Hassio, Duck DNS, add-on, port forwarding

When using Duck DNS, It appears hassio add-ons with Web UI must expose its port to the internet, even when using the UI on the local network. Is that correct? Is there a way not to expose the port and only use the add-on while on the local network?

That hasn’t been my experience. Most of the add-ons use a different port that is not forwarded on the router by default. For example, the documented setup for HA has you forward port 443 to 8321 on the pi or docker server. So any other add-on would require some other port, and would not receive traffic from outside.

There really isn’t an easy way to disable/re-enable port forwarding regularly. Unless your router supports some sort of scripting method to do this.

If you are particularly worried about open ports, look at one of the other remote access methods, VPN or TOR.

Thanks for the replies.

The instruction states to put the below into the configuration file.
The base_url appears to make everything come from the outside. I commented it out and now can get add-ons from the local network.

However, the web link in the add on details still tries to go to the xxx.duckdns.org But at least I no longer have to expose all the ports, only the main one now.

What is your configuration for base_url?

http:
base_url: https://my-domain.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

Ahhh, I think I see the confusion.

Yes, the add-on’s will still try to go to xxx.duckdns.og:someportnumber
But since I don’t ever want to connect to them when I am away from home, I don’t open those extra ports on the router. Instead, I connect to the internal IP address : someportnumber… for example https://192.168.0.123:9000 for Portainer. Yes, you will have to accept the warnings about connecting to an insecure site…