Local access when internet is down but https is enabled?

Hello people,

My HA yellow is working beautifully but recently I had an internet outage and couldn’t reach the HA from within my local network. I am using a DuckDNS host name for both internal and external access with SSL proxy from NGINX.

Is there a to make sure that the local router (Fritzbox 7590) always point to my HA from within the LAN even when the internet is out?

Thanks!

You can still use https://192.168.0.42:8123/ (or whatever the LAN IP is) - you’ll just have to click through the SSL warnings.

The other, IMO better, option is to have a local reverse proxy server to handle SSL, and then you can always go direct to your HA host.

Thank you! I tried the https://lanip:8123/ and that works. Your other suggestion: I have NGINX configured as an add-on. Isn’t this the local reverse proxy server you speak of?

Here is the config:
domain: my_ha_server.duckdns.org
hsts: max-age=31536000; includeSubDomains
certfile: fullchain.pem
keyfile: privkey.pem
cloudflare: false
customize:
active: false
default: nginx_proxy_default*.conf
servers: nginx_proxy/*.conf

Is this correct? Am I missing something?

Yes, but only if you’re actually using it… which it sounds like you’re not :wink:

Hi - sorry for the delay, I was out of town. I don’t understand your last commend. If it’s configured and turned on, am I not using it? What else would I have to do to “use” it?

No, because if you were:

  1. You wouldn’t be doing SSL in HA
  2. Your port forward would be to the proxy, which would handle SSL

Okay, I’m not really sure what exactly you are saying. I’ve come to the community for assistance. Clearly I’m not understanding how this works.

Is this because the “active:” keyword is set to false? Is this the problem?

No.

That says that you’ve got the following in configuration.yaml:

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

ie you’re doing SSL in HA itself.

Next, you have to actually have NGINX “in the loop”:

Router 443 → NGINX (with SSL) 443 → HA 8123

Currently I expect that you’ve got your port forwarded on the router directly to port 8123 on HA.

1 Like

Hi, you can check this video for the NGINX:

You can watch until the 5:25 as the other steps are optional.

Hope this helps
KR

1 Like

Thanks to @Tinkerer and @michaelkrtikos! I know have NGINX running correctly and my system is working!!!

2 Likes