I have the same issue here, I installed today and tried to setup SSL via pfsense and its refusing anything except homeassistant.local:8123
can confirm that with latest version AND reboot of host machine remote access works again
Still have the issue, I reinstalled twice on proxmox and once on a nuc I had laying around still disabled and still cant get it to accept a connection from anything other than homeassistant.local:8123. I tried both proxy managers and they both refuse to work. I tried both 8.0 and 7.6 nothing worksâŚ
After two weeks of trying to find a reason why things were no longer working, i changed my setup to get this to work
in configuration.yaml âŚ
homeassistant:
external_url: "https://xxxxx.duckdns.org" # note no port number
internal_url: "http://192.168.0.2:8123" # internal ip address of my HA with port number
http:
# ssl_certificate: /ssl/fullchain.pem
# ssl_key: /ssl/privkey.pem
use_x_forwarded_for: true
trusted_proxies: # not sure i need this bit, but this is the network on which my nginx proxy sits
- 10.10.0.0/16
my home router sends my traffic to a separate nginx proxy manager that i have running at home.
The nginx proxy manager in turn has a letsencrypt cert, with websockets enabled.
Traffic is forward from the nginix proxy manager to my internal homeassistant ip + port
The only addon i have on home assistant is duckdns. I dont use a separate letsencrypt or nginx plugin for HA
1 Like
Amazing timing! Just as I loaded up the page to post I found a solution it seems you have beat me to it!
my configuration.yml reads as such
#Networking!
homeassistant:
external_url: "https://homeassistant.yourdomain.whatever"
internal_url: "http://homeassistant.yourdomain.whatever:8123"
#Possible fix for the damn external access!
http:
server_port: 8123
ssl_certificate: /ssl/cert.pem
ssl_key: /ssl/key.pem
#allowing Reverse Proxies!
use_x_forwarded_for: true
trusted_proxies:
- 10.1.1.1
- 10.1.1.155
#disabling IP bans! Pfsense will handle this I don't need a local ban list.
ip_ban_enabled: false
I am not running Nginx reverse proxy OR Duckdns, I am just running straight DNS resolver with a host override for homeassistant in pfsense with a wildcard cert as well as a copy of the same cert locally, then portforwarding 8123, 80 and 443 in pfsense.
UPDATE I was able to go fully 443 by changing server_port: 443 and internal_url: to my fqnd without the port on the end.
2 Likes
I am still unable to access HA outside of my network. I did everything you guys mentioned, but it did not solve anything for me.
Running on a Pi4, with DuckDNS and NGINX.
If anyone is finding out something other than what was already mentioned, please let me know!
1 Like
Describe your setup: network environment, HA environment, versions, config, IPâs, ports, policies, services, outlining your network map, etc.
And then describe what you have seen so far, what exactly is not working, and which parts seem to work, logs, was it ever worked before, etc.
And then describe what you have tried.
Pretty much what has been said before.
External access with duckdns and nginx worked perfectly up until a while ago.
I restarted NGINX, DuckDNS, HA, checked if anything was changed in any configurations on the related add-ons, added the external/internal urls in the config file.
I use a regular router, so no pfsense, or anything like that.
I donât have any errors in logs related to add-ons or login attempts.
If I try to login through duckdns url from the local network, itâs still not working, I get the âInitializingâ text, and will time out after several minutes.
I see. It is just that people wouldnât know how to help / what to comment, if we donât know where you stand. So I suppose the internal url works just fine from LAN, correct?
It is possible to show us:
- The config and the log of your duckdns add-on
- The config and the log of your NGINX add-on
- HAOS â Settings â System â System Health
- HAOS â Settings â System â Network
- Which service (or services) is using the 172.30.33.0/24 network?â
- What does this .110 IP do, under the trusted proxies
- Whatâs your port forwarding setup in your router?
This is somewhat expected, since the duckdns url is not yet working from the outside.
Next, letâs start from duckdns.
- If you log into your duckdns control panel https://www.duckdns.org/ is the IP fresh and matching your WAN IP you are seeing from your router?
- Judging from the WAN IP you see from your router, your ISP did not by any chance switch to CGNAT recently, correct?
Apparently, it all started working again after I unplugged and plugged back in my router, and the ISP ONT several times.
My ISP offers the possibility too create a DDNS on my account on their website, and I tried using that to access my NVR, but that didnât work. I was just trying to isolate the problem to see if it is from the DuckDNS/NGINX/HA Config, or is network wide. Apparently it was network wide, but after unplugging and plugging back in the devices several times, everything started working. MAGIC
@k8gg thanks a lot for your patience and for being willing to help a noob 
I too had the same issue. All used to work but some upgrade occurred and it stopped. My fix ended up being quite simple. I found that settings/system/network/home assistant url had not been set. Once set everything came good again.
Thank you!
I added just this snippet to my configuration.yaml to fix the warning/notice my system did not have external access.
homeassistant:
external_url: "https://xxxxx.duckdns.org" # note no port number
internal_url: "http://192.168.0.2:8123" # internal ip address of my HA with port number
I already had http: and some additional code, so I am not sure if that is needed for anyone finding this topic with a similar issue.
Thanks! I was able to get external access working by editing the configuration.yaml directly as other mentioned here. Also to edit the settings through the GUI I had to enable advanced mode:
Profile > Advanced Mode > (Enable). This was causing the Settings > System > Network screen to be blank for me. It was driving me crazy.
3 Likes
Thanks for the tip about enabling Advanced Mode. I had been struggling with figuring why I couldnât enter the Network screen. It would have been helpful for HA to put up some text indicating enabling Advanced Mode was required.
1 Like
In the network settings, I just put my external IP address and now it reads Network access enabled(or something like that). I guess this setting is to be saved to your connected phones. so when they leave the house to try to connect to the external IP witch they already got from the previous connection to HA.
Hope I helped.
If you are using some sort of proxy you have to ensure that websockets are forwarded correctly. If they are not the typical 60s loop occurs.
Example for Apache (ProxyPass):
# Websockets
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:8123/$1 [P]
This part is only for rewriting the WebSockets. Below is the ProxyPass part:
# Proxy Pass
ProxyRequests On
SSLProxyEngine On
ProxyPass / http://localhost:8123/
ProxyPassReverse / http://localhost:8123/
ProxyPreserveHost On
AllowCONNECT 8123
If the goal is to locally(Wifi)/remotely access the HA in your local/public network HA mobile app, I would recommend using Duck DNS as following.
- Check IP address from Home Assistant
- Go to Settings(keyboard Shortcut âcâ) > Devices & Services. In the bottom right corner, select the Add Integration button. From the list, select Local IP Address.
- From your router: Allow port forwarding to your HA local ip address + port number 8123
- Click your profile name on the bottom left of HomeAssistant > General tab > enable âAdvanced modeâ
- Go to https://www.duckdns.org/domains, register account > create a unique sub domain with home public ip address
- Home assistant Settings > System > Network > âHome Assistant URLâ > add just created http duckdns url
- Use the duck dns http url + port number in your mobile app to sign in