Hass.io over IPv6

ok, that explains it…
I use hass.io and I have the DuckDNS addon installed and have an account. but according to @Zoker instructions I changed my http entry in the configuration.yaml so base url and the other information are not there anymore.

You will need to keep the baseurl… just the https://duck.duckdns.org with no port

http:
  server_host: ::100:
  base_url: " https://myDomain.duckdns.org" 

Like this? without api_password and ssl_certificate?

I don’t specify server_host and no "

And hassio still works with IPv6 even without server_host? That’s interesting

API password is deprecated. But you can/should still use the ssl_certificate.

Mine looks like this:

http:
  server_host: ::0
  server_port: 443
  base_url: https://my-domain-to-ha.com
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

Yes

yeah I don’t use ssl here as I’m using a reverse proxy (Caddy) but no api password for sure

1 Like

Yes with a reverse proxy it’s fine, but without SSL is a must

Yes Caddy gets LetsEncrypt certificates but they don’t get specified in config for HA.

Yea I know :wink: But I guess @Hackmett won’t use a reverse proxy for now, so then he’s needs to create a HA certificate and set it in the config

I agree… so you specify port 443 instead of 8123?

Yes I need that, so chrome creates the “Add to home screen” shortcut right. If it’s a port different than 80 or 443, he will not open in a standalone mode, but just as a usual browser window. Found that out here:

Also I don’t have to type the port all the time :stuck_out_tongue:

While this is true, @Hackmett you still need a “Port Forwarding” to open the port, because otherwise the fritzbox will block all requests to your port.

It’s opened under the port sharing page… it isn’t port forwarding though… it’s opening.

With Caddy I don’t need to specify a port and I have sub domains for terminal and configurator etc… just go to that sub domain with no port and Caddy takes care of business.

correct, if possible I would like to avoid that.

Ok, I changed the port forwarding/opening from 8123 to 443. I do not have a port opening to 8123 now anymore.

with which line do you access hass.io now in the browser?
https://my-domain-to-ha.com ?
Or do you still need to include the port?

FYI: since i deactivated the DynDNS Service on my FritzBox I can not reach anything at http://mydomain.duckdns.org/ or https://mydomain.duckdns.org/ anymore.

Actually you don’t need to do that, but you could.

No you don’t need the port. Just enter your domain or the duckdns domain.

If you don’t have a domain, you will have to use duckdns.
For that you need to login to duckdns and set the IPv6 address of your PI (not fritzbox) there. Now you can just reach your HA via https://yourdomain.duckdns.org

That’s it

At the moment, when i try to access:
http://[2001:a61:3617:1401:3939:d631:XXXX:54e5]:8123
it works. I if try to access
http://[2001:a61:3617:1401:3939:d631:XXXX:54e5]
or https://[2001:a61:3617:1401:3939:d631:XXXX:54e5]
I do not get a connection. So maybe I still have something configured not correctly, since I obviously need to add the port. Also, at the moment I have the port opening set to 8123.

my configuration.yaml hettp entry looks like this:

http:
  server_host: ::0
  server_port: 8123
  base_url: https://mydomain.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

I lokked into DuckDNS and set my RPi IPv6 (just: 2001:a61:3617:1401:3939:d631:XXXX:54e5)

Still, I do not get any connection over http://mydomain.duckdns.org/ or https://mydomain.duckdns.org/.

BTW I looked into the config of my DuckDNS addon config

Apparently it only checks the IPv6. But maybe this is not important or I don’t understand it correctly.

Thanks again for you guys helping me so much!

As long as you have port 8123 in your config and only port 8123 is opened by your Fritzbox, you (of course) can’t access it without a port. Port 80 (http) and 443 (https) are the only ports that you don’t have to type in your browser.

So you have two choices here:

  1. Just access your ha instance with port 8123. Then you can leave your config as it is and just try https://mydomain.duckdns.org:8123
  2. You change your port to 443 (if you have a lets encrypt certificate) in your config and also in your Fritzbox. Then you can access your ha instance via https://mydomain.duckdns.org (without port)

But you can’t combine both. It’s either one way or the other.

You can also ping me on the Home Assistant discord channel via PN and I’ll try to help you. Maybe this is more efficient then here in the forum

HUGE thank you to @Zoker, who helped me via discord.
The two main changes were:

  • got to the Fritz Box UI, to Netzwerk -> Netzwerkeinstellungen -> DNS-Rebind-Schutz and add my domain (e.g. mydomain.duckdns.org)
  • reboot hass.io (apparently rebooting over the configurator did not work, so I had to reboot in the hass.io UI over hass.io -> system -> host system -> reboot)

now my configuration.yaml looks like this:

http:
  server_host: ::0
  server_port: 8123
  base_url: https://smartpeter.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

I opened the 8123 port on my Fritz Box.
And now I can access my hass.io over:
https://mydomain.duckdns.org:8123

2 Likes

oh yeah!!! I forgot about that bit with the duckdns domain… but you were using the IP address…

Allright, I was confused why my motion sensors are not working. Actually they are, but Node-RED seems not to be accessible anymore… so it continues :see_no_evil:

Opening port 1880 did not help.

Well, faster than expected the IPv6 of my RPi changed.
I could not connect and looked into my Fritz Box. The new IPs are:

only the first 2 blocks are the same as yesterday.
I fear that not, but is there a way to force my FritzBox to keep the IPv6 constant?
Or is there any chance that the new IP is forwarded to duckDNS … shouldn’t this happen anyway?
Do I just need to change my inteface ID in the port opening again?