Duckdns supports DNS-01, so no port forwarding required.
1 Like
Ah. I missed this:
If you use CloudFlare, even the free version, they provide a free SSL. You can both have SSL provided end to end without having to do anything but turn it on, or you can download the 15 year wildcard cert to do with what you please.
How reliable is CloudFlare?
Euh, Akamai and Cloudflare are the biggest CDN providers on the internet. So pretty reliable.
Is there a guide to set-up the remote access which does not involve Port Forwarding? Either the via OpenVPN or SSH tunneling?
Not as such. Using a VPN you’re effectively “at home”, so there’s nothing special beyond install and configure your VPN.
Of course, you have to port forward to the VPN server 
But I can set-up a “private” VPN server on a RPi right?
Sure, VPN servers are, unless you decide otherwise, private by nature. You generally have to work quite hard to make one that’s “public”.
Wireguard is a good choice, and the PiVPN project has an installer that will allow you to configure, and run, either Wireguard or OpenVPN.
My advise… start looking into zerotier and create a free account. Link you HA instance to your own virtual zerotier network, give it a similar fixed virtual IP address (local IP eg 192.168.1.88, zerotier IP 192.168.192.88) and link all your devices also to zerotier via a client.
At home I connect via 192.168.1.88:8123
On the road, I turn on zerotier on my device and use 192.168.192.88:8123
This works more than perfect… No router/firewall issues (unless the zerotier port is blocked by a router in your building).
3 Likes
I currently have a personal domain name that I use with DYNU dns. I have a Nextcloud server that is running with a LetsEncrypt ssl certifcate. Is it possible to use the same certificate for my Home Assistant server? and if so, how would I go about it.
Thank you,
Robert
How do I limit access to webhooks only? I can’t figure it out …
Depends on your proxy server, but limit access to /api/webhook.
If you use NGINX then I cover it here:
location /api/websocket {
allow all;
include conf.d/proxy.conf;
proxy_pass http://127.0.0.1:8123;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_ignore_client_abort on;
}
http:
routers:
homeassistant:
entryPoints:
- "websecure"
rule: "Host(`homeassistant.example.org`) && PathPrefix(`/api/webhook`)"
Please keep in mind that Homeway is closed source and they state that they terminate the SSL. That means that they have full access to anything you send to HA - including your username and password.
This is totally unlike the Nabu Casa Cloud service, which passes through an encrypted connection to your HA instance.
For obvious reasons I’d advise caution if you’re considering Homeway.
Since Duck DNS has been down for about a day or so, is there an alternative way to set up remote access without having to change much on the setup? (please see below link for the setup) Running Nginx in conjunction with Duck DNS and it was working great until their servers completely went down (even their website has been down since yesterday.)
Easy choice:
- Pick any other Dynamic DNS provider - ChangeIP, NoIP, Dynu, etc
- Buy a domain, use CloudFlare (optionally use CloudFlare tunnels)
I went with (2) a long time ago and have never looked back
So I was using DuckDNS as the add-on in conjunction with Nginx. How will I integrate one of the other providers if I went that route?
You’ll need something that can update the provider you pick.
There’s an integration for Cloudflare, for others you’ll need another add-on. I don’t use add-ons, or any of those other providers, so I’m afraid I can’t point you at a solution. A Google search should find answers though.
1 Like