Yeah you will. That’s bloody annoying lol. I’m on ABB and have a sticky IPv4 address but I block IPv4 on my HA anyway and I only update the IPv6 address at duckdns (but it’s static) Even with T$ I believe you will have a fixed IPv6 address so perhaps you could be using that. It does not look like you are gaining anything by using your own domain anyway.
I actually have a few domains and was thinking about using one for this with cloudflare but I haven’t looked into that in detail yet and meh… don’t really see the point TBH.
Part of the reason for using my own domain is that my work (QLD public service) seems to block domains that are specially DDNS sites (like DuckDNS). Hence trying to see if I could (a) get it working properly on my own domain and (b) check if work still blocked. Haven’t had a chance to test at work with SSL not working as I only just got the domain set up.
I haven’t really played with IPv6 yet—my ISP before moving back to Brisbane didn’t support it. Might have to look into that.
If you’re with Telstra you def have a static /56 prefix and HA works great with IPv6. So you could use that+LetsEncrypt+Your own domain with cname pointing to HA.
Thanks! Any pointers to guides around using IPv6 (especially with Telstra equipment—though I’m only using the Telstra rounter for 4G failover on my Asus-Merlin router)?
I am using some older Dell and Cisco managed switches though - so that may be an issues.
You’ll need to set the AAAA record with your IPv6 address and yes… your router needs to support IPv6 (might need firmware upgrade) but having one that it should just work. I do use Caddy Reverse Proxy which means I only need open one port 443 and 80 for LE certificates.
Doesn’t work. I’ve tried every permutation I’ve found. I get no errors when getting the certs at all, I can see them and they are valid. I added the ssl lines and base_url lines with https://|breakingurl|stuff.duckdns.org:8123. Port forwarded 443 to 8123
I do not have ssl locally or externally. I keep getting err_ssl_protocol_err
I’m using HASS.IO with official DuckDNS Add-On and i have successfully running a Let’s Encrypt-SSL Certificate without SSL Errors on port 8123. The Add-On added base_url: https://xxx.duckdns.org:8123 and my iOS-Apps use this URL. I set my router to forward external port 8123 in internal HASS.IO port 8123. Everything runs fine!
However, to receive webhooks i need to switch to port 443. I wonder what is the best way, only changing port forwarding in my router from ext8123->int8123 to ext443->int8123? Or is it better to change the port of HASS.IO form 8123 to 443. Then i think i have to change the configuration.yaml to:
After configuring the http: session, nothing else seems to work and the reason is obvious, even though I didn’t understand before being told: when you configure SSL, http:// doesn’t work anymore. So just go ahead and start using https:.
For some reason, in my router I had to forward 443 to 8123 as well as 8123 to 8123.
After doing that, I did manage to make it work from outside my network via https. Even from the iOS app.
You no longer need the http: section in configuration.yaml
In fact if you do it prevents you from accessing your HA instance locally.
Full instructions here : -
Read post 25 too.
I ONLY have port 443 open and it forwards to port 443
I get my certificates updated without any intervention
Good information to have
When (and if) I come to want casting then I will know it’s possible.
But you run HA on a NUC with bespoke installation don’t you
Is that (caddy) available for the average newbie on a raspberry pi ?
Caddy is available on a RPi.
Yes my Nuc runs debian and hass.io (generic linux install)
Caddy is a hass.io addon. Unlike nginx etc, caddy is very easy to setup and use and unlike others I understand it.
Sorry David, I can’t find it.
I went through official add-ons, comunity add-ons, then I followed your link and the two sub-links from that.
If it’s there, I’m not sure how a newbie would be expected to find it.
I did a search based on your suggestion a few posts up; and came accross : -
and
But as I say, how would a newbie even be expected to look ?
You know a hell of a lot more about networks than most here, can something be done to promote this (or nginx - which is quite easy to find) as a first course external access component ?
I haven’t had chance to read either yet (I will) but JuanTech’s video seems to be the default and we keep having to deal with people who have issues because of it.
Cheers
David, I much appreciate your answer, but I’m considering the greater good.
What will help newbies get a working external access ?
What will (in the same blow) deliver them a robust access environment that allows local access on local:8123 and remote access on https://myfortressofsolitude.duckdns.org ?
Have this solution live harmoniously with other HA features, such as cast
Will leverage your knowledge of networking to make it accessible to John Q Public (and explanation of each step, setting and why)
Will allow a simple redirection to said post for all newbies (and dumb schmucks like me, who never heard of caddy) So that we all (on the forum) spend less time answering the same question again and again.
I think you could do this and though it may take a while to collate, cover all the angles and answer most peoples questions. I do think it would be worthwhile - A bit like finity’s EPIC time manipulation thread.
Thanks for your time to date.
This is a long thread and I spent a couple hours following it and trying various suggestions, but I’m stuck. Can anyone provide a few more troubleshooting tips (sorry if I may have missed the key post above - I’m not very adept at networking).
Here’s what I’ve tried:
followed all instructions for setting up duckdns
I set up port forwarding from 8123 to 8123 on my home router
Result:
I can access through my internal network as long as precede the network name by ‘https://’