Node Red with Duckdns/Let's Encrypt isn't executing locally. Please help a novice?

HeffeD · January 28, 2018, 9:51pm

TLDR; Local control of my devices through Node Red doesn’t seem possible using SSL through DuckDNS/Let’s Encrypt. Am I an idiot? Please advise.

Let me preface this by saying I’m very much a novice. I’ve been using a Raspberry Pi and Hass.io for approximately 3 months, and I’m completely new to Node Red. I do control Hass.io externally through SSL using the Duckdns component with Let’s Encrypt. (https://mydomain.duckdns.org, and https://mydomain.duckdns.org/nodered) I’m not 100% sure that’s the proper front end address to Node Red, because it’s currently uninstalled. I’m just going by memory, which may be incorrect.

Using the built-in automation editor and the resulting .yaml parsed versions has been a source of frustration for me since starting to use Hass.io approximately 3 months ago. I saw a Reddit post about Node Red, and thought that it looked like a system that was much easier for me to understand when it comes to creating/editing/troubleshooting my automations. I find it very difficult to wrap my head around the .yaml parsed automations that I’ve created with the built-in automation component if I need to make a quick edit from the .yaml file. I love the fact that you can easily test portions of your automations with NodeRed. It’s as easy as injecting a command or value at some point and seeing the result immediately using a debug node. Much easier than commenting out portions of the .yaml file and reloading the automation in Hass.io to test.

After installing Node Red, all was going great! I had replaced or consolidated several of my existing default automations using Node Red equivalents, and I was very happy using it instead of the default tools. Then I read a post on Reddit that someone was asking if Node Red really required internet access to run automations if you were using SSL… Wait, what? Since starting with Node Red, I had assumed that like Hass.io, I was externally connecting through SSL to access the front-end of the software, but all of the device control functionality was actually being executed locally on my network! Local control was one of the important factors that lead me to start using Home Assistant in the first place!

So I set up a simple automation in both Hass.io and Node Red that would turn on a switch if my phone disconnected from my WiFi network. Then I disconnected my router from the internet turned off WiFi on my phone. As expected, Hass.io was able to turn on the switch even though there was no internet access. Surprisingly, when attempting to run the same simple automation through Node Red, it failed without internet access…

So from you community experts to a novice such as myself, is it possible to still access the Node Red front-end through SSL, (using Duckdns/Let’s encrypt) yet have it execute automation locally? (Preferably without needing to install something like Dnsmasq, NGINX, or any complicated programming steps…)

I did uninstall Node Red out of frustration because local automation execution is a definite must as far as I’m concerned, so I wanted nothing to do with Node Red any more. Then after a few days of introspection, I decided I’m likely doing Node Red a disservice because I could very well have a flawed understanding of how it needs to be configured to do what I want it to do, so I decided to ask the community before I completely write it off as unusable to me.

I apologize for the long, possibly rambling post, and thanks in advance for any help. I really appreciate it!

budlyte · March 14, 2018, 1:12am

I am in the same boat. I installed node red and configured it but like you I use duckdns and hassio. When I open node red (have to use https://192.168.1.104:1880 and then tell chrome that it’s ok to proceed) I see in the debug frame that it can’t get to hass because it is using a local http address http:/192.168.1.104 which is the address of my hassio ("Home assistant connection failed with error: Connection to home assistant could not be established with config: http://192.168.1.104 "). I tried uninstalling node red and re-installing but got same result. Interesting, I installed the HADASHBOARD which wants to use my duckdns address but if I call it via my http://192.168.104:5050 it works fine. Like you, I don’t want to access node red outside my local network and don’t want to port foreword 1880 in my router.

Also find it interesting that no one on the forum has responded to your question. Frustrating to say the least.

Let me know if you have any luck solving this issue.

HeffeD · March 14, 2018, 2:43am

Hi budlyte, yeah, it was pretty frustrating! I expected some sort of response.

Do you by chance run Pi-hole? I solved it by using the method mentioned in the DIY Futurism blog. After adding my custom domain as a host in Pi-hole, now Node Red is interfacing on my local network. Since I was already running Pi-hole, this was a very simple fix for me. Here is the link if you want to check it out.

budlyte · March 14, 2018, 5:54am

I am not running PI-Hole. Its late here in Anaheim but will look at the link tomorrow and see if that’s what will work. I figured that I would have to port forward 1880 but was hoping it could be solved another way.

Will let you know.

Thanks

HeffeD · March 14, 2018, 6:55pm

The article does mention two other options. Either using DNSmasq or a nginx proxy. Pi-hole was the easiest option for me because I was already using it.

budlyte · March 14, 2018, 9:34pm

I bit the bullet and opened port 1880 in my router and look like everything if working. After some research I came to the conclusion that that was the fastest and easy way to get moving.

Thanks for all you input.

HeffeD · March 14, 2018, 9:51pm

The problem with just opening the port means that you’re still dependent on the internet for your Node Red automations to function because Node Red is communicating with Home Assistant through your public facing IP address. That’s why I needed to find out how to resolve it locally, because I have much more faith in my local network’s up-time than I do my internet connection.

nebbiadigiorno · March 14, 2018, 10:35pm

hi, i have the same problem. hassio and duckdns. could you please post the configuation of the pihole?

Kanishkaz · March 14, 2018, 10:40pm

Have you tried configuring your Node-Red Home Assistant server URL to

http://hassio/homeassistant

I was using my duckdns URL in Node-Red until I came across the above in another thread. It works great and does not require an internet connection to function. Apparently it’s some special URL that allows Hassio to talk to addons locally.

nebbiadigiorno · March 14, 2018, 10:45pm

yes, and it works. but in node-red i can’t see my home assistant information. and in the debug window it constantly appears:

"Home assistant connection failed with error: Connection to home assistant could not be established with config: http://mylocalip:myport <password redacted>"
14/3/2018, 23:44:03node: Home Assistant
msg : string[157]
"Home assistant connection failed with error: Connection to home assistant could not be established with config: http://mylocalip:myport <password redacted>"

the automation witth node-red works, but in the “edit call service node” under service i have: unknown service.

HeffeD · March 15, 2018, 4:16pm

I’ve configured it the same way mentioned in the DIY Futurism blog that I posted a link to earlier.

@Kanishkaz, no, I haven’t tried that. I’ll have to check it out. Thanks.

nebbiadigiorno · March 15, 2018, 5:05pm

i solved my problem using dnsmasq

NotoriousBDG · March 15, 2018, 5:40pm

The issue is that you’re relying on NAT loopback to access Node-RED because SSL requires that you use the proper hostname. That basically means that your internet has to be working for it to be accessible. The easiest option to eliminate that dependency is to configure Node-RED to use the built-in API proxy in hassio, which is http://hassio/homeassistant. By using the API proxy, it bypasses the need for NAT loopback, proper DNS hostnames for SSL, and the need for split DNS.

The next best option is to use dnsmasq for split DNS, which makes your duckdns name resolve to your private IP instead of your public IP.

HeffeD · March 15, 2018, 7:38pm

Thanks for the information!

Nutti85 · April 2, 2018, 5:16pm

I’m really stuck on this. I’ve managed to pull up node red in an iFrame panel but it fails to retreive my entities

I get this error:

Cannot GET /homeassistant/entities

My node is configured with base url: https://xxx.duckdns.org:8123

Looks like my router does not allow for NAT loopback so I’m in serious need for an ELI5 (more like ELI2) on how to get this to work, either with Pi-hole or DNSmasq.

Thanks in advance.

HeffeD · April 2, 2018, 6:24pm

Have you tried using the base URL that NotoriousBDG mentions? It may solve your problem.
http://hassio/homeassistant

If that isn’t working for you, check out the link I posted earlier in this thread to the DIY Futurism blog. Brad mentions exactly how you can get your DuckDNS domain to resolve locally using Pi-hole. I’ve never tried it with DNSmasq, so I don’t know how to configure it.

Nutti85 · April 2, 2018, 6:40pm

Looks like that worked! Thanks!

HeffeD · April 2, 2018, 6:41pm

I’m glad it’s working for you!

Breichen · May 12, 2018, 8:29pm

Hi bit of a noob here… Are there directions on how to set this up anywhere?

Thank you.

NotoriousBDG · May 12, 2018, 9:08pm