Strange now it works without error. That fu…g doesn’t make sense.
It does if you didn’t have a subnet mask.
It would have only trusted the host 172.30.33.0 and nothing else.
I tried already, it doesn’t change anything. Now I can access via 443, after I edited my port forwarding on my router.
But to be true, that isn’t a clean solution it is just a lot of tweaks and limitations. I don’t know if I keep that solution. I really don’t like to use different links just because I come via external or internal.
Perhaps I will have a look at ecowitt2mqtt. If that will also bring up all values and it works, I will switch over to that until they repaired the integration so that you can use it without totally changing your configuration.
What I meant was, that at first I couldn’t use 172.30.33.0/24 as HA was telling me that my configuration is faulty and now this entry works just fine.
I only port forward port 443 and I use only one url for everything which is https://myhost.duckdns.org
I use this one url both locally at home on the lan/wifi as well as externally in public on the wan/mobile.
The only other url I have is for the ecowitt device to send webhooks to home assistant locally only on the lan/wifi which is http://homeassistant.local:8123
Can anyone help me with this… I have an ecowitt device and the Alexa integration - and I think I understand from the above - that the NGINX add-on will help the Ecowitt requirement for an HTTP link, but will break the Alexa integration. Is that correct ?
Hi there @bubble_13
I just had a look at
https://www.home-assistant.io/integrations/alexa.smart_home/#requirements
Here is what it says
- The Alexa Smart Home API requires your Home Assistant instance to be accessible from the internet via HTTPS on port 443 using an SSL/TLS certificate. A self-signed certificate will work, but a certificate signed by an Amazon approved certificate authority is recommended. Read more on our blog about how to set up encryption for Home Assistant. When running Home Assistant, using the Duck DNS add-on is the easiest method.
From that quote, I have to assume that you already have configured your home assistant with HTTPS and SSL using duckdns and let’s encrypt.
According to This guide, they advise on port translation:
Before updating the Home Assistant configuration, we have to forward port
443
(https connections) to port8123
on the computer that will run Home Assistant. Do this in your router configuration as previously done for port80
.
Please login to your router and check your port forwarding table and advise if you are forwarding port 443 externally to port 8123 internally (port translation) as per the guide?
Assuming that port translation is how you got Alexa working previously, what you would need to do is:
There are 2 x ssl_ lines in configuration.yaml under the http: config block.
copy the existing 2 lines of text with ssl_ in front of them to notepad.
Then comment them out by putting a # in front of them to demote home assistant https to http.
Reboot home assistant. After you do that, you will temporarily only be able to access home assistant locally via http://homeassistant.local:8123 or http://your.local.ip.address:8123
Then install Nginx add on and configure Nginx to use yourhost.duckdns.org and use those same ssl cert locations you just copied to notepad and commented out.
Start Nginx as this will now take over https/ssl responsibilities but runs on a different port being 443.
Next you will need to update your router port translation so that port 443 externally now maps to port 443 internally for Nginx to handle https/ssl from now on.
Once that is all done, you should be able to access via both https://yourhost.duckdns.org (for your mobile phone app and web browsers and Alexa) and http://your.local.ip.address:8123 (for the ecowitt device to send webhook data to)
Hi del13r,
Thanks for your work on this. I don’t know anything about SSL and HTTPS except that I think I should be using it when I access HA remotely.
I currently use http://www.dynu.com/ for my dynamic DNS services and port redirecting. I have my own registered domain name and I use this service to forward traffic.
How would I set HA up as you did above but keep using my dynu DNS service?
Thanks
FRR
Hi, no worries, happy to try help out.
Instead of using the duckdns (which has letsencrypt support) addon, i would use the letsencrypt addon instead.
https://github.com/home-assistant/addons/blob/5fc9b3e5a4d9db805f65ad960e28a5516f37e456/letsencrypt/DOCS.md
I would port forward port 80 externally to port 80 internally and then run letsencrypt just to generate the certificate with the following example config.
email: [email protected]
domains:
- yourhost.dynu.com
certfile: fullchain.pem
keyfile: privkey.pem
challenge: http
dns: {}
After lets encrypt successfully generates the certificate file and private key file, i would:
- Forward port 443 externally to port 443 internally on my router/firewall.
- Update the home assistant configuration.yaml with this
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
- configure the nginx addon with this config
domain: yourhost.dynu.com
hsts: max-age=31536000; includeSubDomains
certfile: fullchain.pem
keyfile: privkey.pem
cloudflare: false
customize:
active: false
default: nginx_proxy_default*.conf
servers: nginx_proxy/*.conf
- start the nginx addon
Thanks so much for the advice. I will give your recommendations a try.
Throwing another solution in the mix (running a simple nginx reverse proxy DIY): Home Assistant with ecowitt: HTTP to HTTPS nginx reverse proxy secure DIY solution · GitHub
I wanted to own the solution 100% to ensure security / meeting my specific needs, however I think anyone willing to run nginx in a container (or otherwise) on their network would find value in the solution.
In my case, I’m running Home Assistant on an Intel NUC with a Docker / Supervisor install and do NOT want to enable a HTTP endpoint on my HA. I’m also using Nabu Casa as my external HTTPS webhook destination for ecowitt but that could be any HTTPS endpoint. Best of luck!
Dear all,
Like to introduce out self, we are Profyta Ltd. based in Tanzania, Nigeria and more country’s. We helping farmers to grow optimal, and to grow with less input’s like water, fertilizers etc.
We use to day ECOWITT sensors and use the platvorm from ECOWITT.
A team of students try to create an better platform, perhaps you have idea how to create this? Regards Ewout Schurink
https://www.ecowitt.net/home/share?authorize=D5WT9K
https://www.ecowitt.net/home/share?authorize=EDV7Q5
I had only problems with NGinx it was so unreliable and unstable that I uninstalled it and was really f… as I couldn’t use Ecowitt anymore. It is a bummer that a running solution is exchanged against a solution that is that unreliable and that also needs you to reconfigure other integrations.
Luckily I found another way to solve this problem. It runs like a charm and doesn’t have any of these problems. Now my Ecowitt runs without problems in HA.
There is an AddOn called Ecowitt Proxy Github repo with this AddOn nothing needs to be changed in HA or any other integration just the setup in Ecowitt needs to be configured accordingly.
Derek Seaman explains this on his website and the setup is even easier and faster that the NGinx integration and you don’t need your links or something like that.
Home Assistant: Ecowitt Weather Station Setup
For all having problems like me with NGinx I would say uninstall it, forget it and use this way.
Thanks a lot for the recommendation!
After way too much time spent installing old HACS-Ecowitt and the new one alongside Nginx, this solution appears to be a no-brainer. Works like a charm!
Thanks for posting this it was super helpful. I followed it and it worked out great!
Hello Everyone, I have the same issue but not the same ability to fix it. I can pay anyone able to fix it to me. just text me on [email protected] thx