Is there any way to serve both HTTP and HTTPS?

tiszavolgyi · July 30, 2017, 4:07pm

I am using WallPanel all around the house and it is not working with SSL. I am also configuring the Alexa skill, which must have SSL. So I am trying to find a way to serve both HTTP and HTTPS.

Is there any way I can do this?

Thank you!

tmjpugh · July 30, 2017, 11:20pm

Nginx in front of HA.
HA can remain http but https calls will go to nginx and forward to HA http(this is still secure connection for Alexa purpose)

tiszavolgyi · July 31, 2017, 3:04pm

Thank you! I will research Nginx config, I am not too familiar with it, but should not be too hard.

tiszavolgyi · July 31, 2017, 3:12pm

Is Nginx more preferred for some reason than Apache or does not matter at all? I can see there are solutions for both webserver and I know Apache much more then Nginx. Thank you!

tmjpugh · July 31, 2017, 3:36pm

Both nginx and Apache can provide reverse proxy for this case.

I think it is mostly preference or based on existing infrastructure.

tiszavolgyi · July 31, 2017, 3:53pm

Thank you for your input on this!

dvbit · January 2, 2019, 6:01pm

Hi
I managed to setup the same:
HA served on http port 8123 internally and on https port 443 externally with letsencrypt certificates.
I then followe both the DOCS guide and some walkthrough on the web to implement a custom skill in aws alexa.
Somehow this does not work.
I do not even get the call made from AWS -> Homeassistant (no trace in the nginx logs).
Only once that happened and I received a “the skill gave an incorrect answer” (or something along those lines).
Port in the router are redirected as per instructions 443:->8123
Alexa cloud is correctly setup and the homeassistant skill works.
Did you managed to set up a custom skill?

I suddenly have one doubt: do I have to add this (developer) skill with the alexa app? even if I am logged in the console under the same account as with my Alexa echo?

dvbit · January 2, 2019, 11:08pm

an update:
I can see request being issued inthe alexa debug log on alexa dev site.

I tied to issue in the browser the endpoint command

https://mysite.it/api/alexa?api_password=MyPassword

And I see that indeed the enpoint returns a 404 error.

{
“header”: {
“namespace”: “SkillDebugger”,
“name”: “CaptureError”,
“messageId”: “f0ea89ce-2d18-4940-996f-8270d4ae9fdf”
},
“payload”: {
“skillId”: “amzn1.ask.skill.31d2ff24-5617-448b-8cdc-1c666520a0b2”,
“timestamp”: “2019-01-02T22:58:04.927Z”,
“dialogRequestId”: “ff35cc77-345a-4cb7-bad0-9432720dd03f”,
“skillRequestId”: “amzn1.echo-api.request.6a0141f8-c081-40a6-b504-4d44337da554”,
“code”: “SKILL_ENDPOINT_ERROR”,
“description”: “An error occurred while issuing a SpeechletRequest for (requestId [amzn1.echo-api.request.6a0141f8-c081-40a6-b504-4d44337da554]”,
“debuggingInfo”: {
“type”: “SkillExecutionInfo”,
“content”: {
“invocationRequest”: {
“endpoint”: “https://mysite/api/alexa?api_password=mypass”,
“body”: {
“version”: “1.0”,
“session”: {
“new”: true,
“sessionId”: “amzn1.echo-api.session.fcae62cb-121a-492d-aa7c-9a9e0c1d5aaf”,
“application”: {
“applicationId”: “amzn1.ask.skill.31d2ff24-5617-448b-8cdc-1c666520a0b2”
},
“user”: {
“userId”: “amzn1.ask.account.xxxx”
}
},
“context”: {
“System”: {
“application”: {
“applicationId”: “amzn1.ask.skill.31d2ff24-5617-448b-8cdc-1c666520a0b2”
},
“user”: {
“userId”: “amzn1.ask.account.ffd”
},
“device”: {
“deviceId”: “amzn1.ask.device.fdvd”,
“supportedInterfaces”: {}
},
“apiEndpoint”: “https://api.eu.amazonalexa.com”,
“apiAccessToken”: atoken"
},
“Viewport”: {
“experiences”: [
{
“arcMinuteWidth”: 246,
“arcMinuteHeight”: 144,
“canRotate”: false,
“canResize”: false
}
],
“shape”: “RECTANGLE”,
“pixelWidth”: 1024,
“pixelHeight”: 600,
“dpi”: 160,
“currentPixelWidth”: 1024,
“currentPixelHeight”: 600,
“touch”: [
“SINGLE”
]
}
},
“request”: {
“type”: “IntentRequest”,
“requestId”: “amzn1.echo-api.request.6a0141f8-c081-40a6-b504-4d44337da554”,
“timestamp”: “2019-01-02T22:58:04Z”,
“locale”: “it-IT”,
“intent”: {
“name”: “RunScriptIntent”,
“confirmationStatus”: “NONE”,
“slots”: {
“scripts”: {
“name”: “scripts”,
“value”: “notifica”,
“resolutions”: {
“resolutionsPerAuthority”: [
{
“authority”: “amzn1.er-authority.echo-sdk.amzn1.ask.skill.31d2ff24-5617-448b-8cdc-1c666520a0b2.scripts”,
“status”: {
“code”: “ER_SUCCESS_MATCH”
},
“values”: [
{
“value”: {
“name”: “notifica”,
“id”: “fe49ea3c5e2ae28e01779cd19718d8fa”
}
}
]
}
]
},
“confirmationStatus”: “NONE”,
“source”: “USER”
}
}
}
}
}
},
“invocationResponse”: null,
“metrics”: {
“skillExecutionTimeInMilliseconds”: 254
}
}
}
}
}

{
“header”: {
“namespace”: “CardRenderer”,
“name”: “RenderCard”,
“messageId”: “9988fdce-947a-433e-870a-17054fd5d038”,
“dialogRequestId”: “ff35cc77-345a-4cb7-bad0-9432720dd03f”
},
“payload”: {
“cardMetricAttributes”: null,
“creationTimestamp”: 1546469883888,
“deleteCardAction”: {
“actionType”: “DeleteCardAction”,
“cardId”: “86de554d-8871-4ac8-8c69-c65159d9d575”,
“mainText”: “Rimuovi scheda”,
“subText”: “Maggiori informazioni”,
“subTextRoute”: “help/node/201602230”
},
“descriptiveText”: [
“Request Identifier: amzn1.echo-api.request.6a0141f8-c081-40a6-b504-4d44337da554”,
“”,
"The skill responded with 404 HTTP status code "
],
“giveFeedbackAction”: null,
“hint”: null,
“id”: “86de554d-8871-4ac8-8c69-c65159d9d575”,
“nBestOptions”: null,
“originIntentType”: “RunScriptIntent”,
“playbackAudioAction”: null,
“primaryActions”: null,
“prompt”: null,
“registeredCustomerId”: “A3JN50KDCGZ2OX”,
“secondaryActions”: null,
“sourceDevice”: {
“serialNumber”: “d6fe1570ac53423984ef04838c397463”,
“type”: “A2HPYE8VLW820A”
},
“subtitle”: “Osvaldo”,
“textCardType”: “SELECTABLE”,
“thumbsUpDownActivityAction”: null,
“title”: “Skill response was marked as failure”,
“token”: “”,
“wrapTitle”: true,
“cardType”: “TextCard”,
“domainType”: “Echo.SDK”
}
}
I have read in some posts some rule about simple password (no special chars) to be used and my password complies.

Furthermore : I cannot have Hass served on port 443 internally (host port) and extenally (public ip port). I have read somewhere in the forum that this could be a requirement of aws

WTF is wrong… banging my head on it since 2 weeks

123 · January 2, 2019, 11:16pm

In the debug log you posted, does it contain any personal information you may not wish to share with the general public? Perhaps things like account information and access tokens?

dvbit · January 3, 2019, 8:27am

thanks. edited. and reissued

mario84 · October 25, 2020, 2:48pm

Is there a simple solution available to have both, https access from outside and http access from inside (home network)???

123 · October 25, 2020, 2:54pm

Same question was recently answered here (“use a reverse proxy”):

MGHollander · March 13, 2021, 2:34pm

It is pretty easy to setup with the DuckDNS and NGINX Home Assistant SSL proxy add-ons.

Leon2008 · March 15, 2021, 10:41am

Could you give some hints?
Thx

MGHollander · March 27, 2021, 11:05am

Sure!

Install de official DuckDNS add-on and configure it as described in the documentation.

This is how my DuckDNS config looks:

lets_encrypt:
  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: your-super-secret-token
domains:
  - your-domain.duckdns.org
aliases: []
seconds: 300

Then install the official NGINX Home Assistant SSL proxy add-on and configure it as described in the documentation.

This is how my NGINX proxy config looks:

domain: your-domain.duckdns.org
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
customize:
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf

Then you need to configure some port forwarding in your router. Forward incoming traffic on port 443 to the IP of the machine running your Home Assistant installation.

And that’s it. Now your Home Assistant is locally reachable via http://homeassistant:8123 or http://homeassistant.local:8123 and from the outside world on https://your-domain.duckdns.org

Good luck!

Leon2008 · March 27, 2021, 10:27pm

Thx for the tips and insights into your setup.
I managed to setup duckdns but nginx seems to be a tad more tricky.
I run hass.io in dockers for the synology community.

I will give it another try.
Best regards
Flemming

cabmeeting1 · April 1, 2021, 8:52am

Thanks for providing the information. I tried this and have Nginx working perfectly, I can access from outside to https://xxxx.duckdns.org i can access locally via https://10.10.10.xx:8123 (note still HTTPS). Even though it is not signed it is still HTTPS. When I try to type explicitly HTTP (e.g. http://10.10.10.xx:8123) it doesn’t work. I played with redirect, proxy in NGINX but still no go.
some of the local device only fully integrates with home assistant via HTTP , any idea what else could I be missing. thanks in advance to anyone who will reply.

cabmeeting1 · April 1, 2021, 9:35am

Hi thanks to this forum, i managed to solve my problem. I can access locally via HTTP and remotely via https://xxx.duckdns.org via Nginx proxy. My dumb devices now work and can integrate well with my Home Assistant via HTTP, the fact that the motion detection is working on reolink is a validation that the camera talks to home assistant via HTTP.

I went to configuration.yaml and disabled HTTP in the config by adding # in front.
I then proxyhost in NGiNX
source: https://xxxx.duckdns.org
scheme: HTTP
forward hostname: 10.10.10.x (my home assistant IP)
forward port: 8123

with this setup i can access locally via http://10.10.10.x:8123
remotely via https://xxx.duckdns.org
my dumb devices like ptz camera, some sensors now can reach homeassistant via HTTP. thanks to this forum.

cabmeeting1 · April 25, 2021, 11:14pm

I solved this problem, removed HTTP from the config and in NGINX i am pointing to my http://192.168.x.x (as opposed to https link) and it works. all my local dumb devices reach home assistant via http://192.168.x.x all the public services reach home assistant via http://mydomain.org.

Art · August 23, 2021, 7:12pm

I have this same problem. Can you show me your configuration for nginx? Where i should paste source, scheme etc.