Hi, I am new here and I desperately need some help. I have installed, in the order listed, the following addons. duckDNS and nginx reverse proxy server. I obtained a duckdns domain and its associated ID key. Both addons installed without issue and with no errors in the logs. I made changes to the configs as per the addon set up instructions. In my configuration.yaml I only have base_url xxxx.duckdns.org.
My ISP is EE fibre optic using an EE smart hub router. I have set port 443 to forwarded to the IP address of my Intel NUC upon which Hass.IO runs and port 8123. I have made that IP address static. I can access Hass.IO on that IP address.8123 with no problem but for the life of me and after a week of trying, googling and anything else I could think of I still cannot access Hass.IO using the https://xxxx.duckdns.org. It always returns can’t connect, timed out. Looking at my router set up the broadband IP address is the same as the address in duckDNS log. My router also shows a default gateway address very different to the ‘broadband’ address, I am not sure what the default gateway address is for.
I am trying to access the NUC via https:// xxxx.duckdns.org from my windows 10*64 machine and the Chrome browser, I also tried to access Hass.io from my NUC running ubuntu 18.04 and Firefox and still no joy.
I would really appreciate some help especially from some one using EE as ISP and the same router.
I will have to look at my current setup when I get home for more information. But I know I had issues in my local network when trying to hit the url. I had to set up my router to forward that domain to my ha on my local network. Try accessing the domain from outside your network. If that works you have things set up externally. If it does not work, then there is a misconfiguration somewhere. I can give you more details on my setup when I get home if you need. (I did have to change things a little because I own my own domain but do not have a static IP). Same principles apply though.
As @Betanu701said, please test from outside your network if you can access the url (e.g. with your phone over LTE)
I have (and had) several routers which did not allow me to access my external ip address from inside the network
Thank you, I will try to access HA from my phone tomorrow. I would very much like to see your set up details. I do have a private domain but I have never used it.
Thank you for your response. I am not against buying another router to get this system working. I am concerned the my ISP (EE) uses GCNAT and that may affect the ability to use WAN access to HA, some advice on that issue would be welcome.
I can ping my duckdns domain and get a positive result. I can also ping a NoIP DDNS that I have successfully, so I guess that means the set up works as far as accessing my router goes.
have you checked that your ip address at duckdns is actually your ip address? If you are behind CGNAT, that’sgoing to be the ‘shared’ IP address from your ISP not your IP address.
Does your ISP give you a fixed IPv6 prefix? Because that will work for accessing Hass.io with a little bit of work.
The other thing is perhaps your ISP can give you a real IPv4 address?
Hi I might be wrong but sounds like your port forwarding is incorrect. You say you’ve forwarded 443 to your hasssio and 8123.
If you’re using Nginx you should forward port 443 to port 443 on the Nginx server ip. (in this case your hassio)
Hi, thanks for your reply I think you have probably hit the nail on the head about the router IP address. In the advanced section of my router it shows what it calls ‘broadband IP’ which is what duckdns is linked to and a default gateway address 176.16.xx.xxx, I have no idea what the latter is but it may be my real IP address inaccessible externally. I’ll talk to my IP provider but I suspect I may have to resource to a ‘paid for’ service as I believe you do.
Hi, thank you for your suggestion. I thought I had tried that setting but I’ll certainly give another go.
In Australia when a carrier does CGNAT there is usually a means of getting a real IP from the provider - sometimes that charge $10/month for that. My ISP does a free opt-out and also provides IPv6…
Hi David, thanks for your help. My ISP doesn’t use CGNAT and unfortunately they do not offer private IP’s even for a fee.
I have now got access from my mobile phone and tablet. I changed port forwarding to 443 - 443, removed port 80 in nginx reverse proxy server and just set the name of my domain in the base_url in configuration.yaml.
I think I confused myself by believing that I could use https://mydomain.duckdns.org from Chrome on a PC on the same LAN as HA, I can’t!!! perhaps because my router doesn’t do loopback? However I can access HA on my local LAN by http so all is good.
Thanks to all other people who offered help and advice.