since Companion App Networking | Home Assistant Companion Docs instructs us to set a DNS rewrite to be able to use local network access for the App, I am puzzled to find that option setting in the AdGuard Dns settings panel.
Please help me out where to find this using add-on version 4.1.6
Check under filters and look for something called DNS rewrite
There you define rules like
192.168.1.123 https://yourduckdnsurl.com/
Which will then resolve the duckdns url to the local IP.
yes, I just found it under filter… thanks (issued a PR so this gets changed in the documentation few minutes ago)
struggling to get it to work though
this is the interface:
but we can not enter protocol or port there. Leaving only the option of the bare address.
would this be correct?
this would have to result in the certificate for mydomain.duckdns.org to be valid for https://192.168.1.71:8123 ?
I am using
http:
# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
but no matter what I enter in the local url filed in the app, it complains about an invalid certificate…
A DNS rewrite has nothing to do with the certificates or ports all it does is translate a DNS name to an IP. So when you are in your home network and go to the duckdns address the request will not go through the internet but it will instead go directly to the local IP.
The certificates and ports are handled by the reverse proxy (NGINX in your case). You need to remove the certificate lines in the http section in configuration.yaml, the certificates need to be configured in the reverse proxy.
E.g. you go to https://mydomain.duckdns.org this leads you to https://ip-of-reverse-proxy through the DNS rewrite in Adguard, the reverse proxy sees the incoming request and forwards it to http://192.168.1.71:8123
Edit: you also need to change your port forwarding rules so that port 443 is forwarded to port 443 of the reverse proxy
thanks Burning, I am trying, believe me…
but Ive stopped with Nginx for a moment, going back to only using AdGuard (which I had working perfectly out of the box, so without any rewrite at all)
in my router I have 1 Port forward, and that is from my domain.duckdns.org:port (need a port there because I have 2 other instance on that domain too) to my local address:8123 .
that local address was explicited in the IOS app field, and worked perfectly.
not anymore, unfortunately
(of course the addresses are correct, as I can confirm in a regular browser)
I’m not sure I understand correctly. What exactly is your problem?
In the app you set the internal and external URL to the duckdns address and port? like this https://mydomainduckdns.org:port
Without a reverse proxy both of them need to be the same.
Did you configure Ad-guard to be used as the DNS server in your routers DHCP settings?
my main problem is that the internal address in the app isnt accepted.
right! (external) and that works fine.
no…?
I had it working before, simply by installing Adguard out of the box, so no DNS rewrites
I also had it working with Nginx, but it bothered me local traffic was not secure, so thought to go back to Adguard, which now doesnt work as I did
edit
wait: I did enter the external address in the local field, and turned off mobile data, so the phone can only connect over wifi, and it still connects to my instance, so I guess thats ok then?
main source of worry is that I want my instance to be reachable, even when internet is down, how can we test that…
Ad-guard needs to be set as the DNS server for your network, otherwise it’s useless. All DNS requests in your network need to go through Ad-guard for it to work.
What do you mean you had it working before? You had
External URL: https://mydomain.duckdns.org:port
Internal URL: http://local-ip:8123
?
That’s impossible without a reverse proxy. I also don’t see what Ad-guard should change in this case.
Or did you have internal URL: https://local-ip:8123? Also this will lead to a certificate error, because certificates are only valid for DNS names and not for IP addresses.
Connect your phone through WiFi to your router, turn off internet for the router, see if you can still connect to Home Assistant. This will only work with the DNS rewrite or if your router supports hairpin-NAT.
first I used:
External URL: https://mydomain.duckdns.org:port
Internal URL: https://hassio.local:8123
And this lead to the certificate error as it is supposed to. Then installing AdGuard, out of the box, fixed that. Had it working for a day, until I decided to try Nginx.
That worked fine too, of course I changed https to http where applicable.
Still I didnt like the fact my local traffic was insecure, so decided to go back to what I had working before…
Can confirm that worked! pulled the main internet cable from my router blocking any outside traffic, and still the app connected over the duckdns.org external address set in the local url field.
Note I don’t have any DNS rewrite active now, and to be sure I restarted the Adguard add-on while in the act.
guess this proves my router supports hairpin-NAT? is that realized by the port forward too? Always thought those were really only used for external traffic?
Yes, exactly. Hairpin NAT means that when you try to access an external URL, which is linked to a port forward rule in your router, it will direct you to the internal address (the one configured in the pirt forward) directly instead of going through the internet.
See also
cool… even better than I was aiming for then 
does this also mean I can take out Adguard completely?
and, if I didn’t enter a local URL, would the App still see my local network over that same external address (from the external url)?
your explanation, maybe even the wiki text, should really be in the docs…
marked your post above as solution, because, well it solves my issue, and in fact removes my need to use a DNS rewrite I the first place.
Thanks you so very much for your time and effort, that is extremely appreciated!
Hope to be able to return the favor sometime.
If you only installed it for this purpose, then yes.
Don’t know to be honest, but you can check it easily. Again remove the internet access from your router, connect the phone through WiFi, remove the internal URL and see if it still works.
It’s in the companion docs, there’s a separate entry for hairpin-NAT
yes, and I’ve read that time an time again, without it really making me understand what it says. Your words are way more descriptive, even the wiki words it better (for someone new to the matter)
Now I know what is happening, I understand what the companion docs say too… 
Does this work for local host names? I’m trying to set up router.local to resolve to 192.168.0.1 but I have no luck with AGH (unknown host). I’m also seeing conflicting info whether AGH’s DHCP is required for this.
are you taking about ngnix proxy manager ?
I’ve tried in many ways to make things works. But I’ve always a Java CertPathValidator error
Only on Android app, if I use web interface through browser there nothing wrong. I’ve the same problem for Grocy and Bitwarden android app.
@Mariusthvdb do you managed the dns rewrite?
i’ve the almost the same issue. I want to access the ha docker container from the internal ip instead of the domain name.
i also set up adguard dns rewrite.
“nslookup mydomain” shows me a correct forwarding to the internal ip. but i can’t access it on internal lan with “mydomain”. i get a blank white page which is loading a long time until the message “can’t access page…” comes. external access with mydomain is fine.
the internal and external ip’s are set to the mydomain.
the dns server in ha network settings is also set to the own IP adress (where adguard runs on)
