What’s doing your SSL? I don’t see any SSL settings in your config. You either need SSL on home assistant or a reverse proxy running your SSL
From router manual:
By default, remote access to the device over the level 4 domain via the KeenDNS service works like this - you connect to the Internet center via the HTTPS protocol, and then you connect to the local device via the HTTP protocol via the HTTP protocol. Therefore, on the device for which we use the domain name of the 4th level, in its settings should not be excluded the possibility of using an HTTP connection, i.e. so that the option “Use only HTTPS” is not enabled. If you want to access via HTTPS, you can manually get your own certificate for the 4th level domain through the command line interface (CLI)
From router to HA required HTTPS or HTTP is enough?
I am not sure, but can be router providing SSL for lower level?
Only if it’s acting as a reverse proxy
I tried:
http:
base_url: my.domain.keenetic.pro:8123
use_x_forwarded_for: true
trusted_proxies:
- 192.168.1.1
trusted_networks:
- 192.168.1.1
Loading match longer but same result.
Do you understand what a reverse proxy is?
Changing the HA config isn’t going to fix your router…
Not at all I need to get SSL certificate and than I can use it with my domain name. Is it correct?
If you want to use https, but if your router doesn’t support the necessary settings for reverse proxy in HA you’ll need to do something else.
I just got reply from manufacture. Router can proxy some ports only:
HTTP: 80, 81, 280, 591, 777, 5080, 8080, 8090 и 65080
HTTPS: 443, 5083, 5443, 8083, 8443 и 65083.
What port is better to use?
Sorry for stupid question, but why HA using 8123 instead of 80 lets say?
You can use any of them.
Use 443 if you don’t want to have to put in a port number when connecting.
Lots of applications use their own ports. Port 80 on a Linux machine is reserved for root only (any port below 1024), and as such would complicate setups, and cause problems.
Forward port 443 to 8123
KeenDNS settings:
domane name: my
Host (local net): 192.168.1.51
TCP port: 443
Port forwarding:
Input: Provider
Output: 192.168.1.51
Protocol: TCP/443
Destination port: 8123
In result at HA logging page: Error: Something went wrong
And nothing in the log. Is it correct settings?
I understand you want to use your router for this, but I don’t think it is going to work. There are things that HA needs to work with reverse proxies.
As an example, this config contains a few items that most normal reverse proxies do not.
If the settings of the built in reverse proxy are not capable of meeting these requirements, then it simply will not work.
OK. It is more complicated than I thought! Any way than you for help!
flamingm0e,
Thank you for the input but I cannot actually understand the root cause. My configuration is as follows:
- HAAS.IO running in local network 192.168.1.X:8123
- KeenDNS acting as reverse proxy associates 4th level DNS name with local network IP 192.168.1.X:8123
- KeenDNS uses SSL
If i try to get access through 4th level domain name, remote HAAS.IO installation will respond and I will see the login page.
Having entered correct login, HAAS.IO reports “unable to connect”. Why? There is traffic, but login fails.
Regards
There are required settings for it to work, which, if you do not have access to change on your reverse proxy, will not work. I pointed to the documentation which shows the settings for NGINX. Without these settings, and with a standard reverse proxy configuration, NGINX will do the same thing as you describe.
The problem 100% solely lies in the REVERSE PROXY CONFIGURATION, which apparently you don’t have access to.
I am sorry for the stupid question. Is NGNIX included into HASS.IO or additional installation is required?
NGINX is a web server application. It is NOT part of hassio, but I believe it is available as an add-on, which I think has the proper reverse proxy configuration already set for it.
Did you solve the problem?
Yes. KeenDNS service can be used:
- Get domain name from KeenDNS (without SSL)
- Use different port for your keenetic dashboard (not 80, 8080 can be used for exapmle)
- Redirect ports 80 and 443 to HA server
- Use Nginx Proxy Manager to redirect traffic to HA server and get SSL certificates.