and found that I can access my Home Assistant by entering xxx. Duckdns .org:8123 from my home network, but when I try to access from my phone or even SSL Server Test (Powered by Qualys SSL Labs) I get “took too long to respond” from my phone and “unable to connect to server” from ssl labs.
I figured it was a firewall issue, but I went into the firewall logs and found on the WAN port that I am getting passed through properly using both cellular network and my expressvpn (separately). I also get a “blocked” on the WAN port if from cellular/expressvpn I type in xxx. duckdns .org:8123, which is correct.
I am running OPNsense on a protectli firewall with nginx and acme plugins. My Home Assistant is running on my local server in a docker container using MACVlan for networking.
I have 2 questions:
Looking at the tutorial, can you see anything that may be incorrect? Or have any troubleshooting tips?
Is there a way to use nginx so that I don’t have to enter just the xxx. duckdns. org without adding :8123 port number at the end?
Yes with nginx and local dns record. This is possible with a local dns record and nginx setup correctly, in nginx you setup your local subdomain e.g. ha.domain.duckdns.org and the proxy manages the traffic to your ip:8123.
You have in between the docker vlan that may complicate things.
Here an example of tutorial but what you posted seems complete, I have little experience with OPNsense…
The part 4 of the tutorial you posted is what I am referring to, there putting the port 8123 should address your question.
Macvlan setup might be the issue if your setup is not properly done but hard to say, without more info on the setup.
Furthermore when you say testing with your phone are you referring to access from outside your local network?
Did you set the HA config properly to accept the connection?
Is something like point 9 of the guide Reverse proxy using NGINX.
What’s the WAN IP of your home?
What port is HA accessible from?
From outside your network you should be able to access wan_IP:port. That it, no magic. It will be http or https depending on if you have HA set to use ssl. Make that work first and ignore duckdns. I’m basically saying test without nginx here.
Now, NGINX adds a seperate layer. You need to properly set up docker and nginx forwarding for this. My guess is you pointed nginx at the macvlan address of HA. If so, this is wrong. You should point nginx at the hostname of the HA container. Container cannot connect to another container over macvlan address. You can look at nginx logs to see connection details.
For opnsense we need understanding of firewall rules and network. A lot to be wrong here
Local may work because you manually setup connection in dns. It never leave local network
WAN not work because it’s blocked
Sorry I did not look at tutorial but hope above help. There are a lot of things to make mistake here so I think it easier to seperate pieces and verify individual function one by one
This is a good guide, however it seemed that my nginx was stuck and the restart button wasn’t actually restarting the service. So what I did was disable the service, and then enable it. That fully reboot the nginx service and started working properly!