But My point is (from the thread about DuckDNS that I linked) that it assumes (and states such in that) ‘your’ modem “does” (or has to) support hairpin NAT.
The OP did not specify he had such a problem AND actually say that his https is the only means he has to access HA
He (the OP) merely asks if there is another way and I pointed him to a possible solution
If https://…duckdns.org doesn’t work locally, then the router doesn’t support it
So you are agreeing with me ?
Thanks everyone for replying. I honestly didn’t think I’d get this many replies in about 12 hours. I also posted on Reddit before I posed here. Turns out, someone recommended NGINX. I downloaded and installed the add-on, entered my duckdns url, and hit start. It was so easy to set up. Now everything is working the way it should.
I can access locally over http, and externally over https with my duckdns. It also solves the issue in my iOS app. It shows the internal connection when I’m connected to my wifi and external when I switch over to LTE.
Am I missing anything here? Will there be any complications down the line?
nope, its how I’ve been running for ~4 years
This is a copy of my setup:
In configuration.yaml
homeassistant:
external_url: “https//YOUR.duckdns.org”
internal_url: “https//YOUR.duckdns.org”
In Dnsmasq Add-on
{
"defaults": [
"8.8.8.8",
"8.8.4.4"
],
"forwards": [],
"hosts": [
{
"host": "YOUR.duckdns.org",
"ip": "Your Raspberry IP address"
}
]
}
In NGINX Add-on:
{
"domain": "YOUR.duckdns.org",
"certfile": "fullchain.pem",
"keyfile": "privkey.pem",
"hsts": "max-age=31536000; includeSubDomains",
"cloudflare": false,
"customize": {
"active": false,
"default": "nginx_proxy_default*.conf",
"servers": "nginx_proxy/*.conf"
}
}
On your Router:
Forward port WAN:443 to LAN:443
Forward port WAN:443 to LAN:80 for setup only.
Finally, modify your DNS setting on iPhone and Windows PC to add “Your Raspberry IP address” to the top of DNS server list.
On iPhone:
WiFi settings circled “I” -> Configure DNS -> Manual -> Add “Your Raspberry IP address” to top of list.
On Windows 10 PC:
Settings -> Network and Internet - > Status -> Change connection properties ->
IP Settings -> Edit -> Edit IP Settings = Manual, Preferred DNS = “Your Raspberry IP address”,
Alternate DNS = 8.8.8.8, IPv6 = OFF
Now use URL YOUR.duckdns.org to access from anywhere. I believe the above is the full recipe.
Text
Hi Michael, I installed NGINX but can not acces Hassio internally. How do you acces your Hassio?
ip adres:8123?
Have you able to figure this out? I’m planning to use the NGINX too.
I usually access it via homeassistant.local:8123. I think homeassistant.local was the host name it was assigned when I first installed it on my RPi3B+ I can also access it via it’s IP address. Don’t forget to port forward 8123 and 443 in your router.
I was able to figure this out a while ago. I apologize for never updating the this post. Do goi have any questions KCYeoh?
Yes. I have few questions and hoping that you can help me out. I’m currently using DuckDNS for remote access with port forward 8123 internal to 8123 external and I access my HA remotely by using https://myduckdns.domain.org:8123. I need to use NGINX for HA local access.
Here are my questions
- Which NGINX addon are you using? NGINX home assistant SSL proxy or NGINX proxy manager?
- Do I have to modify my HA configuration.yaml? Here is my current setup:
http:
base_url: myduckdns.domain.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
- After installed the NGINX addon, I need to put my DuckDNS domain in the addon configuration, right?
- In router, what other ports should I port forward? Should they be TCP or UDP? Currently I have 8123 to 8123 port forwarded.
Thanks in advance.
how did you fix this, sitting with exact same problem
G
@mziminski,
I’m facing to the same issue as you. I want to be sure that I can get access through the local IP adress of HA http://192.168.1.xxx:8123 in case of Internet issue.
Could you please share your expecrience here ?
@georgelza, @Neuvidor, please check my post here.
I managed to solve it by installing the Nginx proxy.
can confirm, mine also working now.
also used nGinX, but also played with ports on switch, external I come in via 8124: mapped to 443 on the container that then goes to 8123 on host.
this then locally left 8123 open which then allows me normal http:// onto 8123 via internal address.
G
how about to us https with duckdns inside the mobile app is that working as well. I mean internal with local ip and external with duckdns.
For anyone who stumbles upon this old thread (as I did this morning) the process is now extremely easy and is in the documentation for the Add-On.
I struggled as did others at the time and the addition required in the add on documentation was the fix for me.
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
I initially misread this and thought I’d need to put my own trusted local subnets in but this I imagine is the internal hassio addressing, notthing to do with your own home subnet(s).
Sorry if this has been answered somewhere else but I thought it may help some confused by the steps earlier in this thread.
Just tried this, but unfortunately this does not work. Access via external URL (I use duckdns) does work, but when connecting via my internal WLAN I still get this certificate error.
So I think I have to try it with nginx.
Go for that… No regrets from my side.
Yes the documentation I pasted above is for the NGINX addon. As well as removing the http url and certificate entries, you add the above to configuration.yaml
Once complete, you no longer port forward 443 to 8123 it’s pure 443 external and 8123 internally on http. My reason for implementing this was due to a recent loss of Internet meaning no access to HA internally. Now internal only devices interact with 8123 and mobile apps etc will automatically choose the correct URL based on whether the device is connected to known SSID or not.