IOS External Notifications Not Working

Hi Everyone, Hoping someone can point me in the right direction to fix an IOS HA Companion App Notification issue. The issue is that I cannot receive external notifications to my iPhone 7+ via “notify.mobile_app_x” nor “notify.notify” processing. I am receiving internal notifications just fine using both the same methods, but when I turn my WiFi off on my phone (e.g. external mode) I get no notifications at all from HA to the Companion App.

I can control my Home Assistant externally (phone wifi off) just fine via the https://xxx.duckdns.org:8123 link - turn on/off lights, view all dashboards, arm/disarm Alarmo, etc. No form of notifications work in this mode (e.g. notify.mobile_app_todds_iphone OR notify.notify). I see the “Rate Limits” value count dropping (in Companion App Notifications) for each message that I try to send. I do not see any messages in the Companion App Event Log related to notifications (only location updates from the past).

I can control my Home Assistant internally (phone wifi on) just fine via the http://192.168.x.x:8123 link - turn on/off lights, view all dashboards, arm/disarm Alarmo, etc. I can also send and receive ALL notifications to my iphone 7 (via notify.mobile_app_todds_iphone OR notify.notify). I can also play built-in sounds, display critical type messages, display messages with events, etc just fine.

With iPhone Wifi OFF, the Companion App status shows: Connected via “External URL”, Version “2023.6.2”, Websocket “Connected”, Local Push “Disabled”, Logged in as “Todd xxx”.

With iPhone Wifi ON, the Companion App status shows: Connected via “Internal URL”, Version “2023.6.2”, Websocket “Connected”, Local Push “Available(1)”, Logged in as “Todd xxx”.

IOS iPhone 7 Setup:

• Apple iPhone 7+, running IOS 15.7.6
• Note iPhone 7 will not update to IOS 16 due to old hardware.
• Companion App installed, version 2023.4 (2023.460)
  internal url = http://192.168.x.x:8123, Local Push enabled
  external url = https://xxxx.duckdns.org:8123
  device name = todds_iphone
• All iPhone “Focus” profiles have Home Assistant in the Apps settings to allow access. Note that no focuses are enabled for any of my testing.

Home Assistant Setup:

• Runs on a Raspberry Pi3B
• Home Assistant 2023.6.2
• Supervisor 2023.06.2
• Operating System 10.3
• frontend 20230608 - latest
• I am not using Home Assistant Cloud
• Addon DuckDns with LetsEncrypt enabled, default (none) ipv4 and ipv6 values

domains:
  - xxxx.duckdns.org
token: xx-xx-xx-xx-xx
aliases: []
lets_encrypt:
  accept_terms: true
  algo: secp384r1
  certfile: fullchain.pem
  keyfile: privkey.pem
seconds: 1800

• Addon NGINX, network exposed port = 443

domain: xxxx.duckdns.org
hsts: max-age=31536000; includeSubDomains
certfile: fullchain.pem
keyfile: privkey.pem
cloudflare: false
customize:
  active: true
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf

nginx_proxy_default_fix_ingress.conf contents:

# used by NGINX 
# Fixes issues with addons using their own web server (e.g. ESPHome, etc).

location /api {
    proxy_connect_timeout 60;
    proxy_read_timeout 60;
    proxy_send_timeout 60;
    proxy_intercept_errors off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Host $host:8123;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://homeassistant.local.hass.io:8123/api;
}

Netgear Router Port Forwarding:

• External start port = 8123, External end port = 8123
• Internal start port = 443, Internal end port = 443, Internal IP address = 192.168.x.x

Message notification yaml example - works fine when run internal, but does not work external. Same results if I use “notify.notify” as well:

alias: Notify App - Welcome Home Todd
description: >-
  Causes a Welcome Home voice sound to be played on a mobile device when the
  specified person has come home.
trigger:
  - platform: state
    entity_id:
      - person.todd
    to: home
condition: []
action:
  - service: notify.mobile_app_todds_iphone
    enabled: true
    data:
      title: Welcome Home
      message: Welcome Home!
      data:
        push:
          sound:
            name: US-EN-Alexa-Welcome-Home.wav
            volume: 1
mode: single

I hope it’s something simple in my configuration that I am overlooking. Maybe a firewall port needs to be opened somewhere? NGINX config maybe?

I appreciate your time and consideration.

Thanks - Todd

If you get off your internal network then can you access the external rL without the port of 8123 rapt the end?

HTTPS by default should be 443 so that port is not needed.

Hi Rick - thanks for the suggestion to use port 443.

I re-configured everything to utilize 443 instead of the 8123 on my external link, and it appears to be working. I also completely removed / reinstalled the HA Companion App from my iPhone, as well as deleted the entry for my phone in the HA Mobile App integration. Something in this process fixed the issue.

Fingers crossed it keeps working - my phone is getting old!

Thanks again!

Does it still work. Did you find out the specific problem?

I am struggling with the same issue on my iPhone 7. I have reinstalled the Ios app integration in HA…

This is my app settings:
internal url = https://homeassistant.local:8123
external url = [https://xxxx.duckdns.org]

 - service: persistent_notification.create # Works
 - service: notify.notify # Does not works
 - service: notify.me # Does not works

Yes, still working fine. My companion app settings:
device name = Johns iPhone IOSApp
internal url = http://192.168.1.<nnn>:8123
external url = https://<yourduckdnssubdomain>.duckdns.org

Also, I only use the following service for my notifications:
service: notify.mobile_app_johns_iphone_iosapp

Note I just run http (unencrypted) on my local network. I don’t think the ipv4 (e.g. 192.168…) versus dns alias (e.g. homeassistant.local) matters.

I also added the following lines to the HA configuration.yaml file.

homeassistant:
  external_url: https://<yourduckdnssubdomain>.duckdns.org    # use standard HTTPS port 443 for external access.
  
# options to support NGINX SSL Proxy server.
http:
  use_x_forwarded_for: true     # To ensure HA understands that client requests come via reverse proxy.
  trusted_proxies:
    - 192.168.1.0/24            # add IP address of the proxy server.
    - 172.30.33.0/24            # add IP address of docker container.
    - 172.30.32.0/24            # add IP address of docker container.
    - 127.0.0.1                 # Add the localhost IPv4 address
    - ::1                       # Add the localhost IPv6 address    
  ip_ban_enabled: true          # enable automatic IP ban ... 
  login_attempts_threshold: 5   # after 5 failed login attempts.

** DuckDNS Configuration YAML**

domains:
  - <yourduckdnssubdomain>.duckdns.org
token: <yourduckdnstoken e.g. xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>
aliases: []
lets_encrypt:
  accept_terms: true
  algo: secp384r1
  certfile: fullchain.pem
  keyfile: privkey.pem
seconds: 1800

Here’s some automation I setup to remind me that external access is working. You can disable it after you ensure everything is working.

alias: Notify App - External Access Heartbeat
description: >-
  Sends a notification to the specified mobile app device at 11 am when the
  device is not at home.  This indicates to the user that the external access is
  working correctly.
trigger:
  - platform: time
    at: "11:00:00"
condition:
  - condition: template
    enabled: true
    alias: Confirm iPhone Device is NOT at home
    value_template: "{{ not is_state('person.john_smith', 'home') }}"
action:
  - service: notify.mobile_app_johns_iphone_iosapp
    enabled: true
    data:
      title: External Access Heartbeat
      message: External access is working if you received this.
      data:
        push:
          sound:
            name: default
            critical: 0
            volume: 0.1
mode: single

Thanks for sharing!

Tried it out on my backup iPhone (SE) with IOS 17. And it worked as it should. Decided to transition to the SE with only 64 G from my 7 with 128G…

No worries. It took me a few tries to finally get it right. I think it had something to do with the DuckDNS configuration and the “trusted_proxies” entries for me, rather than the Companion App settings. Hope it helps.
Thanks - Todd

I have a sort of similar issue when my iPhone is not connected on the local WiFi, i.e. same network as HA, but not related with Notifications as such, instead related to Companion App iOS actions.

The HA runs as a VM on a Synology NAS, and I use the Synology Reverse Proxy for any certificate management and forwarding. My iPhone https connects to the HA externally (i.e. when I am outside of my local WiFi) fine using an external URL with custom port (e.g. 1234). WebSocket is connected. So external access works fine when I use my iPhone HA App or a browser, I can control anything I want, I can get notifications etc.

However, any action I added from HA iOS Companion App menu and I trigger from my Apple Watch or CarPlay, when the phone is not connected on the WiFi, never seems to reach the HA, or better does not get triggered. When the iPhone is connected to the local WiFi same exact actions on Apple Watch or CarPlay work fine. The other strange observation is that when iPhone is not connected on the WiFi if I go to CarPlay Areas section I can control anything included there. So problem seems to be exclusive to Companion App actions on Apple Watch/Car Play ONLY when iPhone is not connected on the local WiFi.

I cannot and tbh dont want to use default https port 443 for external access to the HA, as this is used by default on my UniFi UDM-Pro for direct access to that. So currently using a more random port for external https access which I mentioned above seems to work fine from the HA iOS App.

Any guidance would be much appreciated, thank you!

@VasMan - PM’ed you.

Hi guys,

I have the same problem as you, VasMan. Did you manage to solve it?

I have two actions for opening two gates when I arrive home using CarPlay and I was not able to use it. From another phone using Android it works fine, but from iOS the action fired is not reaching HA if I’m out of home wifi.

I can access Home Assistant instance without any problem from my iPhone 15 Pro even if I’m not connected to home wifi, but actions are not working anymore. If I connect to wifi, actions starts working immediately. It is very annoying.

Please share with us if you found any solution.

Thanks a lot!

I am afraid I gave up trying to find a solution to this. Makes no sense to me. Connection to HA when inside or outside WiFi is through same URL and port, so cant see how firewall would be the issue if I can access HA outside of WiFi. I can even access my HA Grafana outside WiFI but nope…iOS actions fail. Not sure what is so special with iOS actions implementation outside of WiFi.

Well, I was hoping you solved this problem.

I am also access HA using the same link (same internal IP) as I am using TailScale addon and it helps me with a VPN connection to be able to access HA.
I saw also that my iPhone is not updating its status in HA (battery state or location for example) when it is not connected to home wifi. My other Android phone is updating all time in HA instance even if I’m not connected on home wifi.

Did you found any official thread on this subject? Actually I didn’t found anything related…

Yes, same case here with the battery update.

What I observed which is even more strange is that if my iPhone is connected to a different SSID & VLAN of my WiFi problem shows up again even though I have no firewall between the VLAN HA resides and my other VLAN/SSID my phone connects to. And the networks are fully routable as all my sensors can connect from that SSID to HA fine. So my only conclusion so far is that it only works at L2 level, i.e. If iPhone and HA are on same subnet.

Not found any real useful info on this, only read and got feedback that other iPhone users dont have this issue, so might be something very specific on my phone.

I thought I join forces with you to get to the bottom of this. I hence discovered that any action or even the location and battery update seem to use the Local Push function which is only available in the internal URL server settings of Companion App. For iOS there are some limitations on this. One of them for example was to whitelist the SSID, this explains why it was not working on my 2nd SSID/VLAN. After whitelisting the 2nd SSID I can now trigger actions also from there and battery status updates.

However, there is no obvious setting on how to allow push when using external URL and this might be iOS limitation so not sure how other iOS users have managed to circumvent that. You can clearly see that as soon as you disable WiFi, and as expected, Local Push goes from Available to Disabled and all iOS actions and push notifications from HA stop working, even though the HA App and everything you want to see it control inside the App works fine even outside the WiFi

Hi again,

I’ve just figured it out after a lot of trial&error. I’ll describe only the last mile of what worked, after more than 15 uninstall&reinstall the Companion app and reconfigure everything about it.

1. Uninstall the app from iPhone.
2. Shutdown the iPhone and boot it again.
3. Removed the iPhone device / entities / everything about this phone from web ui HA instance (logged in using a laptop from internal network).
4. Go to AppStore and reinstall the HA app on phone.
5. Give all permissions HA required on first start and then take a look on iPhone Settings - Home Assistant and enabled every permission I found there.
6. Connect to HA instance from Companion App, configured the Internal URL and leave empty External URL. Then configured the actions again and automations for them.
7. When I closed first time the HA app, the iPhone asked me to give location permission everytime even if the HA app is not running in background and I grant it.
8. Disconnected from home Wifi, connected to Tailscale VPN to be able to reach the internal URL. Now in Companion App the Local Push section appear also as disabled, but the actions works fine and everything from iPhone is updating without issues when the phone is not connected on the home wifi.

Also tried the gates buttons from CarPlay when coming home and the phone is on LTE …and everything works fine now.

I tried this a lot and until the phone was rebooted before install HA app again these steps were just a waste of time…

Actually I don’t understand why, but hope it will help you to solve this problem too, just try every step as I described and see if it works for you.

Thanks so much for sharing this great update and help resolve it.

I went through the steps you suggested and initially did not work, but with some slight modifications (steps 1 & 8) it now works and all my HA iOS actions as well as iPhone battery update work even when outside of home.

As a side comment, even though I have VPN in capability to my home I dont use it for HA, the HA iOS App connects remotely (when outside my WiFi) to HA Server via a public FQDN over Reverse Proxy and Lets Encrypt certificate and all good now.

Steps I followed:

1. Delete the HA server in the HA iOS App
2. Delete HA App from iOS
3. Shut-down iPhone
4. Remove iPhone device from HA server, it auto deletes all related entities
5. Start-up iPhone
6. Install HA iOS App
7. Start HA iOS App, go through all the App/iOS permissions
8. HA App auto discovers the internal IP/port of HA, I enter credentials and then it auto provisions both internal IP and external FQDN as per my setting in the configuration.yaml, i.e. no need for me to configure them in the Server settings of the Companion App section of HA iOS App.
9. Create actions in Companion App section of iOS App
10. Test actions with both my iPhone and Apple Watch for both scenarios, inside Home WiFi and outside of WiFi (e.g. LTE)
11. All Work now!

Good, I’m happy you solved it also using my current experience.
Hope our messages will help also other users in the future if they will get stuck with this problem.