Okay, a little bit of actual information,
This sounds like a hairpin Nat issue.
Check up on your modem (the router bit is not applicable, you have a modem/router not a ‘router’)
Only nat related stuff I can find in my router is to change it between cone and symmetric.
Using a Huawei b535
Okay, given this : -
Some secret stuff
Some more secret stuff
And even more secret stuff
Do you sense a trend here ?
Unless you describe what you need (for which I sense you should be starting a new thread) and also detail what your hardware is (ISP supplied/own make/model), what your ISP is and your general area (as that affects implemention).
can someone pin this on the duckdns addon documentation? 
Sweet mama, finely it works thanks a million mr Mutt
deleted original text to try something different
Indeed DuckDNS - It’s not you…
After days days weeks weeks trying… NGINX by Frenck… solved (although, can’t get to the UI anymore 
haha
Ok …
Er … ! Isn’t that the point ???
You are going to have to expand upon that.
Can you not access the UI at all ?
If you can, via what means ? remote or local ?
I’ve got it somewhat working now. I can acces my local ip without https, so thats great!
But now I get an 401 error with add-ons (visual code studio and deconz) Any one know’s a solution?
Trying to setup duckdns for the first time and I’m going nuts trying to get this working! Any help would be greatly appreciated. I’m looking to do a simple test and access my HA outside of my local network using the duckdns domain. I can access HA with https only from local network currently. Steps taken so far:
- Duckdns account created with the subdomain setup.
- Duckdns plugin installed, configured with Duckdns credentials as shown below
lets_encrypt:
accept_terms: true
certfile: fullchain.pem
keyfile: privkey.pem
token: xxxxx (token id)
domains:
- xxxx.duckdns.org (xxxx -> subdomain name)
aliases: []
seconds: 300
-
Router set to forward port 443, 80, and 81 to HA. I use comcast xFi and am unable to put different external vs internal port forwards. (I also tried forwarding every port from 1-9999 in a range but that didn’t fix the issue).
-
Configuration file updated as follows:
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
ip_ban_enabled: true
login_attempts_threshold: 5
- NGINX configured using the Duckdns subdomain filled in.
domain: xxxxxx
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
customize:
active: false
default: nginx_proxy_default*.conf
servers: nginx_proxy/*.conf
- Under general in configuration, I filled in the external and internal url as follows:
External URL: xxxxxx:8123
Internal URL: local ip address
I have also tried changing the ports on the external and internal URL definitions to 443, 8123, blank and every combination between them. No luck so far!
So to be clear, you did not do the actions as stated in the solution in post 24 (updated to current config and version information) ?
Did you try it ?
If so, what went wrong ? (and where did it depart from the description given ?)
Hi Muttley - Yes everything has been completed in those steps. The only thing not clear to me is what should be put in the Configuration -> General -> External & Internal URL. I tried leaving these blank and also filling in values that I thought were accurate.
Both logs from Duckdns and NGINX show successful startups without any errors.
The only thing to note is that if I go to http://mydomain.duckdns.org (http and not https), it brings up my comcast routers login page. Going to https://mydomain.duckdns.org brings up nothing. I have tried forwarding ports 80 and 81 just to see what would happen, but still no luck.
Alright, finally got it working. I’ve successfully accessed HA through my duckdns address and everything seems to be fine. What’s really strange is I didn’t change anything. All of my port forward settings were untouched and nothing was power cycled. On Sunday I had finally given up after trying to get this working for a few hours. I had the browser window open with my duckdns address that wasn’t loading. Monday morning I refreshed the same page and still nothing loaded. Monday evening I refreshed the same page and to my surprise it worked!
I have been testing the configuration over the last 2 days and it still works. I have no idea why my original settings weren’t loading. The only explanation I can come up with is comcast wasn’t forwarding the port, despite the rule being in place in the online xfi router configuration. It seems like it took 24 hours for it to hold. I’ve since tested this configuration, both removing and adding back the port forward, and it seems to be fairly responsive. Quite aggravating, but glad I’ve finally got it working.
Been looking for this for a long time… I think this should be included in the Community Guides. Pure addon configurations and very noob friendly 
Blockquote
- Router set to forward port 443, 80, and 81 to HA. I use comcast xFi and am unable to put different external vs internal port forwards. (I also tried forwarding every port from 1-9999 in a range but that didn’t fix the issue).
- Configuration file updated as follows:
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
ip_ban_enabled: true
login_attempts_threshold: 5
For me I only needed to portforward 443 → 433 to HA. I think you dont need to include the ssl keys in the config.yaml when nginx if handling all the HTTPS traffic.
On my setup the port 80 is used for HTTP challenge when renewing the certificates once a year.
I was having the same problem and managed to fix it.
My setup:
- HA runs in docker on Synology NAS (port 8123)
- NAS has a Let’s Encrypt certifcate and port 443 is open
- Router port 443 is forwarded to Synology NAS 443
- Reverse Proxy NAS: https://xxx.synology.me (443) -> http://192.168.0.200 (8123)
My problem was that externally I would get to the login screen, but after logging in it would give me an error saying “Unable to connect to Home Assistant. RETRY”.
This happens because the reverse proxy of Synology by default doesn’t have websockets enabled. To enable in Synology DSM:
- Open Control Panel > Application Portal
- Change to the Reverse Proxy tab
- Select the proxy rule for which you want to enable Websockets and click Edit
- Change to the Custom Headers tab
- Create > WebSocket
Now you should be able to access HA externally.
1 Like
Hi Mutt, I’m currently using DuckDNS for remote access with port forward 8123 internal to 8123 external and I access my HA remotely by using https://myduckdns.domain.org:8123. I need to use NGINX for HA local access.
Here are my questions
- Which NGINX addon are you using? NGINX home assistant SSL proxy or NGINX proxy manager?
- Just to confirm, I need to remove every single line for the following in my configuration.yaml, right? Here is my current setup.
http:
base_url: https://myduckdns.domain.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
- In router, what other ports should I port forward? Should they be TCP or UDP? Currently I have 8123 to 8123 port forwarded.
Thanks in advance.
KCYeoh,
8123 as an external port is NOT recommended
SSL works by default on 443
- NGINX proxy manager is not in the Core Addons it’s in the Community Addons - Which bit of this was not clear ?
- Yes, I believe so
- Again if you forward an SSL certificated address it will default to 443 if you don’t do this and match the address to the certificate, you will either get warnings, errors, have to specify an extended address e.g. https://myfortressofsolitude.duckdns.org:8123. AND this will NOT be encrypted. You only need TCP
I don’t think you read the instructions very well
Thanks @Mutt. I must have been reading too fast and missing some points. I will try to setup as per your guide and repost here for the results. Also, regarding the port forwarding, I will just drop the 8123 ports and do it with 443 as per your advise.
Hi, just want to post an updates. I followed @Mutt’s guide and everything is working fine. In the configuration yaml, I removed every single line in the http section including the SSL certificate paths.
For the port forwarding, I only did for 443 to 443 and didn’t forward 80. Also, I did drop my existing 8123 port forwarding.
I now can access my HA through local ip, homeasisstant local host name and DuckDNS. However, I noticed in my phone/tablet, I can’t access my HA using homeassistant local host name. But, no big deal.
Thanks @Mutt.