Failed to setup remote access

Configuration
1

Hi! I have setup my Duck DNS plugin like this:

lets_encrypt:
  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: <my token>
domains:
  - <my subdomain>.duckdns.org
aliases: []
seconds: 300

And my configuration.yaml:

http:
    ssl_certificate: /ssl/fullchain.pem
    ssl_key: /ssl/privkey.pem
    ip_ban_enabled: true
    login_attempts_threshold: 5
    
homeassistant:
  internal_url: https://<local address of Pi>:8123
  external_url: https://<my subdomain>.duckdns.org:8123

My setup in router is this (the internal IP is reserved for Pi):

Screenshot 2021-05-09 at 2.38.53 PM
Screenshot 2021-05-09 at 2.38.53 PM1354×286 39.9 KB

So, my address in Duck DNS starts with 188 and it is the same with IP on thewhatismypublicip.com, so it is not “Gray” and it is correct, but I still can’t gain access by going to:
https://<my subdomain>.duckdns.org:8123
on my phone via cellular connection.

2

Your HA instance listens on port 8123:

homeassistant:
  internal_url: https://<local address of Pi>:**8123**
  external_url: https://<my subdomain>.duckdns.org:**8123**

Obviously you have to port forward to port 8123 but not to port 80 and/or 443.

3

Should I setup in my router new forward for:

  • external: 443
  • internal: 8123?
    I have this setup previously, but it didn’t work. I will do it again, if this one is correct. And should I just add this one or remove previous forward rules?
4

Most important is the forwarding to the internal port. For external you can either also set 8123 or from “whichever”**port.

**whichever means: all ports, not explicitly port 443!

5

Screenshot 2021-05-09 at 3.48.48 PM
Screenshot 2021-05-09 at 3.48.48 PM1360×526 109 KB

This setup doesn’t give me access to https://.duckdns.org

6

Screenshot 2021-05-09 at 4.27.51 PM
Screenshot 2021-05-09 at 4.27.51 PM1376×540 110 KB

This one also doesn’t work.

7

No disrespect, but are you sure you have the knowledge to open (potential security relevant) ports / settings in your router? :slight_smile: Just saying…

You need to set the incoming ports (called external port) 443 and 8123 as a port forward to the same ports on your HA server.

External port 443 → 192.168.0.105 → Internal port 443
External port 8213 → 192.168.0.105 → Internal port 8123

Port 443 is for letsencrypt and 8123 is for HA. So to call HA you should use https://mydomain.duckdns.org:8123

8

Isn’t it the same with my pre-previous message? And I also tried to enter address with port number.

9

My configuration is a bit simpler but I struggled with it for hours before deleting the ‘/’ characters in front of ssl/… filenames for certificate & key.

   # Example configuration.yaml entry for the HTTP component
 http:
    ssl_certificate: ssl/fullchain.pem
    ssl_key: ssl/privkey.pem
    ip_ban_enabled: true
    login_attempts_threshold: 5

I just forward 443 → 8123 and 8123 → 8123

my.duckdns.org without a port number works both internally and externally.

1 Like
10

I have struggled with this too and read a lot of different confusing advice.

With DuckDNS & LE I’m using:

default_config:
  external_url: "https://mysubdomain.duckdns.org"
  internal_url: "http://ip-of-HA:8123"

In my modem/router I have only forwarded 443 external to internal.

@vchkhr: this is a helpful guide Remote access for Home Assistant