Creating a secured connection so you can us HTTPS from outside into HA. I think the OP is trying to do it this way: Securing - Home Assistant
I have installed the add-on duckdns.
So you followed the steps correctly then?
I don’t see any info on the Add-on and what is needed?
Well, I believe I followed the steps as described. That’s why i do not understand why my configuration.yaml gives me this error message.
Had to google and found the docs on github.
i did all this except adding these in configuration.yaml
Example configuration.yaml entry
duckdns:
domain: YOUR_SUBDOMAIN
access_token: YOUR_ACCESS_TOKEN
It was not described anywhere to add thes extra line in the file.
I would try to make sure to follow the github docs. Add what is missing and try again.
Ok. I will have a look at it. Thanks for helping me.
Also add the next section for http: also because it is needed by the HA.
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
This was already added and it was by adding these extra lines that it gave me the error message.
I looked at what you had posted, you had https: on line 24 and in line 25 they should not be like that from the docs.
What is wrong about lines 24 and 25?
Have you checked that the ports are being forwarded?
If not: https://canyouseeme.org
If not forwarded: have you tried rebooting your router?
Does your duckdns domain point to the right address?
There is not supposed to be an ‘s’
just
http:
1 Like
So, I understand you can access using httpS with the your DuckDNS address (https://your domain.duckdns.org/), is that correct?
If so, then you have all the files you need, so I will suggest to do the following:
-
Install and start the add-on: NGINX Home Assistant SSL proxy
This add-on will help you managing the different connections thru HTTPS when using your DuckDNS address and HTTP when using http://homeassistant.local:8123.
Note that you need some settings (adding your DuckDNS domain into NGINX settings). -
Comment out the files on your http session on configuration.yaml and add a trusted proxy, like this:
http:
#ssl_certificate: /ssl/fullchain.pem
#ssl_key: /ssl/privkey.pem
ip_ban_enabled: false. #change this to true after everything is working properly
login_attempts_threshold: 5
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
-
Make sure you have your router forwarding external port 443 to Home Assistant port 443.
The other ports on your router are not needed after the security key files are created, which I believe they are (you can double check on DuckDNS add-on Logs). -
Go to Settings → System → Network and add your two addresses for Home Assistant:
-
Restart Home Assistant
-
Try to access your Home Assistant from both those addresses:
http://homeassistant.local:8123
https://yourdomain.duckdns.org/
No Edward, he could not access it at all at first.
From LAN because he was using unsecured http but with https & the HA IP it works.
Using his duckdns domain does not work.
The point is: did he do something wrong (which is already obvious from adding https to the http configuration) or is he trying from his LAN and the router does not allow NAT loopback.
Another possibility is that the ports are not open/redirected.
OK, then this work:
But none of those are working:
Is that correct?
If that is the case, the first step is to double check if the certificate files has being create (otherwise not even NGINX would help).
In order to check for the cert files, take a look on the DuckDNS logs:
Newer versions of Android won’t connect to .local domains, the same for iOS.
Edit: .local is now strictly handled by Android for mDNS purposes and not for unicast address resolution. Recommendation is to stay away from .local domains.
https://source.android.com/docs/core/ota/modular-system/dns-resolver#mdns-local-resolution
1 Like