I am trying to get the duckdns plugin running. I Think the outside addressing is working, because the browser shows a different behaviour when HA machine is stopped.
When the machine is stopped Chrome shows " xxx.duckdns.org refused to connect", when it is running it shows " xxx.duckdns.org took too long to respond".
Does this behaviour give an advice, what may be configured wrong?
Note: I try to access the outside address from the internal network. Is this possible at all?
I seems this is be caused by a missing NAT loopback of the gateway. I am able to see my URL by use of an external service for example: https://geopeeker.com/
Thank you. The external access to the internal network is working. No, this seems to be the loopback issue. No access from internal to internal by the external URL.
I have to use https://homeassistant.local:8123/. The drawback, that there is no valid certificate for the browsers, wich is annoying each time.
The Dnsmaq addon may be a partly workaround. The DHCP server of the gateway will not send it, though. You need to teach each client to use it as DNS. For this reason I don’t even try it.
I don’t have any issues with fully https setup but i would still prefer http with nginx to enable https.
You would have a kill switch to disable external connection (stop nginx addon) and zero dependency on duckdns when you are at home(it is virtually zero but still ).
One last thing: you can use some integrations which doesn’t support https callback (nuki custom integration). Which is a side benefit of local http. Also, you cannot embed http pages in https enabled home assistant just couple of benefits
If you think, you really need https even for local communication, you can do it manually but not sure how certificate renewal would work. Because let’s encrypt wants to access the domain to validate the ownership before issuing the certificate.
Even in this solution, you need two certificates and activate nginx because, external domain and internal domain cannot share the same certificate, they need separate ones.
It more of a general flaw of the concept of HTTPS. It depends that much upon the to level authorities, that you are forced to go with less security locally. That’s not perfect.
To wrap this up. As suggested by @anon63427907 the combination of NGINX with duckdns and letsencrypt is a great solution, to run HTTPS and HTTP in parallel. You can use HTTP locally and HTTPS to access from outside.
It’s one more step than just configuring the duckdns addon. So it adds some more complexity of setup. That’s a path to go:
First follow the instructions to install duckdns without NGINX. Then follow the instructions of NGINX to add this feature on top.