ as a box to enter it ?
Go back, copy my new config (both instances), pasting it into your config, changing the necessaries.
Confirm that you DO NOT have http: or https: headers in your configuration.yaml
What is causing your cloudflare config anyway ? Can you post a sanitised version of your configuration.yaml ?
As you can see from this thread I spent A LOT of time solving this with the help of some very clever people, You may not get an instant win here. Be patient have Perseverance I’m sure you’ll get there.
[ Though they do have nabu casa as a paid for version of same (motive ???) which also solves voice services. ]
ive only had the pi for 2 weeks or so still learning quite a bit! I know there are a lot of variables so the more data the better! saying that, I did cut the top out of the nginx log above and put “…” just to reduce the length of the post a bit!
ive removed the 8123 and 80 rules as advised from router page.
here is my config page. there are probably lots of stupid things ive done so dont beat me up too bad!
# Configure a default setup of Home Assistant (frontend, api, etc)
default_config:
# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
# http:
# base_url: example.duckdns.org:8123
# Text to speech
tts:
- platform: google_translate
#http:
# base_url: https://XXXXXX.duckdns.org
# ssl_certificate: /ssl/fullchain.pem
# ssl_key: /ssl/privkey.pem
#lovelace:
# resources: !include lovelace/rescources/resources.yaml
python_script:
group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
light:
- platform: group
name: Downstairs
entities:
- light.lr
- light.lr2
- light.dr
- light.sl
- light.k
- platform: group
name: Upstairs
entities:
- light.su
- light.br
- light.b
- light.sr
- platform: group
name: liv_room
entities:
- light.lr
- light.lr2
- light.sl
zha:
radio_type: ti_cc
usb_path: /dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0018DF5D2A-if00
baudrate: 115200
tuya:
username: 'XXXXXXX'
password: 'XXXXXXX'
country_code: '44'
platform: "smart_life"
switch:
platform: broadlink
host: 192.168.1.47
mac: XXXXXXXXXXXXXX
type: rm4c_pro
remote:
platform: broadlink
host: 192.168.1.47
mac: XXXXXXXXXXXXXX
type: rm4c_pro
ifttt:
key: XXXXXXXXXXXXXXXXXXXXXXXXXXXX
sensor:
- platform: systemmonitor
resources:
- type: memory_use
- type: memory_use_percent
- type: memory_free
- type: processor_use
- type: load_1m
# - type: load_5m
# - type: load_15m
- type: last_boot
- type: network_in
arg: eth0
- type: network_out
arg: eth0
- type: process
- platform: rpi_power
text_state: true
#lovelace:
# mode: yaml
hacs:
token: XXXXXXXXXXXXXXXXXXXXXXXXXXXX
sidepanel_title: HACS
sidepanel_icon: mdi:store
options:
experimental: true
#yamaha amp
media_player:
- platform: yamaha_musiccast
host: 192.168.1.14
#mqtt:
# broker: 192.168.1.11
# discovery: true
# discovery_prefix: homeassistant
# username: "XXXXXXX"
# password: "XXXXXXX"
full nginx log just in case:
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] permissions: applying...
[fix-attrs.d] permissions: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing...
-----------------------------------------------------------
Add-on: Nginx Proxy Manager
Manage Nginx proxy hosts with a simple, powerful interface
-----------------------------------------------------------
Add-on version: 0.5.0
There is an update available for this add-on!
Latest add-on version: null
Please consider upgrading as soon as possible.
System: HassOS 3.13 (armv7 / raspberrypi4)
Home Assistant Core: 0.109.6
Home Assistant Supervisor: 222
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing...
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] mysql.sh: executing...
[cont-init.d] mysql.sh: exited 0.
[cont-init.d] nginx.sh: executing...
[cont-init.d] nginx.sh: exited 0.
[cont-init.d] npm.sh: executing...
[cont-init.d] npm.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[12:11:04] INFO: Starting NGinx...
[12:11:04] INFO: Starting the Manager...
[5/12/2020] [12:11:07 PM] [Migrate ] › ℹ info Current database version: 20190227065017
[5/12/2020] [12:11:07 PM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...
[5/12/2020] [12:11:07 PM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[5/12/2020] [12:11:08 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
[5/12/2020] [12:11:08 PM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
[5/12/2020] [12:11:08 PM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized
[5/12/2020] [12:11:08 PM] [SSL ] › ℹ info Renewing SSL certs close to expiry...
[5/12/2020] [12:11:08 PM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized
[5/12/2020] [12:11:08 PM] [Global ] › ℹ info Backend PID 533 listening on port 3000 ...
[5/12/2020] [12:11:10 PM] [Nginx ] › ℹ info Reloading Nginx
[5/12/2020] [12:11:10 PM] [SSL ] › ℹ info Renew Complete
we’re not there yet
???
???
???
Okay, it looks clean but you do have a LOT of integrations going on in there, you ‘may’ want to try binary division on removing/adding back in to see (remove = “#” comment out, start with everything)
???
You still have this in your logs ???
This is a LOT of fairly complex config for a 2 week newbie, you must be an Engineer or work in IT ???
If you are using the addins then config should be fairly straight forward
See attached my duckdns and Nginx Proxy configs
Do not have any http or https in your configuration.yaml
Only forward port 443 on your router to your hassio IP
Not sure why you have inverted commas and curly brackets in your configs
1 Like
@traverst, cheers 
Just what I said, but that means two of us
Note: the quotes bit seems to be a recent thing, my old config ‘needed them’ but looking at it now ‘not a quote in sight’ (and the curley brackets have also disappered)
And my configs look just like yours
ill try # out everything the configuration yaml as see what happens.
ive updated both DuckDNS and nginx to your latest versions in the post above. I think the missing ‘-’ was accidently removed when I sanitaised it.
the config applied for the above nginx log is for the updated config file without quotes and with “cloudflare: false” added, not sure why cloudflare its still appearing in logs, I havent directly set anything up with cloudflare to my knowledge, think it might be part of nginx?
you got me - Engineer. I was actually trying to set up on a pi1B for 2 weeks or so before (christmas present I never used from about 7 yrs ago!) which drove me a bit crazy waiting approx 1h for hassio startup and up to 2 min delay between zigbee remotes and actuation of lights! glad I dont still have that to fight against!
just tried again after restart, clean configuration.yaml and turned off unnecessary add-ons but still not working 
oh…
now I feel dumb! Checked your post though and it dosnt note further requirements for nginx setup (perhaps this is new?)
“5. Click the “OPEN WEB UI” button and login using: [email protected] / `changeme”
now set up but proxy status on the nginx proxy page shows as offline and SSL setting dosnt want to stick. I have set up as per the documentation but in the SSL tab, the expiry for certificates generated have the same time that they are generated so think they are already invalid!
feeling close now…