I have my hassio install on a Raspberry Pi in my home LAN. I use an SSL certificate and portforwarding to access Home Assistant from outside. So, from outside the LAN I can just type my domain name in a browser and I get a secured connection.
My ISP supplied router doesn’t support NAT loopback, so from inside my LAN, I have to use the Pi’s ip address to access Home assistant. As a result, the browser says the site is unsafe to visit and I have to ignore/bypass a number of warnings. I don’t want to have my family members to go through this process all the time, so I’d like to fix this before I ask them to get familiar with Home Assistant.
I’ve tried running a local DNS server using the Dnsmasq add-on. No problems with the add-on, but I’m unable to change the DNS server address on the router and I haven’t been succesfull in changing the DNS server address on my mobile devices permanently. It worked for a while on my laptop, but my DNS server settings keep getting lost.
I read about NGINX and reverse proxy servers, but I’m not sure how this will help me. If it requires the same DNS settings on my mobile devices, I might as well focus on the Dnsmasq solution first.
How do others solve this? Just get a better router? Just ignore the warnings? Or should I be able to get rid of the warnings using Dnsmasq and the DNS settings on the mobile devices with a bit more effort?
If you can’t change the DNS Server in your router config i guess the only way is to disable DHCP in the router completely and set up a DNS and DHCP Server (dnsmasq is fine)
If you want to have a quiet nice interface and additional ad blocking i would suggest using pi-hole
Thank you @nickrout for taking the time to respond. I didn’t realize that the DHCP server is what is telling devices what DNS server to use, so I’ll look into that some more.
How did you get to run dnsmasq as a DHCP server? The Dnsmasq add-on only has three config variables, none of which seems to be related to DHCP.
I think it’s better if you use a reverse proxy like Nginx or Caddy. That way you can use your secure Duckdns address for outside access and for local access you can use your http://192.168.1.x:8123 address.
Thanks everyone for the help! I think I’ve solved it now.
My problem was that I wanted to set a specific DNS address on my mobile device, while at the same time I was trying to have its IP address assigned dynamically. That didn’t work.
The solution that seems to work for me is to assign a static IP address to the mobile device for my home wifi network. The router’s DHCP server is still active and serving IP addresses to other devices in the house that I don’t use for controlling Home Assistant. The static IP address should be outside of the DHCP IP-address range to prevent IP conflicts.
The Dnsmasq add-on is running on my Home Assistant installation, and as @nickrout pointed out, the “hosts” configuration variable can be used to point devices on the LAN to the Home Assistant server by using my external domain name. There’s no need to change the DNS server addresses on the router.
The other thing I ran into was about port forwarding. Back when I installed the SSL certificate, I followed a tutorial that recommended to forward external port 443 to port 8123 on the Home Assistant installation. In this way, you don’t need to specify the port number when you access Home Assistant for outside the LAN. However, from inside the LAN I still have to specify portnumber 8123.
It’s helpful to have the exact same URL operational from outside as well as inside the LAN. The Android web app takes only a single URL regardless if you use it at home or outside. So I changed the port forwarding rule to forward external port 8123 to the same port on the Home Assistant LAN IP address. As I understand it the reverse proxy provides more flexibility here, but I haven’t applied it yet.
Hope this helps anyone else who’s using a router without NAT loopback. For completeness I’ll add my Dnsmasq config here. Just fill in your own external domain name and the local ip address of the Home Assistant installation.
Hi Peter, i’m facing the same issue and trying to solve it with DNSmasq.
Regarding this:
i don’t understand if i need to insert the IP of the machine where Hassio is installed (so the IP of the raspberry) or the IP of the Mobile phone
both are static IP
and another question: if i have the port forwarding from 8123 to 8123 in the configuration of dnsmasq i still need to insert the :8123 at the end or not? like you have indicated here?
in the router i don’t need to set up anything else right? only the port forwarding mentioned before?
sorry, but i’m very noob and i’m trying to set up everything correctly
My apologies for being such a sloppy community member Giovanni, I sincerely hope that you figured it out a long time ago. But I thought I’d still answer your questions, better late than never.
The local ip-address that you have to specifiy is the ip-address of the machine where Hassio is installed.
You have to specify the host name without the portnumber, so you shouldn’t insert :8123.
Correct, there’s nothing left to setup on your router if you use dnsmasq. The port forwarding on your router is to make Home Assistant available to you when you’re not at home.
