DuckDNS - It's not just me - it's you!

It is amazing what kind of psychological things are going on in ones mind while reading this entire post. At a certain moment you come across a post from @mutt which clearly states that is THE working solution and it has been edited a number of times to be accurate to date. But still…talking for myself…i want to read on to see if i can find an even better solution…knowing there isn’t. That is probably the reason why so many of us keep on playing with their config settings eventhough we know we shouldn’t :slight_smile: …And yes i am also one of those who have been ‘playing’ with this for a long time!. The funniest part is that i once had it working (prior to my sd card crash without proper backups). I could just acces my HA fine internally and externally but i managed to break my config and never got it working proplerly again. After reading tons of incomplete posts or inconsistent advices i have now made up my mind as for what i am gonna do:

1- I will remove ALL portforwards from my Router(Experiabox 12 (KPN the Netherlands))
2- I will start a clean install of Homeassistant on my RPI3b+
3- I will maken sure i have all core and os updates installed

and then…

4- …i will switch off the thinking part of my brain, and just follow the guidelines of highly respected mr Mutt STEP BY STEP…without the “hmmm maybe i should also try to add this setting…”…

and yes, i will get back here to let you know how that worked out for me :wink:

Absolutely

Follow the guidance, (though some people have (mandatory ?) supplied modems from their ISP (that don’t allow hairpin NAT for example) or have weird installations (synology NAS for example) and I don’t have experience of that (just all supported supervised installations) so you’d be on your own with that).

If it doesn’t work, then lable me a liar (or that I’ve missed something or something is changed (and I’ll correct the solution, but it’s current working on both a pi4 and a NUC)

Then take a full snapshot of the working solution (if you are as paranoid as ‘burning’ you’ll store the snapshot in 27 different locations :rofl: )
Then : -
You can mess around with ‘other bits’ as much as you like, if you then ‘break it’ you know what you have done and can step back or just reinstall the snapshot

For a short while a had a "Eureka!: moment…

Followed the Mutt guide step by step.
and Yes, i could log in on my laptop through duckdns and locally…whoopwhoop

Then i grabbed my phone, opened HomeAssistant app, set up my duckdns url and YES that also worked…while i was on my wifi…because my final and most important test was to disable wifi on my mobile and acces HA via my Mobile ISP…because that is what i want to be able to do when i am not at home…Too bad, no such luck. Cannot connect Try again…

any suggestions??

So, to be clear …
you can access your instance from home using a browser (which browser ?) and both local (name or ip ?) and https://myfortressofsolitude.duckdns.org work as browser addresses ?
And your duckdns address works from your phone, connected via your wifi out to duckdns (well the dns bit) back to your instance. (i.e. this is just the same as the last test you did, so no real surprises).
But using the app, not via wifi (but via mobile data on the app) does not work ?
Try using the browser (and what browser is that ? have you tried chrome ?) on your phone instead of the app … any change ? (some phone mobile data providers block certain ports, very rare these days but … )

Edit: I would say, go to a cafe or something - but in these covid times …
Can you get someone you trust (family member maybe ? ) to go to your version of : - https://myfortressofsolitude.duckdns.org (on a pc) and see if they get a login option (don’t let them login - well just don’t give them any login details)

OK just to be sure, I started all over again and documented all Steps followed:

Wipe SD and install latest HassOS image for RPI3B+ (hassos_rpi3-4.16.img)
Remove all port forwards in Router (KPN Experiabox V12 The Netherlands (Sagemcom F5359)
Boot RPi and wait until HA is installed:

  • Installation finished: login via local IP 192.168.2.49:8123 on all browsers for both laptop and mobile phone through local WI-FI network successful.
  • Local account created in onboarding process successful
  • Multifactor authentication activated successful
  • OS updated to version 5.8 successful
  • Add-ons installed:
    o File-editor 5.2.0 successful
    o Samba Share 9.3.0 successful
    o Mosquito Broker 5.1 successful
    o Reboot HomeAssistant successful

From this point following the steps as stated by Muttley

  • Install DuckDNS 1.12.4 successful (not started yet)
  • Install NGINX 3.0.1 successful (not started yet)

What surprised me was to see the following description: “Home Assistant Add-on: NGINX Home Assistant SSL proxy; Sets up an SSL proxy with NGINX and redirects traffic from port 80 to 443.” While the Muttley steps strictly stick to forwarding 443 to 443. For now I will just follow Muttley steps

  • Portforward 443 from Public IP to HA local IP:443 internally in router succesfull ( My Router mentions External Host and Internal Host. I assume External Host=WAN IP and Internal Host = Local IP 192.168.2.49)
  • DuckDNS subdomain and token created successful
  • DuckDNS Add On config changed to :
    lets_encrypt:
    accept_terms: true
    certfile: fullchain.pem
    keyfile: privkey.pem
    token: 123456Ihaventgotaclue123456
    domains:
  • myname.duckdns.org
    seconds: 300

In my initial DuckDNS config there is also the line: aliases: [] (I left that one as it is)

  • DuckDNS started successful
    o + Requesting certificate…
    o + Checking certificate…
    o + Done!
    o + Creating fullchain.pem…
    o + Done!

  • NGINX Add On config changed to:
    domain: myname.duckdns.org
    certfile: fullchain.pem
    keyfile: privkey.pem
    hsts: max-age=31536000; includeSubDomains
    cloudflare: false
    customize:
    active: false
    default: nginx_proxy_default*.conf
    servers: nginx_proxy/*.conf

  • Saved config and started NGINX (kept refreshing the log until it generated the parms/keys and waited for it to say “starting nginx …”

It never showed the message “starting Nginx”. It did say:
o services.d] starting services
o [services.d] done.
o [22:15:26] INFO: Generating dhparams (this will take some time)…
o Generating DSA parameters, 4096 bit long prime
o …+…+…etc etc
- I Just assume this is the same/correct

  • Doublechecked my configuration.yaml to comment out ANYTHING under http: including the “http:” itself. There was no http: mentioned in my (virgin) configuration.yaml

  • Rebooted my router (to be sure, to be sure)

  • Rebooted my HASS instance (to be sure, to be sure, to be sure)

  • Now Trying to log into my HA instance:

  • PC (WI-FI):
    http://192.168.2.49:8123
    Chrome: Successful
    Edge: Successful
    Firefox: Successful

  • https://192.168.2.49:8123
    Chrome: Unsuccessful
    Edge: Unsuccessful
    Firefox: Unsuccessful

  • https://myname.duckdns.org
    Chrome: Successful
    Edge: Successful
    Firefox: Successful

  • Mobile Phone:
    WI-FI:
    http://192.168.2.49:8123
    Chrome: Successful
    Home Assistant App: Successful

https://192.168.2.49(:8123)
Chrome: Unsuccessful
Home Assistant App: Unsuccessful

https://myname.duckdns.org
Chrome: Successful
Home Assistant App: Successful

Mobile Data (WI-FI disabled):
https://myname.duckdns.org
Chrome: Unsuccessful
Home Assistant App: Unsuccessful (It does show frontend and hangs at initializing)

Conclusions:

  1. On PC (WI-FI): internal address http://192.168.2.49:8123 and external address https://myname.duckdns.org work properly
  2. On Mobile Phone (Wi-Fi enabled) http://192.168.2.49:8123 and https://myname.duckdns.org work properly in browser and Home Assistant App
  3. On Mobile Phone (Mobile Data; Wi-Fi disabled) https://myname.duckdns.org Unsuccessful in Chromebrowser and HomeAssistant App. When adding :8123 It loads the frontend but hangs at initializing

@Mutt thank you very much for your hard work. It is good to see your method did work out great for many people. I had good hopes too but I am out of options now. At least with current port forwarding settings. Any suggestions are welcome.

I am still intrigued by the message I found in the description of DuckDNS in regards to redirecting traffic from port 80 to 443. And when I started the HomeAssistant App it showed an example address: https://example.duckdns.org:8123 while in our situation 8123 is not at all being forwarded………….

Suggestions to improve my configuration are welcome……

EDIT: just saw your suggestion to visit a cafe. I would really very much like to go there but they are all closed down at the moment unformtunately. I will check from my neigbours network tomorrow. Keep you posted

When I was researching this, a lot of people told me that port 80 was necessary for certificate renewal, so I enabled it, but others told me it wasn’t. I disabled the port forward and the cert renewed anyway (why leave a port open if you don’t need to.?)

Hmmm, you didn’t read the full thread, I also was tormented over external host. This is a security feature to allow only a specific external host to be forwarded to your instance on this port. In reality everyone deals with both nat and dynamic ip addresses so this is moot, it will never work if you specify an external address.

I would expect this to be unsuccessful, 8123 is not an encrypted port (a la nginx) and you specified encrypted with your https.

Ditto last comment

This is the only one that matters, and yours fails
Confirm you have not specified any port numbers either at duckdns or in the the local duckdns setup ?
You may need to talk to someone at your data carrier end to see if they know anything about your allowed ports etc (explain what you are trying to do) this will take ages as the first 30 people you speak to won’t have a clue what you are talking about.

There’s something else but I’ll pm you on that

Edit:

Well that’s just plain wrong unless they forward 8123 to a port on the instance and ALWAYS connect with encryption (ie how do they ever connect locally if their Internet goes down ?)

I would agree

I think i did read all 166 posts but i might have missed something important. Then what should i do? My router shows me the following options to create a portforwarding rule:

Where i have the following options for protocol and service:
protocol
service

Haha so you been speaking to them too? :wink:
I can confirm i have no portnumbers at duckdns nor local duckdns setup
I have tried on 3 different mobile phones with different carriers. samen result so i rule out the carriers and need to find the glitch in my (port forwarding?) configuration

Well…You tell Frenck? …This is what is hardcoded in the App:

EDIT: I would like to point out that I did advise Evert (twice) that specifying an external address fot the port forwarding would never work eg : -

Hmmm, wanna bet he uses Nabu casa.???

How did you get on with using your neighbours WiFi to access ?

You are at the limits of my knowledge / experience on this subject now, all I can say is my port forwarding is TCP only and leaves the external address blank. From here on in I think you are breaking new ground. Here is a map of the area you will be travelling through, its blank so just fill it in as you go along :rofl:
Seriously, if you find out anything more on this report back and I’ll update the thread.

Side Note: Your English is damned good ! :smiley:

Well thanks Muttley.
Neighbourswi-Fi was a nogo too. I do get to see the frontend but that’s it. So i am knocking at my own door for sure but noone is opening it.

I will adjust my portforwarding by leaving the external IP blank. Just to give it another try.

If that doesn’t work either i will just continue my quest, and i will keep you posted on my progress.

This is something so many people are struggling with. I just cant understand why there is no clear guideline from the DuckDNS or HA devs…Yes i know it is impossible to cover all routers but at least it should be clear which port(s) need to be forwarded to which port(s).

Anyway i won’t give up. It;s way too much of a learningcurve for me although it does consume a hell of a lot of time…

There’s always Nabu Casa …
:wink:

Adding one more “thank you” for @Mutt

One important note:
I have 2 routers at home: first (router1) is from provider and it does nothing more than passing internet to my another router (router2). To that router2 all my devices are connected including hassio.
So to make DuchDNS work I needed to add port forwarding rule on the router1. It is for 443 to router2 IP.
As a result the connection chain is the following: request comes to the router1 -> router1 forwards it to the router2 -> router2 passing it to hassio.

Hopefully it will save some time for people with multiple routers.

OK to help others out as well: I have fixed it for my configuration…its working!!!

And yes, be sure to read this entire topic! :wink:

After following the Mutt step by step guide i still couldn’t get it to work. Then i found out i had a setting wrong in m routers’ portforwaring. Instead of just filling in ext port 443 and forward it to my local IP port 443 i entered my external IP as well and that is where it all went wrong. Removed the External IP and since then it working like a champ!!!

To illustrate:

Thanks Muttley!

Added a little guide how it worked for me.

3 Likes

I go backwards and forwards on this external access malarkey…
I know just enough to make it dangerous to open a port but not enough to be sure I am doing it safely.
I am currently toying with Nabu Casa but that seems to have it’s own small can of worms (for me).

Has anyone (ahem, Mutt) ‘peer reviewed’ the above blog post*? It seems to have boiled this very long and now quite complicated and hard to follow thread down to a few simple steps.

*(No disrespect meant @santik, this is more an indication of my concern with opening my system to ‘The World’.)

Sorry klogg, I’ve other things on my plate right now.
I understand your point and it is valid
But I need to work up the interest and have the time to review and possibly test

1 Like

3ecc39c8-db6a-44a4-be7b-f20e48a38d70

For everyone still searching for the solution to this problem. I wrote a detailled guide to the solution:

3ecc39c8-db6a-44a4-be7b-f20e48a38d70

Great guide @santik. Thanks.

1 Like

Hi All,

I have a very interesting issue with Duck DNS using the add store (running supervisor via virtual box on Mac). No matter what I do the config will not save, it just reverts to default (see screenshot). I am totally lost as to why this happens (nothing appears in the logs or in the browser console). I have tried on multiple Macs with different browsers and it keeps doing the same thing. I have installed and uninstalled and rebooted. I can’t see this add-on as a docker container in porntainer (I installed this as per the guide in supervisor and unhide all the container). Other add-ons let me edit the config fine.

Wondering if via terminal I could edit the file manually and then check out the file permissions (as I think that might be the issue here)? I have no idea where this file lives currently.

Would some help, spent many hours with no luck :frowning:


It won’t save if there is an error. Did you enter the token and domain name?

Hi David,

Thanks for replying, That is a good suggestion but does not change the issue for me. I took the layout from the help guide: https://medium.com/@fedorets.alex/hass-io-duck-dns-the-simplest-way-79ba69e5b2e5

lets_encrypt:
  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: 12345-67890-abcde-fghij
domains:
  - yourdomain.duckdns.org
seconds: 300

And copied it straight in, same issue :frowning:

lets_encrypt:
  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: 4a20bbc3-####-####-####-bb3dac709fb9
domains:
  - m###.duckns.com
seconds: 300

Replaced some chars with # to keep it private.