Hass internal vs external urls

Question about these settings

What does setting external_url like the docs show actually do? I can’t seem to get HA to listen on BOTH ssl and plain ports at the same time. I was able to add all setup but it switches the port to 443 which means that I am no longer listening on 8123.

external_url: "https://www.example.com/" 
internal_url: "http://homeassistant.local:8123"
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  server_port: 443

So right now I just have the bottom part set and using myhass.duckdns.org even when at home.

For integrations like Home assistant companion app, the external URL is used automatically if your device detects it is not in the same network as HA server.

I get that part, but the sample in the docs show an http and an https address, those would be separate ports, which as far as I can tell can’t be configured in HA, at least not without doing some additional setup of a reverse proxy.

1 Like

Just saw - TTS depending on your setup is using the external_url paramter, too.

So you really should set it to an URL which is reachable externally (not homeassistant.local) if you do not want to run into errors sooner or later.
I personally have it configured to my Home Assistant Cloud URL.
Greate solution I only can recommend:

You are referring to the following?

external_url: “https://www.example.com
internal_url: “http://homeassistant.local:8123

Well it is possible if you have setup NAT and port forwarding e.g. on your FritzBox and fritzbox is doing https and you allow access to your internal HTTP url with this…

So in fact you are always using the “internal_url” but if you want to access from external you use the url used within “external_url” which points to your FritzBox (or whatever your router is) and this is doing NAT to your “internal_url”…so the external_url is mainly used for integrations which are trying to access your home assistant (API) from some cloud service coming from external.

Actually that makes sense, didn’t think of port remapping. For now since I am not using any external integrations I’m just going to leave these values unset.

  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  server_port: 443

You don’t actually need to change the server_port. Since you have done that then HA is using 443 as it’s port instead of 8123. So also internally you would now only be able to use that port. With a duckdns setup what you can do is port forward 443 to 8123. That’s all that is really needed.

That way since externally you are using 443 and since it’s https:// you don’t need to specify the port. At the same time internally then you can use 8123 as normal. Since, however, have enabled SSL this also means that both internally and externally you can only access HA over https://
The only way to access HA over https:// externally and over http:// internally is with a reverse proxy as you mentioned.