H.A. hangs if I configure base_url on SSL

Installation Home Assistant OS
1

After reading every post I could find regarding my problem for more than a week, I can’t seem to find a solution, so I decided to open this one and cross my fingers that someone could tell me what am I doing wrong.

My settup: Home Assistant 0.106.6 running on Pi3 with SanDisk Extreme PRO 128Gb (on FAT32)
My goal: Integrate Smartthings to H.A.
What I have done so far that works fine:

  1. Port-forwarded my router to my Pi3’s IP on port 8123.
  2. Installed duckdns add-on, with no issues.
  3. Access Home Assistant from within my LAN and from outside it, using either:
    *my routers public IP on port 8123 (201.x.x.x:8123)
    *using mydomain.duckdns.org:8123
  4. I added to my configuration.yaml file the base_url like this:
http:
 base_url: https://mydomain.duckdns.org:8123

Up to this point, I’m having no problems. Its only until I add the SSL files to the config file when the system freezes up (losing connection) and the only way to bring it up again is via Samba, commenting the SSL part out.

http:
  base_url: https://mydomain.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

I double checked, fullchain.pem and pirvkey.pem are in their ssl folder as expected.

Checked my home-assistant.log and this is what it says every time I power up the Pi3 (If I only do a restart, nothing shows on log)

2020-03-15 11:02:41 WARNING (Recorder) [homeassistant.components.recorder] Ended unfinished session (id=96 from 2020-03-15 16:37:14.730778)
2020-03-15 11:02:53 WARNING (MainThread) [homeassistant.setup] Setup of recorder is taking over 10 seconds.

And here`s my system log.

Since I can’t configure this whole thing up. I can’t integrate Smartthings which was the main reason why I turned to H.A. Its so frustrating… I hope someone could help.

2

I have :

http:
  base_url: https://xxx.xxx.xxx
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

So no :8123 behind the URL

1 Like
3

Did it without the port and same result: hangs :frowning_face:

4

There is another topic here:

5

It’s another topic with no answers :frowning:
I hope someone could come up with a solution, its driving me crazy

6

Any ideas? :frowning: :pleading_face:

7

If you’re using https I don’t think it will work with port 8123 (but only with 443, in which case it is implied).

I suggest installing NPM - Nginx Proxy Manager (not Nginx Home Assistant Proxy as that one would be ussed only by Home Assistant) and you can access as many services as you want through https (you would need to forward both ports 443 and 80 to the device running NPM; if you are security paranoid then forwarding port 80 might be an issue). You can still connect to Home Assistant with the local IP in LAN.

Also, you can have secure access for other services/servers (that is https and no port) and even add authentication (through Nginx Access List) to the ones that don’t provide one.

8

Once you add these lines:

ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

you can only reach it by using https:// in your browser, with either the local ip or the duckdns address. Are you doing that? The base_url is not important for this.

9

Thank you both for your replies.
I have tried port-forwarding to 443 with same result.
I’ve tried accessing it via https inside and outside my lan and nothing happens, it hangs, as long as the ssl files are active.

If the only way to do this is installing that proxy you mention, I rather stop struggling with this and forget about H.A. uninstall it, sell my Pi3 and keep with only Smartthings I’m about to quit the whole thing :frowning:

10

I think this is only a minor inconvenient and should not prevent you from trying to connect the two. Although there are a lot of issues with HA to be ironed out until a commercial viable product stage is reached, the people in the community are quite helpful. I don’t have ST myself (even if I had started with it, I would have gone, afterwards, with a non-proprietary solution for Zigbee/Z-wave) but there are, for sure, people who had the same problem.

Probably is better to start with a clean state (remove the certificate from HA config and leave NPM in charge). Just be sure to follow the tutorial to the dot.

11

Ok I’ll wait and see if someone comes out with a solution, before I give up on HA

12

I tried to check the ssl certificate with digicert but when I enter mydomain.duckdns.org on the check field, it says: Unable to connect. Does this means anything?

13

With NPM addon? Can you access your domain from lan side?

14

@Petrica thank you very much, I did it!! :smiley: :smiley: :smiley:
@francisp thank you too, what you said helped a lot.

Let me show you what I did, in case someone is struggling with this too:

So I installed the NPM add-on, but first I had to install mariaDb’s add-on which apparently was a requirement . Followed the instructions leaving everything as default as I could.
Up to this point I had connectivity with H.A. but when I tried to integrate Smartthings, it said it couldn’t validate. So I remembered what francisp said, erase the port number at the base_url address. And like magic, everything worked as expected!! :smiley: :smiley: :smiley:

Now my only concern is: --> Is there any vulnerabilities by using this NPM? is there something I should do extra to enhance security? or the default installation is secure enough to leave it as it is?

15

None that most of the people using it know, or want to know :slight_smile:

You might want to try testing that only https connection is served. Enabling two factor authentication for HA access should increase security. Also, there are common sense guidelines applicable to all cases of internet facing services such as password strength, recycling, not using shared computers, etc.

1 Like
16

Ok I understand.
Thanks again. Be safe :slight_smile:

17

So I configured Multi Factor Authentication and stumbled with another challange.
I opened another thread for this:
Losing connections after setting up Multi Factor Authentication