I’ve tried a few different methods to set up secure remote access to my HA Core installation and while they’ve all worked, the following method is now my preferred approach. It requires a DuckDNS account and the nginx proxy manager docker image. It also assumes you’re using docker-compose or are willing to learn how to use it.
Step 0: Log into your router and forward ports 80 & 443 to your HA local IP.
Step 1: Create a DuckDNS account and add a domain that points to your external IP address. You can find your external IP address @ http://www.icanhazip.com. You also need to copy your “token” that can be found on your DuckDNS dashboard.
Step 2: Add the following lines to your HA configuration.yaml file. The http config deals with our reverse proxy. The duckdns config updates your external ip address if it gets changed by your ISP (happens to me every few months).
http:
use_x_forwarded_for: true
trusted_proxies:
- 127.0.0.1
duckdns:
domain: <your duckdns domain here>
access_token: <your duckdns token here>
Step 3: Create a Nginx Proxy Manager entry in your docker-compose.yaml file. The following uses a different database docker image than what’s in the Nginx Proxy Manager installation guide to provide compatibility with Raspberry Pi. If you’re not using a Raspberry Pi, the original docker image is: “jc21/mariadb-aria:10.4”.
proxymanager:
container_name: proxymanager
environment:
DB_MYSQL_HOST: "proxymanagerdb"
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: "npm"
DB_MYSQL_PASSWORD: "npm"
DB_MYSQL_NAME: "npm"
image: 'jc21/nginx-proxy-manager:latest'
ports:
- '80:80'
- '81:81'
- '443:443'
restart: always
volumes:
- /dockerfiles/nginxproxymanager/data:/data
- /dockerfiles/letsencrypt:/etc/letsencrypt
proxymanagerdb:
container_name: proxymanagerdb
image: 'yobasystems/alpine-mariadb:armhf'
environment:
MYSQL_ROOT_PASSWORD: 'npm'
MYSQL_DATABASE: 'npm'
MYSQL_USER: 'npm'
MYSQL_PASSWORD: 'npm'
restart: always
volumes:
- /dockerfiles/nginxproxymanager/data/mysql:/var/lib/mysql
Step 4: Log into Nginx Proxy Manager using the IP of the machine you installed it on and port 81. The default username and password are ‘[email protected]’ and ‘changeme’, respectively. You’ll be prompted to change these the first time you login.
Step 5: Go to the SSL certificates tab in Nginx Proxy Manager and create a new SSL certificate for your domain (via the LetsEncrypt option). All you need to do here in enter your duckdns domain name, your email address, and agree to the ToS.
Step 6: Go to the Host tab in Nginx Proxy Manager and create a new proxy host. Here you need to enter your duckdns domain name, the IP and port of your HA installation (use http here since the traffic will be local only), and enable “Websockets Support.” Before saving this new proxy host, head over to the ssl tab and choose the ssl certificate you created previously. Now click save.
That’s it! You should be able to access HA securely and remotely using your duckdns domain!