Ngix reverse proxy and duck dns problem

Hi guys, sorry for silly question just new on these topics.
I’ve been able to set the duck dns plugin with certificates and I’ve been able to remotly login.
Some poblems are rised tryng to locally access caause the certificate don’t work fo local addresses.
Ok, I’ve skip the warning in the browser (noise but not big issue) what I didn’t like was that the companion app stop working.

Reading around I’ve seen that i could setup reverse proxy with NGIX. Form my undertandin it manages the encription if caming from external source but leaves internal as normal “http”.

I’ve follow the guide:

  1. open port 443 (tcp/udp) on the router to 443
    closed port 8123 cause no more needed and not protected (right?)
  2. removes the following lines from the “configuration.yaml”:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

(casue they should not be required anymore)

  1. reboot.

After done this I’ve been able to login from pc on local as: “http://homeassistant.local:8123/
from the app local as:" (why the previous “homeassistant.loca” not work?!?)
I was thinking ok, good!
but I cannot access anymore in https from outside! :sweat_smile:

I’ve tried: “

nothing work
If i do : “” it works but doesn’t seems anymore (as I expect) a secure connection.

where is it my mistake??

Were is the step were you configure NGINX? Please show the NGINX config.

I’ve use the simple addon “NGINX ssl home assistant SSL proxy” that use duck dns certificates.

the config is minimal:

certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf


Can you provide a link to the add-on, I don’t use add-ons and am quite confused by the different ones available for NGINX.

Have you configured internal and external urls in configuration.yaml and the app?

  internal_url: !secret internal_url
  external_url: !secret external_url

How should this hrlp when he’s not able to reach his external address in the first place?