Is there any way to serve both HTTP and HTTPS?

I am using WallPanel all around the house and it is not working with SSL. I am also configuring the Alexa skill, which must have SSL. So I am trying to find a way to serve both HTTP and HTTPS.

Is there any way I can do this?

Thank you!

Nginx in front of HA.
HA can remain http but https calls will go to nginx and forward to HA http(this is still secure connection for Alexa purpose)

Thank you! I will research Nginx config, I am not too familiar with it, but should not be too hard.

Is Nginx more preferred for some reason than Apache or does not matter at all? I can see there are solutions for both webserver and I know Apache much more then Nginx. Thank you!

Both nginx and Apache can provide reverse proxy for this case.

I think it is mostly preference or based on existing infrastructure.

Thank you for your input on this!

I managed to setup the same:
HA served on http port 8123 internally and on https port 443 externally with letsencrypt certificates.
I then followe both the DOCS guide and some walkthrough on the web to implement a custom skill in aws alexa.
Somehow this does not work.
I do not even get the call made from AWS -> Homeassistant (no trace in the nginx logs).
Only once that happened and I received a “the skill gave an incorrect answer” (or something along those lines).
Port in the router are redirected as per instructions 443:->8123
Alexa cloud is correctly setup and the homeassistant skill works.
Did you managed to set up a custom skill?

I suddenly have one doubt: do I have to add this (developer) skill with the alexa app? even if I am logged in the console under the same account as with my Alexa echo?

an update:
I can see request being issued inthe alexa debug log on alexa dev site.

I tied to issue in the browser the endpoint command

And I see that indeed the enpoint returns a 404 error.

“header”: {
“namespace”: “SkillDebugger”,
“name”: “CaptureError”,
“messageId”: “f0ea89ce-2d18-4940-996f-8270d4ae9fdf”
“payload”: {
“skillId”: “amzn1.ask.skill.31d2ff24-5617-448b-8cdc-1c666520a0b2”,
“timestamp”: “2019-01-02T22:58:04.927Z”,
“dialogRequestId”: “ff35cc77-345a-4cb7-bad0-9432720dd03f”,
“skillRequestId”: “amzn1.echo-api.request.6a0141f8-c081-40a6-b504-4d44337da554”,
“description”: “An error occurred while issuing a SpeechletRequest for (requestId [amzn1.echo-api.request.6a0141f8-c081-40a6-b504-4d44337da554]”,
“debuggingInfo”: {
“type”: “SkillExecutionInfo”,
“content”: {
“invocationRequest”: {
“endpoint”: “https://mysite/api/alexa?api_password=mypass”,
“body”: {
“version”: “1.0”,
“session”: {
“new”: true,
“sessionId”: “amzn1.echo-api.session.fcae62cb-121a-492d-aa7c-9a9e0c1d5aaf”,
“application”: {
“applicationId”: “amzn1.ask.skill.31d2ff24-5617-448b-8cdc-1c666520a0b2”
“user”: {
“userId”: “amzn1.ask.account.xxxx”
“context”: {
“System”: {
“application”: {
“applicationId”: “amzn1.ask.skill.31d2ff24-5617-448b-8cdc-1c666520a0b2”
“user”: {
“userId”: “amzn1.ask.account.ffd”
“device”: {
“deviceId”: “amzn1.ask.device.fdvd”,
“supportedInterfaces”: {}
“apiEndpoint”: “”,
“apiAccessToken”: atoken"
“Viewport”: {
“experiences”: [
“arcMinuteWidth”: 246,
“arcMinuteHeight”: 144,
“canRotate”: false,
“canResize”: false
“shape”: “RECTANGLE”,
“pixelWidth”: 1024,
“pixelHeight”: 600,
“dpi”: 160,
“currentPixelWidth”: 1024,
“currentPixelHeight”: 600,
“touch”: [
“request”: {
“type”: “IntentRequest”,
“requestId”: “amzn1.echo-api.request.6a0141f8-c081-40a6-b504-4d44337da554”,
“timestamp”: “2019-01-02T22:58:04Z”,
“locale”: “it-IT”,
“intent”: {
“name”: “RunScriptIntent”,
“confirmationStatus”: “NONE”,
“slots”: {
“scripts”: {
“name”: “scripts”,
“value”: “notifica”,
“resolutions”: {
“resolutionsPerAuthority”: [
“authority”: “”,
“status”: {
“values”: [
“value”: {
“name”: “notifica”,
“id”: “fe49ea3c5e2ae28e01779cd19718d8fa”
“confirmationStatus”: “NONE”,
“source”: “USER”
“invocationResponse”: null,
“metrics”: {
“skillExecutionTimeInMilliseconds”: 254

“header”: {
“namespace”: “CardRenderer”,
“name”: “RenderCard”,
“messageId”: “9988fdce-947a-433e-870a-17054fd5d038”,
“dialogRequestId”: “ff35cc77-345a-4cb7-bad0-9432720dd03f”
“payload”: {
“cardMetricAttributes”: null,
“creationTimestamp”: 1546469883888,
“deleteCardAction”: {
“actionType”: “DeleteCardAction”,
“cardId”: “86de554d-8871-4ac8-8c69-c65159d9d575”,
“mainText”: “Rimuovi scheda”,
“subText”: “Maggiori informazioni”,
“subTextRoute”: “help/node/201602230”
“descriptiveText”: [
“Request Identifier: amzn1.echo-api.request.6a0141f8-c081-40a6-b504-4d44337da554”,
"The skill responded with 404 HTTP status code "
“giveFeedbackAction”: null,
“hint”: null,
“id”: “86de554d-8871-4ac8-8c69-c65159d9d575”,
“nBestOptions”: null,
“originIntentType”: “RunScriptIntent”,
“playbackAudioAction”: null,
“primaryActions”: null,
“prompt”: null,
“registeredCustomerId”: “A3JN50KDCGZ2OX”,
“secondaryActions”: null,
“sourceDevice”: {
“serialNumber”: “d6fe1570ac53423984ef04838c397463”,
“type”: “A2HPYE8VLW820A”
“subtitle”: “Osvaldo”,
“textCardType”: “SELECTABLE”,
“thumbsUpDownActivityAction”: null,
“title”: “Skill response was marked as failure”,
“token”: “”,
“wrapTitle”: true,
“cardType”: “TextCard”,
“domainType”: “Echo.SDK”
I have read in some posts some rule about simple password (no special chars) to be used and my password complies.

Furthermore : I cannot have Hass served on port 443 internally (host port) and extenally (public ip port). I have read somewhere in the forum that this could be a requirement of aws

WTF is wrong… banging my head on it since 2 weeks

In the debug log you posted, does it contain any personal information you may not wish to share with the general public? Perhaps things like account information and access tokens?

1 Like

thanks. edited. and reissued

Is there a simple solution available to have both, https access from outside and http access from inside (home network)???

Same question was recently answered here (“use a reverse proxy”):

It is pretty easy to setup with the DuckDNS and NGINX Home Assistant SSL proxy add-ons.

Could you give some hints?


Install de official DuckDNS add-on and configure it as described in the documentation.

This is how my DuckDNS config looks:

  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: your-super-secret-token
aliases: []
seconds: 300

Then install the official NGINX Home Assistant SSL proxy add-on and configure it as described in the documentation.

This is how my NGINX proxy config looks:

certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf

Then you need to configure some port forwarding in your router. Forward incoming traffic on port 443 to the IP of the machine running your Home Assistant installation.

And that’s it. Now your Home Assistant is locally reachable via http://homeassistant:8123 or http://homeassistant.local:8123 and from the outside world on

Good luck!


Thx for the tips and insights into your setup.
I managed to setup duckdns but nginx seems to be a tad more tricky.
I run in dockers for the synology community.

I will give it another try. :slight_smile:
Best regards

Thanks for providing the information. I tried this and have Nginx working perfectly, I can access from outside to i can access locally via https://10.10.10.xx:8123 (note still HTTPS). Even though it is not signed it is still HTTPS. When I try to type explicitly HTTP (e.g. http://10.10.10.xx:8123) it doesn’t work. I played with redirect, proxy in NGINX but still no go.
some of the local device only fully integrates with home assistant via HTTP , any idea what else could I be missing. thanks in advance to anyone who will reply.

Hi thanks to this forum, i managed to solve my problem. I can access locally via HTTP and remotely via via Nginx proxy. My dumb devices now work and can integrate well with my Home Assistant via HTTP, the fact that the motion detection is working on reolink is a validation that the camera talks to home assistant via HTTP.

I went to configuration.yaml and disabled HTTP in the config by adding # in front.
I then proxyhost in NGiNX
scheme: HTTP
forward hostname: 10.10.10.x (my home assistant IP)
forward port: 8123

with this setup i can access locally via http://10.10.10.x:8123
remotely via
my dumb devices like ptz camera, some sensors now can reach homeassistant via HTTP. thanks to this forum.

I solved this problem, removed HTTP from the config and in NGINX i am pointing to my http://192.168.x.x (as opposed to https link) and it works. all my local dumb devices reach home assistant via http://192.168.x.x all the public services reach home assistant via

I have this same problem. Can you show me your configuration for nginx? Where i should paste source, scheme etc.