I am using WallPanel all around the house and it is not working with SSL. I am also configuring the Alexa skill, which must have SSL. So I am trying to find a way to serve both HTTP and HTTPS.
Is there any way I can do this?
Thank you!
I am using WallPanel all around the house and it is not working with SSL. I am also configuring the Alexa skill, which must have SSL. So I am trying to find a way to serve both HTTP and HTTPS.
Is there any way I can do this?
Thank you!
Nginx in front of HA.
HA can remain http but https calls will go to nginx and forward to HA http(this is still secure connection for Alexa purpose)
Thank you! I will research Nginx config, I am not too familiar with it, but should not be too hard.
Is Nginx more preferred for some reason than Apache or does not matter at all? I can see there are solutions for both webserver and I know Apache much more then Nginx. Thank you!
Both nginx and Apache can provide reverse proxy for this case.
I think it is mostly preference or based on existing infrastructure.
Thank you for your input on this!
Hi
I managed to setup the same:
HA served on http port 8123 internally and on https port 443 externally with letsencrypt certificates.
I then followe both the DOCS guide and some walkthrough on the web to implement a custom skill in aws alexa.
Somehow this does not work.
I do not even get the call made from AWS -> Homeassistant (no trace in the nginx logs).
Only once that happened and I received a “the skill gave an incorrect answer” (or something along those lines).
Port in the router are redirected as per instructions 443:->8123
Alexa cloud is correctly setup and the homeassistant skill works.
Did you managed to set up a custom skill?
I suddenly have one doubt: do I have to add this (developer) skill with the alexa app? even if I am logged in the console under the same account as with my Alexa echo?
an update:
I can see request being issued inthe alexa debug log on alexa dev site.
I tied to issue in the browser the endpoint command
https://mysite.it/api/alexa?api_password=MyPassword
And I see that indeed the enpoint returns a 404 error.
{
“header”: {
“namespace”: “SkillDebugger”,
“name”: “CaptureError”,
“messageId”: “f0ea89ce-2d18-4940-996f-8270d4ae9fdf”
},
“payload”: {
“skillId”: “amzn1.ask.skill.31d2ff24-5617-448b-8cdc-1c666520a0b2”,
“timestamp”: “2019-01-02T22:58:04.927Z”,
“dialogRequestId”: “ff35cc77-345a-4cb7-bad0-9432720dd03f”,
“skillRequestId”: “amzn1.echo-api.request.6a0141f8-c081-40a6-b504-4d44337da554”,
“code”: “SKILL_ENDPOINT_ERROR”,
“description”: “An error occurred while issuing a SpeechletRequest for (requestId [amzn1.echo-api.request.6a0141f8-c081-40a6-b504-4d44337da554]”,
“debuggingInfo”: {
“type”: “SkillExecutionInfo”,
“content”: {
“invocationRequest”: {
“endpoint”: “https://mysite/api/alexa?api_password=mypass”,
“body”: {
“version”: “1.0”,
“session”: {
“new”: true,
“sessionId”: “amzn1.echo-api.session.fcae62cb-121a-492d-aa7c-9a9e0c1d5aaf”,
“application”: {
“applicationId”: “amzn1.ask.skill.31d2ff24-5617-448b-8cdc-1c666520a0b2”
},
“user”: {
“userId”: “amzn1.ask.account.xxxx”
}
},
“context”: {
“System”: {
“application”: {
“applicationId”: “amzn1.ask.skill.31d2ff24-5617-448b-8cdc-1c666520a0b2”
},
“user”: {
“userId”: “amzn1.ask.account.ffd”
},
“device”: {
“deviceId”: “amzn1.ask.device.fdvd”,
“supportedInterfaces”: {}
},
“apiEndpoint”: “https://api.eu.amazonalexa.com”,
“apiAccessToken”: atoken"
},
“Viewport”: {
“experiences”: [
{
“arcMinuteWidth”: 246,
“arcMinuteHeight”: 144,
“canRotate”: false,
“canResize”: false
}
],
“shape”: “RECTANGLE”,
“pixelWidth”: 1024,
“pixelHeight”: 600,
“dpi”: 160,
“currentPixelWidth”: 1024,
“currentPixelHeight”: 600,
“touch”: [
“SINGLE”
]
}
},
“request”: {
“type”: “IntentRequest”,
“requestId”: “amzn1.echo-api.request.6a0141f8-c081-40a6-b504-4d44337da554”,
“timestamp”: “2019-01-02T22:58:04Z”,
“locale”: “it-IT”,
“intent”: {
“name”: “RunScriptIntent”,
“confirmationStatus”: “NONE”,
“slots”: {
“scripts”: {
“name”: “scripts”,
“value”: “notifica”,
“resolutions”: {
“resolutionsPerAuthority”: [
{
“authority”: “amzn1.er-authority.echo-sdk.amzn1.ask.skill.31d2ff24-5617-448b-8cdc-1c666520a0b2.scripts”,
“status”: {
“code”: “ER_SUCCESS_MATCH”
},
“values”: [
{
“value”: {
“name”: “notifica”,
“id”: “fe49ea3c5e2ae28e01779cd19718d8fa”
}
}
]
}
]
},
“confirmationStatus”: “NONE”,
“source”: “USER”
}
}
}
}
}
},
“invocationResponse”: null,
“metrics”: {
“skillExecutionTimeInMilliseconds”: 254
}
}
}
}
}
{
“header”: {
“namespace”: “CardRenderer”,
“name”: “RenderCard”,
“messageId”: “9988fdce-947a-433e-870a-17054fd5d038”,
“dialogRequestId”: “ff35cc77-345a-4cb7-bad0-9432720dd03f”
},
“payload”: {
“cardMetricAttributes”: null,
“creationTimestamp”: 1546469883888,
“deleteCardAction”: {
“actionType”: “DeleteCardAction”,
“cardId”: “86de554d-8871-4ac8-8c69-c65159d9d575”,
“mainText”: “Rimuovi scheda”,
“subText”: “Maggiori informazioni”,
“subTextRoute”: “help/node/201602230”
},
“descriptiveText”: [
“Request Identifier: amzn1.echo-api.request.6a0141f8-c081-40a6-b504-4d44337da554”,
“”,
"The skill responded with 404 HTTP status code "
],
“giveFeedbackAction”: null,
“hint”: null,
“id”: “86de554d-8871-4ac8-8c69-c65159d9d575”,
“nBestOptions”: null,
“originIntentType”: “RunScriptIntent”,
“playbackAudioAction”: null,
“primaryActions”: null,
“prompt”: null,
“registeredCustomerId”: “A3JN50KDCGZ2OX”,
“secondaryActions”: null,
“sourceDevice”: {
“serialNumber”: “d6fe1570ac53423984ef04838c397463”,
“type”: “A2HPYE8VLW820A”
},
“subtitle”: “Osvaldo”,
“textCardType”: “SELECTABLE”,
“thumbsUpDownActivityAction”: null,
“title”: “Skill response was marked as failure”,
“token”: “”,
“wrapTitle”: true,
“cardType”: “TextCard”,
“domainType”: “Echo.SDK”
}
}
I have read in some posts some rule about simple password (no special chars) to be used and my password complies.
Furthermore : I cannot have Hass served on port 443 internally (host port) and extenally (public ip port). I have read somewhere in the forum that this could be a requirement of aws
WTF is wrong… banging my head on it since 2 weeks
In the debug log you posted, does it contain any personal information you may not wish to share with the general public? Perhaps things like account information and access tokens?
thanks. edited. and reissued
Is there a simple solution available to have both, https access from outside and http access from inside (home network)???
Same question was recently answered here (“use a reverse proxy”):
It is pretty easy to setup with the DuckDNS and NGINX Home Assistant SSL proxy add-ons.
Could you give some hints?
Thx
Sure!
Install de official DuckDNS add-on and configure it as described in the documentation.
This is how my DuckDNS config looks:
lets_encrypt:
accept_terms: true
certfile: fullchain.pem
keyfile: privkey.pem
token: your-super-secret-token
domains:
- your-domain.duckdns.org
aliases: []
seconds: 300
Then install the official NGINX Home Assistant SSL proxy add-on and configure it as described in the documentation.
This is how my NGINX proxy config looks:
domain: your-domain.duckdns.org
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
customize:
active: false
default: nginx_proxy_default*.conf
servers: nginx_proxy/*.conf
Then you need to configure some port forwarding in your router. Forward incoming traffic on port 443 to the IP of the machine running your Home Assistant installation.
And that’s it. Now your Home Assistant is locally reachable via http://homeassistant:8123 or http://homeassistant.local:8123 and from the outside world on https://your-domain.duckdns.org
Good luck!
Thx for the tips and insights into your setup.
I managed to setup duckdns but nginx seems to be a tad more tricky.
I run hass.io in dockers for the synology community.
I will give it another try.
Best regards
Flemming
Thanks for providing the information. I tried this and have Nginx working perfectly, I can access from outside to https://xxxx.duckdns.org i can access locally via https://10.10.10.xx:8123 (note still HTTPS). Even though it is not signed it is still HTTPS. When I try to type explicitly HTTP (e.g. http://10.10.10.xx:8123) it doesn’t work. I played with redirect, proxy in NGINX but still no go.
some of the local device only fully integrates with home assistant via HTTP , any idea what else could I be missing. thanks in advance to anyone who will reply.
Hi thanks to this forum, i managed to solve my problem. I can access locally via HTTP and remotely via https://xxx.duckdns.org via Nginx proxy. My dumb devices now work and can integrate well with my Home Assistant via HTTP, the fact that the motion detection is working on reolink is a validation that the camera talks to home assistant via HTTP.
I went to configuration.yaml and disabled HTTP in the config by adding # in front.
I then proxyhost in NGiNX
source: https://xxxx.duckdns.org
scheme: HTTP
forward hostname: 10.10.10.x (my home assistant IP)
forward port: 8123
with this setup i can access locally via http://10.10.10.x:8123
remotely via https://xxx.duckdns.org
my dumb devices like ptz camera, some sensors now can reach homeassistant via HTTP. thanks to this forum.
I solved this problem, removed HTTP from the config and in NGINX i am pointing to my http://192.168.x.x (as opposed to https link) and it works. all my local dumb devices reach home assistant via http://192.168.x.x all the public services reach home assistant via http://mydomain.org.
I have this same problem. Can you show me your configuration for nginx? Where i should paste source, scheme etc.