On hass.io it’s easy and all you should need to accomplish that task is to install that add-on:
addons/duckdns/README.md at master · home-assistant/addons · GitHub
Alter the add-on options to use your DuckDNS token and domain:
{
"lets_encrypt": {
"accept_terms": true
},
"token": "sdfj-2131023-dslfjsd-12321",
"domains": ["my-domain.duckdns.org"]
}
Configure your configuration.yaml to include the lines ssl_certificate, ssl_key and api_password. Choose a strong api_password and include it in your secrets.yaml:
http:
api_password: !secret http_api_password
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
Do not open any ports for this add-on because it does not need any to work properly.
Of course!
There are, but it’s more complicated in the beginning. If you are thinking about incorporating other add-ons like Node-RED or the like that run in their own containers but need access to hass.io it may easier to use a reverse proxy like Caddy or nginx.
Start small and when you feel more used to the concepts you can begin exploring other options.
You could use that, but you should only if your router also handles the let’s encrypt part. You shouldn’t connect to hass.io without using SSL.
Of course. 8123 needs to be forwarded to your pi regardless of the used dyndns.
The main factor that influences to use VPN or not is what you want to do with exposing hass.io to the internet.
- Is it only for having access to it trough your browser? VPN could be an option.
- Is it to use services like Google Assistant, Amazon Alexa or some types of notifications? VPN isn’t an option as the services need to communicate with hass.io directly.