{
"key": "Your-Key-String-Here",
"secret": "Your-Sectret-String-Here",
"forwarding": [
{
"bucket": "ha",
"destination": "http://127.0.0.1:8123"
}
],
"tunnels": [
{
"name": "ha",
"destination": "http://127.0.0.1:8123/",
"protocol": "tls",
"domain": "your-duckdns-domain"
}
],
"duck_dns": {
"token": "your-duckdns-token",
"accept_terms": true
},
"tunnels_enabled": true,
"forwarding_enabled": false
}
Hm. That’s the settings I used and it doesn’t seem to be working. When I check the logs of the add-on I see this:
Blockquote
[✗] Your plan doesn’t include custom subdomains, set ‘subdomain’ for tunnel ‘ha’ to an empty string,
or upgrade your plan here: Webhook-Relay
Do you get the same things? Also, did you set up Let’s Encrypt or anything on your Home Assistant setup?
It’s been awhile since I set it up but I am pretty sure I had to setup the duckdns addon and have it running when this started, and then turn it back off. I have a bunch of emails from the guy that made the addon, give me a little bit to look thru them and get back with ya.
One of the steps in a previous email said to…
Get DuckDNS Addon-on and configure it.
Start it and wait until it provisions a certificate, Then stop it,
Configure Webhook relay addon.
Also, it says make sure your HA can work with HTTP(NOT HTTPS)
As a last resort, Here’s the guy that can answer all your questions.
Hey guys 
@dmoses1969 it’s free for you because you really helped with the feedback early on (thanks for that)! However, for the basic functionality users will need to upgrade to $4.5/month plan.
I can enable paid features for anyone who wants to try, just to see how it works and see whether it suits your use case. Ping me either on [email protected] or here.
@dmoses1969 thanks for all your help!
@rusenask I appreciate you responding in the thread. I figured the plan would need to be upgraded. Think I may try to go back to the reverse SSH route but if all else fails I may bite the bullet and upgrade. Thanks again!
I have enabled paid features for you, if you still want to try
Regarding your SSH, here’s some info: https://www.ssh.com/ssh/tunneling/example.
Also, your GCP VPS after the free credits run out won’t be free. You might want to get a VM on some cheaper cloud such as Digital Ocean (I think you can get there one for $5/m), Scaleway, Linode, OVH.
Thanks for the free preview! The tunnel is now creating, however I’m getting the following error where it says port 443 is already in use? Is there something else in HA I have to configure?
2019/01/03 11:34:26 [INFO] acme: Registering account for
2019/01/03 11:34:27 [INFO] [example.duckdns_org] acme: Obtaining bundled SAN certificate
2019/01/03 11:34:27 [INFO] [example.duckdns_org] AuthURL: https://acme-v02.api.letsencrypt_org/acme/authz/random-characters
2019/01/03 11:34:27 [INFO] [example.duckdns_org] acme: Could not find solver for: http-01
2019/01/03 11:34:27 [INFO] [example.duckdns_org] acme: Trying to solve TLS-ALPN-01
{“level”:“error”,“ts”:1546515291.3751533,“msg”:“failed to retrieve cert”,“domain”:“example.duckdns_org”,“error”:“acme: Error -> One or more domains had a problem:\n[example.duckdns_org] [example.duckdns_org] error presenting token: could not start HTTPS server for challenge -> listen tcp :443: bind: address already in use\n”}
Hi, do you by any chance have a DuckDNS add-on that’s already running? It seems that the logs are coming from it as webhookrelay add-on uses DNS challenge, not http one
Blockquote
When I do that and type the following in a browser on my Mac: VPS.IP.ADD.RESS:18123, I get a connection timeout error.
Are you sure you want to open your HA to the world? Well, if it’s the case you should change your ssh command on the Pi to:
ssh -fgNR 18123:localhost:8123 vpsusername@vps-instance-ip-address
as per default ssh doesnt allow outside connections to local forwarded ports.
Since you own a VPS why not just install openvpn on it and let your pi and your mac/mobile connect to your vpn?
I did not have the DuckDNS add-on installed, but I have done that and configured it. I assume it’s working since now I have to use https://pi-ip-address:8123 to reach Home Assistant locally. However, I’m still getting this same error when starting the webhookrelay add-on:
Blockquote
{“level”:“error”,“ts”:1546523697.718215,“msg”:“failed to retrieve cert”,“domain”:“example.duckdns_org”,“error”:“acme: Error -> One or more domains had a problem:\n[example.duckdns_org] [example.duckdns_org] error presenting token: could not start HTTPS server for challenge -> listen tcp :443: bind: address already in use\n”}
Okay, so DuckDNS add-on shouldn’t be installed as it will always just reset the correct IP address. You can disable it or just uninstall.
Is that example.duckdns.org entered somewhere in your config? I will do some testing with an updated HA on my end too.
OK I uninstalled the DuckDNS add-on. In which config are you referring? in my configuration.yaml my DuckDNS domain is in the “base_url” field under the http section. My webhookrelay add-on config is below:
Blockquote
{
“key”: “my-key”,
“secret”: “my-secret”,
“forwarding”: [
{
“bucket”: “ha”,
“destination”: “http://127.0.0.1:8123”
}
],
“tunnels”: [
{
“name”: “ha”,
“destination”: “http://127.0.0.1:8123/”,
“protocol”: “tls”,
“domain”: “example.duckdns.org”
}
],
“duck_dns”: {
“token”: “my-token”,
“accept_terms”: true
},
“tunnels_enabled”: true,
“forwarding_enabled”: false
}
Would OpenVPN work from behind Verizon’s double NAT? Might have to explore this option, however I wonder if this would cause Google cloud to charge me (right now I have the $300 credit for a year)
“domain”: “example.duckdns.org"
should be changed. It has to match the domain that you got on their website (https://www.duckdns.org/)
sure, because you will open the connection from your pi to your VPS outside verizon. Usually openvpn uses UDP, but you can change that to TCP if you want.