Issues with internal vs external URL (DuckDNS)

mziminski · July 2, 2020, 12:36am

Here’s my issue: I recently setup DuckDNS and now things are out of wack.

For starters, I can’t access my internal URL (http://homeassistant.local:8123) anymore. Chrome returns with " homeassistant.local didn’t send any data. ERR_EMPTY_RESPONSE"

And when I use https://homeassistant.local:8123 I get a security warning, it’s looking for my duckdns cert and because the addresses don’t match, it’s throwing up that error. As a result of all of this, in the iOS App, I can’t use the internal/external URL in settings because when I use the HTTPS in the internal url, I get “Error The certificate for this server is invalid. You might be connecting to a server pretending to be “homeassistant.local” which could put your confidential information at risk.”

I was told that even when using DuckDNS, you shouldn’t have to use https to connect internally.

Weirdly enough, when I take out the http: block in my configuration.yaml file, the problem goes away, but I can’t connect via the external URL (for obvious reasons).

Any suggestions here?

All will be greatly appreciated

zoogara · July 2, 2020, 1:33am

Nope, once you turn on https you need to use https to connect locally.

I have to connect via IP address and use Chrome as Safari just plain refuses to connect to a site that doesn’t match its certificate.

You can use dnsmasq and make everything happy, I have done that with my tablets but didn’t want my PC pointing to a local DNS server.

Mutt · July 2, 2020, 10:13am

Not True !

Take a look at : -

According to frenck you ONLY need to specify internal / external url’s if you have a specific integration that requires it

zoogara · July 2, 2020, 11:54am

Right - if you use nginx and do a bit of fiddling.

But if you install Duck DNS add-on as per the instructions, and do nothing else, then is there any method to access HA inside your network with http?

Mutt · July 2, 2020, 12:09pm

I don’t get your point.
By installing DuckDNS you’ve done a ‘bit of fiddling’ anyway
AND
Should your internet connection go down you will not be able to get the address of your HA instance (from the DuckDNS site (on the internet)) So you won’t be able to access HA at all.

If that’s the way you like to run that’s fine. But for me, I rather access local by default when I’m local

[To clarify for others; accessing locally via https has to employ loopback (hairpin NAT) on your modem, it does not actually go out onto the internet, but it does need the actual address (which does go out)]

petro · July 2, 2020, 12:23pm

Not all routers support nat loopback. This would force you to use a proxy. That’s his point.

Mutt · July 2, 2020, 12:41pm

But My point is (from the thread about DuckDNS that I linked) that it assumes (and states such in that) ‘your’ modem “does” (or has to) support hairpin NAT.
The OP did not specify he had such a problem AND actually say that his https is the only means he has to access HA
He (the OP) merely asks if there is another way and I pointed him to a possible solution

petro · July 2, 2020, 12:44pm

If https://…duckdns.org doesn’t work locally, then the router doesn’t support it

Mutt · July 2, 2020, 12:47pm

So you are agreeing with me ?

mziminski · July 2, 2020, 2:17pm

Thanks everyone for replying. I honestly didn’t think I’d get this many replies in about 12 hours. I also posted on Reddit before I posed here. Turns out, someone recommended NGINX. I downloaded and installed the add-on, entered my duckdns url, and hit start. It was so easy to set up. Now everything is working the way it should.

I can access locally over http, and externally over https with my duckdns. It also solves the issue in my iOS app. It shows the internal connection when I’m connected to my wifi and external when I switch over to LTE.

Am I missing anything here? Will there be any complications down the line?

petro · July 2, 2020, 3:27pm

nope, its how I’ve been running for ~4 years

GrahamS · July 3, 2020, 1:37am

This is a copy of my setup:

In configuration.yaml

homeassistant:
   external_url: “https//YOUR.duckdns.org”  
   internal_url: “https//YOUR.duckdns.org”

In Dnsmasq Add-on

{
  "defaults": [
    "8.8.8.8",
    "8.8.4.4"
  ],
  "forwards": [],
  "hosts": [
    {
      "host": "YOUR.duckdns.org",
      "ip": "Your Raspberry IP address"
    }
  ]
}

In NGINX Add-on:

{
  "domain": "YOUR.duckdns.org",
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "hsts": "max-age=31536000; includeSubDomains",
  "cloudflare": false,
  "customize": {
    "active": false,
    "default": "nginx_proxy_default*.conf",
    "servers": "nginx_proxy/*.conf"
  }
}

On your Router:
Forward port WAN:443 to LAN:443
Forward port WAN:443 to LAN:80 for setup only.

Finally, modify your DNS setting on iPhone and Windows PC to add “Your Raspberry IP address” to the top of DNS server list.

On iPhone:
WiFi settings circled “I” -> Configure DNS -> Manual -> Add “Your Raspberry IP address” to top of list.

On Windows 10 PC:
Settings -> Network and Internet - > Status -> Change connection properties ->
IP Settings -> Edit -> Edit IP Settings = Manual, Preferred DNS = “Your Raspberry IP address”,
Alternate DNS = 8.8.8.8, IPv6 = OFF

Now use URL YOUR.duckdns.org to access from anywhere. I believe the above is the full recipe.

ronniebee · October 6, 2020, 6:27pm

^Text

Hi Michael, I installed NGINX but can not acces Hassio internally. How do you acces your Hassio?
ip adres:8123?

KCYeoh · December 7, 2020, 1:13am

Have you able to figure this out? I’m planning to use the NGINX too.

mziminski · December 7, 2020, 2:15am

I usually access it via homeassistant.local:8123. I think homeassistant.local was the host name it was assigned when I first installed it on my RPi3B+ I can also access it via it’s IP address. Don’t forget to port forward 8123 and 443 in your router.

mziminski · December 7, 2020, 2:16am

I was able to figure this out a while ago. I apologize for never updating the this post. Do goi have any questions KCYeoh?

KCYeoh · December 7, 2020, 6:34am

Yes. I have few questions and hoping that you can help me out. I’m currently using DuckDNS for remote access with port forward 8123 internal to 8123 external and I access my HA remotely by using https://myduckdns.domain.org:8123. I need to use NGINX for HA local access.

Here are my questions

Which NGINX addon are you using? NGINX home assistant SSL proxy or NGINX proxy manager?
Do I have to modify my HA configuration.yaml? Here is my current setup:

http:
   base_url: myduckdns.domain.org:8123
   ssl_certificate: /ssl/fullchain.pem
   ssl_key: /ssl/privkey.pem

After installed the NGINX addon, I need to put my DuckDNS domain in the addon configuration, right?
In router, what other ports should I port forward? Should they be TCP or UDP? Currently I have 8123 to 8123 port forwarded.

Thanks in advance.

georgelza · December 24, 2020, 6:16am

how did you fix this, sitting with exact same problem

G

Neuvidor · December 28, 2020, 11:03pm

@mziminski,
I’m facing to the same issue as you. I want to be sure that I can get access through the local IP adress of HA http://192.168.1.xxx:8123 in case of Internet issue.

Could you please share your expecrience here ?

KCYeoh · December 29, 2020, 2:07am

@georgelza, @Neuvidor, please check my post here.

I managed to solve it by installing the Nginx proxy.