ERR_SSL_PROTOCOL_ERROR "Fixed" - Am I secure?

mattat · December 22, 2023, 8:12am

Hi, sorry to bother people about this, I feel it is a dumb question.

I set up my Home Assistant many years ago and recently pulled the hood back to update everything and improve it. I found that my duckdns wouldn’t connect and realise I’d replaced my router and had to re-forward ports because I was getting the above error. Whilst I was at it I installed the NGINX Home Assistant SSL proxy Add-on so that I could have https on remote access whithout having to use in on my local network. Up until now I was simply accessing ot on https locally and getting a ‘not secure’ error.

All go so far and everything seems to be working. However, I used to access my assistant at xxx.duckdns.org:8123. Now that does not work but I can access it without the port number.

Settings wise, I forwarded 443 and 8123 to my Pi’s 443 and 8123.

If I enter http://xxx.duckdns.org I get redirected to https://xxx.duckdns.org and the browser says it is secure. If I try to access the URL with :8123 I get the “ERR_SSL_PROTOCOL_ERROR” error. Sounds good, I think.

My question is, with those ports forwarded (and no others) and how I now have to access the URL (without the 8123 port), am I missing something that may be a vulnerability or does it sounds like I stumbled my way to success???

Thanks.

tom_l · December 22, 2023, 8:55am

If you use 443 as the external port then specifying it in the URL is optional. Port 443 is the default port for https. Just like port 80 is the default port for http.

8123 is the internal port your router forwards to. You do not use that in the external URL with the way you have set up your forwarding.

mattat · December 22, 2023, 9:14am

Thanks Tom_I. I’d referred to some of your solutions to get me this far, thanks for responding and your earlier contributions.

Since I reoute 443 to my Pis 443 I guess that it is duckdns that is redirecting the http:// version (port 80) to the https:// version (port 443), which then makes it to my Pi via my router port forwarding. Whilst I am also forwarding port 8123 to my Pi I can’t actually see where it factors into the data exchange. When I access via duckdns (via https), does the package get to the Pi and Home Assistant knows to forward it to port 8123, or is 8123 not being used at all?

I take it that, since everything is going via https, whatever is happening on port 443 or 8123 shouldn’t matter to me, as it is secure and working as designed?

Thanks