Network: External Access Disabled

Mylez · May 16, 2022, 7:25am

I have the same issue here, I installed today and tried to setup SSL via pfsense and its refusing anything except homeassistant.local:8123

KinkyApe · May 16, 2022, 1:38pm

can confirm that with latest version AND reboot of host machine remote access works again

Mylez · May 16, 2022, 8:06pm

Still have the issue, I reinstalled twice on proxmox and once on a nuc I had laying around still disabled and still cant get it to accept a connection from anything other than homeassistant.local:8123. I tried both proxy managers and they both refuse to work. I tried both 8.0 and 7.6 nothing works…

MP_Essex · May 17, 2022, 8:05am

After two weeks of trying to find a reason why things were no longer working, i changed my setup to get this to work

in configuration.yaml …

homeassistant:
  external_url: "https://xxxxx.duckdns.org" # note no port number
  internal_url: "http://192.168.0.2:8123" # internal ip address of my HA with port number

http:
   # ssl_certificate: /ssl/fullchain.pem
   # ssl_key: /ssl/privkey.pem
  use_x_forwarded_for: true
  trusted_proxies: # not sure i need this bit, but this is the network on which my nginx proxy sits
    - 10.10.0.0/16

my home router sends my traffic to a separate nginx proxy manager that i have running at home.

The nginx proxy manager in turn has a letsencrypt cert, with websockets enabled.
Traffic is forward from the nginix proxy manager to my internal homeassistant ip + port

The only addon i have on home assistant is duckdns. I dont use a separate letsencrypt or nginx plugin for HA

Mylez · May 17, 2022, 8:20am

Amazing timing! Just as I loaded up the page to post I found a solution it seems you have beat me to it!
my configuration.yml reads as such

#Networking!
homeassistant:
  external_url: "https://homeassistant.yourdomain.whatever"
  internal_url: "http://homeassistant.yourdomain.whatever:8123"

#Possible fix for the damn external access!
http:
  server_port: 8123
  ssl_certificate: /ssl/cert.pem
  ssl_key: /ssl/key.pem
  #allowing Reverse Proxies!
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.1.1.1
    - 10.1.1.155
  #disabling IP bans! Pfsense will handle this I don't need a local ban list.
ip_ban_enabled: false

I am not running Nginx reverse proxy OR Duckdns, I am just running straight DNS resolver with a host override for homeassistant in pfsense with a wildcard cert as well as a copy of the same cert locally, then portforwarding 8123, 80 and 443 in pfsense.

UPDATE I was able to go fully 443 by changing server_port: 443 and internal_url: to my fqnd without the port on the end.

0rang3 · May 30, 2022, 2:56pm

I am still unable to access HA outside of my network. I did everything you guys mentioned, but it did not solve anything for me.
Running on a Pi4, with DuckDNS and NGINX.
If anyone is finding out something other than what was already mentioned, please let me know!

k8gg · May 31, 2022, 9:58am

Describe your setup: network environment, HA environment, versions, config, IP’s, ports, policies, services, outlining your network map, etc.
And then describe what you have seen so far, what exactly is not working, and which parts seem to work, logs, was it ever worked before, etc.
And then describe what you have tried.

0rang3 · May 31, 2022, 3:56pm

Pretty much what has been said before.
External access with duckdns and nginx worked perfectly up until a while ago.
I restarted NGINX, DuckDNS, HA, checked if anything was changed in any configurations on the related add-ons, added the external/internal urls in the config file.
I use a regular router, so no pfsense, or anything like that.
I don’t have any errors in logs related to add-ons or login attempts.
If I try to login through duckdns url from the local network, it’s still not working, I get the “Initializing” text, and will time out after several minutes.

k8gg · May 31, 2022, 7:31pm

I see. It is just that people wouldn’t know how to help / what to comment, if we don’t know where you stand. So I suppose the internal url works just fine from LAN, correct?

It is possible to show us:

The config and the log of your duckdns add-on
The config and the log of your NGINX add-on
HAOS → Settings → System → System Health
HAOS → Settings → System → Network
Which service (or services) is using the 172.30.33.0/24 network?’
What does this .110 IP do, under the trusted proxies
What’s your port forwarding setup in your router?

This is somewhat expected, since the duckdns url is not yet working from the outside.

k8gg · May 31, 2022, 8:32pm

Next, let’s start from duckdns.

If you log into your duckdns control panel https://www.duckdns.org/ is the IP fresh and matching your WAN IP you are seeing from your router?
Judging from the WAN IP you see from your router, your ISP did not by any chance switch to CGNAT recently, correct?

0rang3 · May 31, 2022, 10:11pm

Apparently, it all started working again after I unplugged and plugged back in my router, and the ISP ONT several times.
My ISP offers the possibility too create a DDNS on my account on their website, and I tried using that to access my NVR, but that didn’t work. I was just trying to isolate the problem to see if it is from the DuckDNS/NGINX/HA Config, or is network wide. Apparently it was network wide, but after unplugging and plugging back in the devices several times, everything started working. MAGIC
@k8gg thanks a lot for your patience and for being willing to help a noob

bryan.mcglade · August 30, 2022, 4:44am

I too had the same issue. All used to work but some upgrade occurred and it stopped. My fix ended up being quite simple. I found that settings/system/network/home assistant url had not been set. Once set everything came good again.

MichaelRPowell · January 18, 2023, 9:04pm

Thank you!

I added just this snippet to my configuration.yaml to fix the warning/notice my system did not have external access.

homeassistant:
  external_url: "https://xxxxx.duckdns.org" # note no port number
  internal_url: "http://192.168.0.2:8123" # internal ip address of my HA with port number

I already had http: and some additional code, so I am not sure if that is needed for anyone finding this topic with a similar issue.

johnposten · January 29, 2023, 7:09pm

Thanks! I was able to get external access working by editing the configuration.yaml directly as other mentioned here. Also to edit the settings through the GUI I had to enable advanced mode:

Profile > Advanced Mode > (Enable). This was causing the Settings > System > Network screen to be blank for me. It was driving me crazy.

NotAValidUsername · February 6, 2023, 1:49am

Thanks for the tip about enabling Advanced Mode. I had been struggling with figuring why I couldn’t enter the Network screen. It would have been helpful for HA to put up some text indicating enabling Advanced Mode was required.

rudibetuk · March 7, 2023, 9:12pm

In the network settings, I just put my external IP address and now it reads Network access enabled(or something like that). I guess this setting is to be saved to your connected phones. so when they leave the house to try to connect to the external IP witch they already got from the previous connection to HA.
Hope I helped.

cluneke416 · May 3, 2023, 5:37am

You have to Enable Advanced Mode for the External Access Settings to Show

chosybaby · January 30, 2024, 6:48am

If you are using some sort of proxy you have to ensure that websockets are forwarded correctly. If they are not the typical 60s loop occurs.

Example for Apache (ProxyPass):

        # Websockets
        RewriteEngine On
        RewriteCond %{HTTP:Upgrade} websocket               [NC]
        RewriteRule /(.*)           ws://localhost:8123/$1  [P]

This part is only for rewriting the WebSockets. Below is the ProxyPass part:

        # Proxy Pass
        ProxyRequests On
        SSLProxyEngine On

        ProxyPass / http://localhost:8123/
        ProxyPassReverse / http://localhost:8123/
        ProxyPreserveHost On
        AllowCONNECT 8123