Hi,
Could somebody please help me unscramble the network mess I have created.
The aim is to have
- External access to HA via HTTPS
- Internal access to HA via HTTP (it could be HTTPS as long as it does not need internet access to validate and does not trigger ‘cannot guarantee authenticity of domain’ messages for AV )
- Alexa access - this implies internet is available.
- HA App to work seamlessly in internal and external URLs
I have to say all this was working on a configuration using HAOS until that corrupted itself into smoke.
That config used DuckDNS and NGINX addons
Because of the inability to get under the skin to fix things as that setup degraded I decided to rebuild using the Docker approach.
It seemed a simple decision - what a sucker I was!
So the new build has
- Platform Raspberry Pi 4B running Raspberry OS
- HA in a docker container
- Certbot/LetsEncrypt and NGINX installed but NOT in a container (because I spent a week unsuccessfully trying to set them up in containers - just constant ‘Connection Refused’)
- I let Certbot ‘install’ the certificates for NGINX. Successful but I have a /etc/nginx/sites-available/default has 161 lines of which 9 lines or block are marked ‘# managed by Certbot’ so I am reluctant to mess with them in case that breaks something else.
- I believe the router had only 2 ‘straight through’ entries incoming-IP:8123–> 192.168.1.54:8123; incoming-IP:443–> 192.168.1.54:443
At this point I can only access via HTTPS (both externally and internally)
https://campbellshouse.duckdns.org/ takes you to the default nginx welcome page.
https://campbellshouse.duckdns.org:8123 takes you to the HA login screen
https://192.168.1.54:8123 Kaspersky complains ‘cannot guarantee authenticity of domain…’ eventually goes to login
http://192.168.1.54 takes you to the default nginx welcome page.
http://192.168.1.54:8123 ‘The connection was reset’
Then I tried to link the alexa account and the wheels really fell off. It seems you cannot specify a port there
If you manage to force it you just get ‘Cannot link the skill at this time’
Ditto the HA App in i-pad. Its confused about internal and external URLs.
Any ideas please how to achieve the aims above?
Please dont just say ‘setup reverse proxy’ unless you have very specific instructions HOW to achieve this in the current configuration.
(I spent yesterday following that thread only to find they assumed things were in docker or within HA - a hundred similar jigsaws but none of the pieces are interchangeable)
Thanks
JC