Hass not reachable from outside

raphaelscholle · December 23, 2019, 1:19pm

Hello,
I’ve just configured Hass and its working flawlseely in my intranet.
But when I try to reach it from the ouside (I use a DYNDNS in combination with a ipv6 portmapper to get an ipv4 domain) it isn’t showing.
Other ports are showing, dyndns points to the right domain … apache on the same server works, hass not.
This is my config :

http:
  base_url: portmapper.myonlineportal.net:23221
  cors_allowed_origins:
    - http://metelen.my-homeip.com
    - http://portmapper.myonlineportal.net

francisp · December 23, 2019, 3:17pm

http:
  base_url: https://portmapper.myonlineportal.net

assuming you have a valid certificate

raphaelscholle · December 23, 2019, 4:15pm

normally i dont use https with private stuff, but i just generated a key but … doesn’t work either

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  base_url: https://portmapper.myonlineportal.net

Jan.Schmidt · December 23, 2019, 4:32pm

Hi,
even when i am “new” to this Forum - some say i do have some knowledge about something.
“normally i dont use https with private stuff” and your wish to open your local HA to the outside is a big mistake.
The s is https is for secure and what else you should be aware of ?
Yapp securing your private stuff.

Get yourself a vpn Server on your HA Server add all your external device with a vpn client and you “and only you” are inside even when your outside.

raphaelscholle · December 23, 2019, 4:35pm

I know what https is … and actually i don’t really care if someone wants to interact with the rollershutters of my parents or something like that.

I only want to open HA, that my parents are able to use there mobile phones to trigger those switches.

Using a vpn is really overkill for that.

raphaelscholle · December 24, 2019, 12:12pm

please let us return to the topic, there are many ways to bypass the firewall and port-forwarding, but this isn’t the question. eg ngrok, serveo,… I just want to make HomeAssistant open to the outside.

We don’t need to discuss security or such things. I can understand, what you want to tell everyone, but I decide its not what I need. No discussion needed. If I would want to make it more secure, I wouldn’t use MQTT, I wouldn’t use a vpn, I would use an SSH-Tunnel, but its not what I want wo discuss.

The main question is, how do I turn off the security function, that HASS is only reachable from local computers.

francisp · December 24, 2019, 12:20pm

Port 8123 is open in your firewall. or router ?