Hass.io over IPv6


yeah I don’t use ssl here as I’m using a reverse proxy (Caddy) but no api password for sure

1 Like

Yes with a reverse proxy it’s fine, but without SSL is a must

Yes Caddy gets LetsEncrypt certificates but they don’t get specified in config for HA.

Yea I know :wink: But I guess @Hackmett won’t use a reverse proxy for now, so then he’s needs to create a HA certificate and set it in the config

I agree… so you specify port 443 instead of 8123?

Yes I need that, so chrome creates the “Add to home screen” shortcut right. If it’s a port different than 80 or 443, he will not open in a standalone mode, but just as a usual browser window. Found that out here:

Also I don’t have to type the port all the time :stuck_out_tongue:

While this is true, @Hackmett you still need a “Port Forwarding” to open the port, because otherwise the fritzbox will block all requests to your port.

It’s opened under the port sharing page… it isn’t port forwarding though… it’s opening.

With Caddy I don’t need to specify a port and I have sub domains for terminal and configurator etc… just go to that sub domain with no port and Caddy takes care of business.

correct, if possible I would like to avoid that.

Ok, I changed the port forwarding/opening from 8123 to 443. I do not have a port opening to 8123 now anymore.

with which line do you access hass.io now in the browser?
https://my-domain-to-ha.com ?
Or do you still need to include the port?

FYI: since i deactivated the DynDNS Service on my FritzBox I can not reach anything at http://mydomain.duckdns.org/ or https://mydomain.duckdns.org/ anymore.

Actually you don’t need to do that, but you could.

No you don’t need the port. Just enter your domain or the duckdns domain.

If you don’t have a domain, you will have to use duckdns.
For that you need to login to duckdns and set the IPv6 address of your PI (not fritzbox) there. Now you can just reach your HA via https://yourdomain.duckdns.org

That’s it

At the moment, when i try to access:
it works. I if try to access
or https://[2001:a61:3617:1401:3939:d631:XXXX:54e5]
I do not get a connection. So maybe I still have something configured not correctly, since I obviously need to add the port. Also, at the moment I have the port opening set to 8123.

my configuration.yaml hettp entry looks like this:

  server_host: ::0
  server_port: 8123
  base_url: https://mydomain.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

I lokked into DuckDNS and set my RPi IPv6 (just: 2001:a61:3617:1401:3939:d631:XXXX:54e5)

Still, I do not get any connection over http://mydomain.duckdns.org/ or https://mydomain.duckdns.org/.

BTW I looked into the config of my DuckDNS addon config

Apparently it only checks the IPv6. But maybe this is not important or I don’t understand it correctly.

Thanks again for you guys helping me so much!

As long as you have port 8123 in your config and only port 8123 is opened by your Fritzbox, you (of course) can’t access it without a port. Port 80 (http) and 443 (https) are the only ports that you don’t have to type in your browser.

So you have two choices here:

  1. Just access your ha instance with port 8123. Then you can leave your config as it is and just try https://mydomain.duckdns.org:8123
  2. You change your port to 443 (if you have a lets encrypt certificate) in your config and also in your Fritzbox. Then you can access your ha instance via https://mydomain.duckdns.org (without port)

But you can’t combine both. It’s either one way or the other.

You can also ping me on the Home Assistant discord channel via PN and I’ll try to help you. Maybe this is more efficient then here in the forum

HUGE thank you to @Zoker, who helped me via discord.
The two main changes were:

  • got to the Fritz Box UI, to Netzwerk -> Netzwerkeinstellungen -> DNS-Rebind-Schutz and add my domain (e.g. mydomain.duckdns.org)
  • reboot hass.io (apparently rebooting over the configurator did not work, so I had to reboot in the hass.io UI over hass.io -> system -> host system -> reboot)

now my configuration.yaml looks like this:

  server_host: ::0
  server_port: 8123
  base_url: https://smartpeter.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

I opened the 8123 port on my Fritz Box.
And now I can access my hass.io over:


oh yeah!!! I forgot about that bit with the duckdns domain… but you were using the IP address…

Allright, I was confused why my motion sensors are not working. Actually they are, but Node-RED seems not to be accessible anymore… so it continues :see_no_evil:

Opening port 1880 did not help.

Well, faster than expected the IPv6 of my RPi changed.
I could not connect and looked into my Fritz Box. The new IPs are:

only the first 2 blocks are the same as yesterday.
I fear that not, but is there a way to force my FritzBox to keep the IPv6 constant?
Or is there any chance that the new IP is forwarded to duckDNS … shouldn’t this happen anyway?
Do I just need to change my inteface ID in the port opening again?

You probably need to update your IP address with duckdns… It’s tricky with IPv6 to do that. (Running an update on the router will only update the WAN address not the device address)

If you’re running Hass.io you can use the duckdns addon.

I am running my Hass.io as a generic Linux install on my NUC but I just use a bash script that runs every 5 minutes to update. Depending on your HA platform that would work for you as well.

I think I understand what you mean. Only the first few blocks specific to the router will change.

However, this morning the last 4 blocks are back to their old values.
the day before yesterday:



Without changing anything, I can access hass.io again over the my duckDNS domain (btw, I am allready using the duckDNS addon).

I do not understand why the IPv6 of my RPi changes to a completely different one and then after a few hours goes back to “normal”… does anyone have a clue how to prevent this?

Hello Everyone.

I really need some help here please. I have been trying everything that was written here in the forum without success. I’m not able to access my Home Assistant from the “outside” ipv6 address.

This is what I have in the Fritzbox network information and on the permit access part:

In the configuration.yaml:

server_host: ::0

When I try to access with the external IP I get a timeout:


If I use the local ipv6 address then it works fine:


How can I access it using the external ipv6 address?

Thanks a lot!

I don’t know but I can’t use the IPv6 address like that either - but a domain pointing to that address works fine. I thought it might be caddy causing the problem.

Thank you David. Unfortunatelly even when I update the 2a02:xxx:xxx:xx… IP address of my home assistant in the duckdns page, I cannot access it with my duckdns domain.

I have tried enabling the “Internet access to the FRITZ!Box via HTTPS enabled” in my fritz box just to make sure that it was not blocked by the Unitymedia, and when I update this 2a02:xxx… IP address in my duckdns domain, I can remotelly access my router.

I have also tried changing the HTTP port of my home assistant to the same I have tested in the fritz remote access (after disabling it again), and still it does not work. So the port itself is not blocked by UnityMedia.

I have no idea what is going on here.