I am unable to figure out how to access HA on my LAN. I have complete access remotely and had this working with my EdgeRouter but recently upgraded that to a PFsense machine. I have spent some time searching and although there seems to be a solution I appear to be implementing it wrong… Any fellow HA users with Pfsense machines, and duckdns/lets encrypt setups?
This may only work if you’re using pfSense as your caching resolver. A problem may be that you have HTTPS turned on for the pfSense UI, and you’ve got some conflicts. I took the easy way out, and just use other than port 443 to avoid that issue.
My situation may be a bit different, as I have nginx running behind a NAT port forwarding rule that does Host: or TLS SNI name-based proxying to various things, including Home Assistant and Grafana. It also does TCP stream forwarding for MQTT over TLS, too (though, of course, on a different port.) So all the certificate management and stuff is handled in nginx, and nginx just proxies requests over plain HTTP to Home Assistant.
I’m not using hassio here; just running nginx on Ubuntu 18.04. It’s a hand-built configuration… I don’t have Home Assistant doing TLS/HTTPS; I do that in nginx which proxies external traffic based on the host name to home assistant, grafana and one or two other applications.
I have stuff that looks like this in the nginx configuration:
server {
# Update this line to be your domain
server_name xxxxxxxxx-redacted.com;
listen *:443 ssl http2;
listen [::]:443 ssl http2;
# Ensure these lines point to your SSL certificate and key
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/domain/fullchain.pem;
include snippets/ssl.conf;
proxy_buffering off;
location /api/notify.html5/callback {
if ($http_authorization = "") { return 403; }
allow all;
proxy_pass http://localhost:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
}
location / {
# access_log off;
access_log /var/log/nginx-access.log;
error_log /var/log/nginx-error.log;
proxy_pass http://127.0.0.1:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
This is just a snippet from a larger, more complex configuration. In particular, there’s some stuff related to how I use Let’s Encrypt that’s probably not what you’re using. But you can see how I have this server instance listening on port 433 with HTTPS (and HTTP/2 for that matter), and how it proxies those requests, via plain HTTP to home assistant on port 8123 running on the same host.
I fear this will probably sow more confusion as it’s incomplete and doesn’t have much of the surrounding context… Maybe it’s helpful. Maybe not…
On pfsense under System/AdvancedFirewall & NAT try setting “Enable automatic outbound NAT for Reflection” to true and “NAT Reflection mode for port forwards " to NAT+ proxy”. I not sure if you need the second one.
I’m using hassio on ubuntu 18.04. with this setup I needed to also add to {“dns”: [“192.168.20.1”, “192.168.1.1”]} to /etc/docker/daemon.json. This will allow HA to resolve local dns hosts.