Hi,
I am trying to establish remote access to my hass.io. I have been following the instruction from JuanMTech,
specifically this video and manual.
I am able to get the DuckDNS plugin running, the log shows no errors. I also have the port forwadings set in my router (Fritz Box).
My problem appears when I change my config from
http:
# Secrets are defined in the file secrets.yaml
api_password: !secret http_password
# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
to this
http:
# Secrets are defined in the file secrets.yaml
api_password: !secret http_password
# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
base_url: XXX.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
After I change my config, I am not able to access the web interface any more, neither via the IP, http://hassio.local:8123 nor the external https://XXX.duckdns.org/. I get the message from my telegram bot that hass.io has started, but cannot access the web interface.
I have not installed the Let’s encrypt plugin in, but since this is not part of the manual, I doubt that this is necessary.
Also I noticed that the port forwarding as described by JuanMTech differs from the video to the manual. I tried both without success.
Try turning off wifi on your phone and accessing the duckdns address on the cellular network. Does that work?
Also try https://<HA ip address>:8123 You should get a security warning about an invalid certificate from your web browser (the certificate is for your duckdns address not the local IP address), add an exception / ignore the warning.
When you are inside the network you need to be able to resolve your duckdns name to your local ip address. The configuration will no longer allow you to access HA via http you must use https. See if your router supports local DNS or dnsmasq. Then you can match your local ip to the duckdns name . Otherwise you will get the SSL error @tom_l describes. If you have setup the port forwarding correctly. It should work Ok outside your network
Thanks for the quick Feedback! I have the Fritz!Box 7490.
I cell network I also can not reach https://XXX.duckdns.org.
I actually can access https://<HA ip address>:8123 !!! as you said, I got a warning, but it worked!
So, now I guess, the only open thing is getting it work from externally. Maybe I did something wrong with the port forwarding. It looks a little bit odd (sorry for the German).
Really hard to translate the German but looking at my own 7490 (and not wanting to change anything on it while I am at home and it is at the office!) I think you need to put 8123 in all those port numbers. Try that. Then, from outside your network, try to connect using https on port 8123
What is your router’s public (WAN) ip address? Does this match the IP address you see when you visit the duckdns setup page? If not your ISP is using CGNAT and that’s a problem.
If the duckdns reported address does match your router’s public address, ask your ISP’s technical support if they block any incoming ports.
So far as I know the fritz doesn’t use 443 for anything internally. It does use 40443 for remote access. You also have some ipv6 ports open.
You should be able to forward port 443 to port 8123. Unless you need them and understand what they are for I would as a first step remove all ipv6 forwards.
I know how to check the IP from duckdns, but I actually do not know how to get my Firtzbox WAN IP.
I can say that it matches the IP shown to me on http://www.whatsmyip.org/ .
ISP would be my internet provider? I will check with them.
How likely is it that my problem originates from the settings of my internet provider?
I would. The default as I said is 40443 so you must have changed that at some point in the past.
Internet>Online Monitor from the Overview page will give you your IPv4 and IPv6 address right at the top.
Are you using the Fritzbox dnyamic dns to update your DuckDNS? (you should be - the Duckdns site provides the exact link and instructions to do this).
You should then be forwarding Port 443 external to 8123 internal although before I started using Caddy I had a devil of a time with this and I had port 8123 external to 8123 internal and that worked fine as well.
You will also need 80-80 so your Letsencrypt certificate would renew.
Sorry for the late answer, I was on a business trip. I am running 7.01.
Yes, that is the IP of my RP. According to this manual, I thought that the forwarding has to be done for the RP.
If I would put in a WAN IP adress I would have to change it manually everytime my router gets a new one, correct?
Apparently my provider only gives out IPv6 IPs. In order to get an IPv4 IP you need to pay extra. So this could also be a reason why it is not working.
As it happens I switched over to using IPv6 last week for home assistant and my duckdns does not even update the IPv4 address anymore (which means I need to use a VPN when I am on a mobile network as our mobile providers here don’t seem to support IPv6)
The easiest way in this case is to use a reverse proxy like Caddy. I also had a big thread last week when I was trying to get this working which you can lookup for reference (search my username for my posts) Does your ISP give you a different IP address every time you connect or is it static? It doesn’t matter - just curious.
To setup Caddy, check out my blog post here. Caddy is super easy to setup and use. Otherwise you will need to make HA listen on IPv6
With IPv6, you need to make some changes… add the HA device to port sharing and you enable ports 80 and 443 - they aren’t forwarded anymore. My blog post was for when I was using IPv4 but the only difference is I removed all port forwards and then just added 80 and 443 for IPv6.
