Remote access - single URL setting: router with no NAT loopback, no DNS server customization

Just a quick test first: use http instead of https in that 内部接続のURL field, and see if that works.

If that wouldn’t work either, I see 2 routes going forward:

1. Figure out why http would not work. By default HAOS should allow http, at least from your home LAN (anyone with 192.168.11.xxx), so something else is going on. Is that a setting in your router? gateway? HAOS? I unfortunately do not know where to start on this one.
2. Try AdGuard Home
   2a) First we setup AdGuard Home, likely from that community add-on, in your HA box (RPi) - following the documents of that add-on.
   2b) Then we add a rule, to rewrite the yourname.duckdns.org with a local IP 192.168.11.4
   2c) Then we config and enable DHCP in your AdGuard Home, at the same time we point these on your router to 192.168.11.4
   
   (save, restart, reboot, verify, etc., so that AdGuard would be active, and your wifi clients are getting DNS server instructions pointing to AdGuard Home @ 192.168.11.4, and blocking ads for your lan.)
   2d) Use nslookup command from your PC, to verify that it would indeed resolve yourname.duckdns.org with 192.168.11.4
   2e) Clear both 内部接続のURL and Home Network WiFi SSID settings in your Companion app. And then save & test.

I guess route #1 would be easier, if we know where to start.

And maybe other members here in the forum has other ideas.

when you enable SSL in your home assistant, it only accepts https connection and two options ahead;

• https://local.ip.address:8123 - this will generate certificate error. using http://loca.ip.address:8123 would not work.
• https://xyz.duckdns.org - this will a valid https connection with a valid certificate
  if your router supports reverse NAT, when you hit duckdns domain, all would work fine. Some routers does not support this and you end up setting up nginx to take care of this.

when you move forward with nginx,

• you set your router 443 port to nginx server and you use https://xyz.duckdns.org, which will redirect to nginx and then home assistant (over http)
• you can use http://local.ip.address:8123
  in this option, as home assistant is not enabled with https, your mobile app would not fail to connect any of these hosts. inside mobile app, you will set your internal URL and external URL, so depending on SSID you connected, it will either try internal URL (no https) or external URL (https).

P.S.: I was a bit lost on overall thread, so I just summarized, pardon me I this had been covered already.

Right. This would work also. Thanks fuakakgun.

@misterobotique - All else are equal, this is likely the same or less amount of work, comparing to route #2. I’d start with the NGINX Home Assistant SSL proxy add-on, along with your existing Duck DNS.

@Tinkerer, @anon63427907, @k8gg thank very much for your help.
Installing the add-on NGINX Home Assistant SSL proxy solved my problem.

For users with a similar problem, here is what I did:

• installed the add-on NGINX Home Assistant SSL proxy
• following the documention
  1. I verified I have a /ssl directory on my HA machine and that it contains both my fullchain.pem and privkey.pem
  2. I commented out both ssl_certificate and ssl_key lines in the configuration.yaml
  3. in the same configuration.yaml, in the http section I added

       use_x_forwarded_for: true
       trusted_proxies:
         - 172.30.33.0/24
     

• in the Configuration tab, under Options I replaced home.example.com by my DuckDns address
• I configured my Wifi router to direct port 443 traffic to port 443 of my HA machine
• I restarted my router and Home Assistant
• accessing HA via http://192.168.11.4:8123, I started NGINX Home Assistant SSL proxy add-on and waited a few minutes until I could see “Running nginx…” in the log.
• on my phone, I opened Home Assistant Companion and in settings:
  1. Home Assistant URL: https://_________.duckdns.org
  2. Added my WiFi router SSID
  3. Internal connection URL: http://192.168.11.4:8123/

Hello could you help me with the point:
“I configured my Wifi router to direct port 443 traffic to port 443 of my HA machine”

These are my settings now. what do i have to change?

grafik993×754 16.8 KB

Thanks in advance

Sorry for the late reply.
My port mapping settings on my router looks like this:

• external port 8123 (TCP) to port 8123 (TCP) of Home Assistant machine
• external port 443 (TCP) to port 443 (TCP) of Home Assistant machine

Not being an expert, I would suggest to try my settings using the Port Mapping Settings functionnality in your router.

Hi there

I am a little bit lost with this very long posts. At the end, did you change the DNS settings on your wifi router? Seems like you said it above, but you didn’t mention it here in your solution.

Same: what the 172.30.33.0/24 relates to, your address seems to be 192.168.X.X?

Sorry for the extremely late reply, I haven’t logged in for a while.

At the end, I didn’t change the DNS settings on my WiFi router.
Regarding 172.30.33.0/24, I don’t know. I just follow the documention on how to use " NGINX Home Assistant SSL proxy" and it requires to add this to the configuration.yaml.

I also would be interested why 172.30.33.0/24. Is it necessary or just an example?

It’s the Docker IP ranged used by Home Assistant OS (or more accurately, the Supervisor).

If you’re using a proxy add-on then the IP it uses to connect to HA will (typically) be in that range.

So it specifies the inner IP range within which NGINX and HA communicate and they bargain one of the IP’s within the range?

Would it break, if I fully remove this setting?

Yes

HA won’t accept connections from the proxy if it isn’t a trusted IP.