Hass.io Add-on: Free SSL Reverse Proxy using Serveo.net

Hi HA Community!

I’ve just created new addon that allows to easly expose Your hassio to the internet using HTTPS thanks to Serveo service.

You DO NOT need to:

  • have external IP (eg. 4G/3G connection)
  • make any router configuration (no need to forward any port)
  • create any logins
  • pay any fee



I’m not creator of serveo.net . All Your traffic can be eavesdropped by the owner of this server. In case You have external IP I recommend to use DuckDNS or any other dynamic DNS service .


@lechup Great work.
Here are talking about a interested topic

Sure, I’ve seen that, that’s why there is huge WARNING at the top of readme, and at the bottom of this topic.

You can host serveo by yourself if You are an HA installator, and still use my addon.

1 Like

Ouh, hm… I can setup own serveo service server, I’ve even bought my-hass.com domain for this purpose. Right now I just want to see how much attention this addon will receive.

Maybe we can setup community serveo service server? Do we have/had before such initiatives?

1 Like


First, thank you it’s great !!!
I have a special configuration with a 4G router so port forwarding was not possible.

With your add-on it works perfect.

A short question, if I want to access through SSH (putty) to my Hassio.

How should I configure your add-on ?

Thank you in advance.


I think it should be enought to download ssh plugin and configure second forward port, I haven’t tested SSH connection.

"port2from": 8022, -> from ssh plugin config (port on which ssh access is enabled in local network)
"port2to": 22, -> port on which You want to have Your SSH on yourfancyalias.serveo.net host
1 Like

This is rather cool, I’ve used ngrok already and while it works it can be a little clunky, I’ll have to try this.

Quick note, Serveo does have telemetry, but it can be disabled:

A few basic events are reported for my analytical use (process startup and the start of port forwarding). Invoke this flag to disable telemetry.

What about using the ZeroTier One addon?

ZeroTier One looks quite ok, but it lacks simplicity :wink:

I’ve skimmed getting started, and isn’t it like You need to:

  • create an account on zerotier one
  • install zero tier one addod on hassio
  • install app on each node You want to connect with hassio (eg. Your phone/laptop whatever)

Then You will have VPN so You can reach Your hassio instance from configured nodes?

I’m not networking expert but I think owner of zerotier one infrastructure could evesdrop all Your communication and it is much more complicated to get things working?

Hm… I’m using ssh to actually connect to serveonet server like this:

If You use serveonet server everything can be evesdropped by it’s owner.

If You configure your own serveo instance, than yeah you can use this option and disable sending telemetry to serveonet servers (the thing is You don’t know what excatly is sent and what is disabled, there is no source code :wink: ).

It’s a piece of cake to set it up even though there are a few steps. It’s also a semi-official addon by Frenck and I’m much happier with the security implications than using some completely 3rd party service with all the DISCLOSED warnings about that. I’d use ZeroTier One any day in preference to that.

Incidentally, after handshaking it’s a peer to peer link that goes point to point not via the ‘service’ Packets are end-to-end encrypted and can’t be read by roots or anyone else, and use modern 256-bit crypto in ways recommended by the professional cryptographers that created it (from the online manual)

Thanks for clarifying how exactly it works. Sure go with whatever You like.

I have only my heating connected throught hassio, so serveonet guys can reduce/encrease/turn on/off temperature in my flat. Hope they will enjoy making me sweat :wink:

PS: Is it possible to make service publicly available through ZeroTier One like on serveonet?

I don’t think so… It’s effectively a VPN point-to-point. I normally use SSL and Caddy as a reverse proxy but my Duckdns only updates the IPv6 address and sometimes my iPad on 4G only gets an IPv4 address so that’s when I use ZT1. My mobile 4G is always IPv4 so same for that but it works really well. Install the addon, create a free account and then there’s an app for iOS and Android and you do have to authorized them to connect when you set it up so there’s a few steps but once setup, load the app and it establishes the link with 1 click. Very easy to use.


I did a fork but I couldn’t try it for now.

In fact, in my local network I have other devices:
My router, camera.
And we can use your add-on also to access to our router or a camera or something else and manage it. They just need to have fixed local IP.

Hi, Lẹchup. I had tried many reverse proxy but I think this is the best for me because of it’s simple and easy to config. I have a question want you to resolve :smile:
How can I config serveo addon to replace serveo domain with duckdns domain.
Can you explain and give me example code for this cofig
Thank alots

Hey @caohuongls !

Unfortunately it is not possible right now (I’ve found an issue with the code, You need to have key locally deployed, so basically You would need to provide private and public key in config).

Right now I do not have time to fix it :frowning:

Thanks, I hope you will fix it soon :slight_smile:

Hi @lechup!

Not sure why but my log gives this error message:
ssh: connect to host serveo.net port 22: Connection refused
Why port 22 if I only want https (port 80/443) to be open and forward to 8123…?

Hi @Grzegorz_Mikulski!

I think is due to the fact serveo.net was abused and they stopped to support free service :frowning:

So for now it won’t work…

PS: SSH on serveo.net was enabled on default ssh port 22 so that’s why script is connecting to that port.