Failed to setup remote access

Hi! I have setup my Duck DNS plugin like this:

  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: <my token>
  - <my subdomain>
aliases: []
seconds: 300

And my configuration.yaml:

    ssl_certificate: /ssl/fullchain.pem
    ssl_key: /ssl/privkey.pem
    ip_ban_enabled: true
    login_attempts_threshold: 5
  internal_url: https://<local address of Pi>:8123
  external_url: https://<my subdomain>

My setup in router is this (the internal IP is reserved for Pi):

So, my address in Duck DNS starts with 188 and it is the same with IP on, so it is not “Gray” and it is correct, but I still can’t gain access by going to:
https://<my subdomain>
on my phone via cellular connection.

Your HA instance listens on port 8123:

  internal_url: https://<local address of Pi>:**8123**
  external_url: https://<my subdomain>**8123**

Obviously you have to port forward to port 8123 but not to port 80 and/or 443.

Should I setup in my router new forward for:

  • external: 443
  • internal: 8123?
    I have this setup previously, but it didn’t work. I will do it again, if this one is correct. And should I just add this one or remove previous forward rules?

Most important is the forwarding to the internal port. For external you can either also set 8123 or from “whichever”**port.

**whichever means: all ports, not explicitly port 443!

This setup doesn’t give me access to

This one also doesn’t work.

No disrespect, but are you sure you have the knowledge to open (potential security relevant) ports / settings in your router? :slight_smile: Just saying…

You need to set the incoming ports (called external port) 443 and 8123 as a port forward to the same ports on your HA server.

External port 443 → → Internal port 443
External port 8213 → → Internal port 8123

Port 443 is for letsencrypt and 8123 is for HA. So to call HA you should use

Isn’t it the same with my pre-previous message? And I also tried to enter address with port number.

My configuration is a bit simpler but I struggled with it for hours before deleting the ‘/’ characters in front of ssl/… filenames for certificate & key.

   # Example configuration.yaml entry for the HTTP component
    ssl_certificate: ssl/fullchain.pem
    ssl_key: ssl/privkey.pem
    ip_ban_enabled: true
    login_attempts_threshold: 5

I just forward 443 → 8123 and 8123 → 8123 without a port number works both internally and externally.

1 Like

I have struggled with this too and read a lot of different confusing advice.

With DuckDNS & LE I’m using:

  external_url: ""
  internal_url: "http://ip-of-HA:8123"  

In my modem/router I have only forwarded 443 external to internal.

@vchkhr: this is a helpful guide Remote access for Home Assistant