HA App for Internal and External Use?

JerryInTennessee · January 21, 2023, 6:47pm

I would like to be able to use the Android App both at home and away. I can get one or the other to work but never both.

The closest I get is by setting up the app to work on my local HA address and use it at home when on my Wi-Fi connection. With my Wi-Fi turned OFF or when I am away from home then the app no longer connects to HA. Under these circumstances I can access HA through a browser using a domain name setup through DuckDNS.

Currently, everything is setup unsecure (HTTP), would going to a secure setup (HTTPS) help in any way or would everything work the same.

Thanks,
Jerry

aceindy · January 21, 2023, 7:35pm

It will be the same…not to say, even worse, as you need a way to guarantee you internal dns name is the same as external, as it is used to check if your dns name realy belongs to the SSL certificate.
(Which is solved by a lot of people by using NGINX)

In the HA app you find a setting for internal and external url, as well as defining your local SSID

So when the device is connected the your local SSID wifi, it will know that it should use the internal url; like wise, if not connected to the SSID, it would use the external url.

But there are more ways.
I only use my domain name, which has been assigned to my local network by my router.
So when I am home, it uses https://ha.domain.my, as local dns assigned ha.domain.my to an internal IP on my local network with a hairpin NAT.
When outside, it also uses https://ha.domain.my, as my dns provider assigned it to the external IP of ny router, which forwards it to the correct local IP/port on my local network….
But that way does require some specific router configuration and depends a bit whether or not the router supports it….

Tinkerer · January 21, 2023, 7:35pm

You didn’t mention the problem you’re having, so I’ll guess it’s SSL related since it usually is.

If you’re doing SSL directly in HA then you always have to use the hostname in the certificate to connect. That means when you try to do https://homeassistant.local:8123/ or https://192.168.0.42:8123/ it will fail, since the certificate isn’t for either of those.

If your router supports NAT reflection aka loopback NAT then you can use the hostname while at home.

If it doesn’t you need to use a proxy server for handling SSL so that you can use the hostname when away from home, and the IP when at home (http://192.168.0.42:8123/).

aceindy · January 21, 2023, 7:45pm

@Tinkerer guess it is not this time:

My guess is he overlooked to define the name of the SSID, so it can’t differentiate between internal and external

JerryInTennessee · January 21, 2023, 10:35pm

Success !!!
The trick was that the Location permission had to be set.

Although I had my Home Assistant URL, Home Network Wi-Fi SSID, and Internal Connection URL defined the app would only use the Home Assistant URL to connect with until I enabled the Location permission.

To make it work I had to enable Location “Allow all the time” but after confirming that the app switched between external and internal URL’s correctly I was able to change to the “Allow only while using the app” option.

Thank you all so much for the quick replies and putting me onto the right track.
Jerry