Secure Remote Access on https (own domain, no duckdns, letsencrypt addon)

Hi there,

I have a static IP, a router on which I can do port-forwarding, my own domain with a subdomain currently containing a A-record pointing to my static IP.

I’ve setup a Raspberry Pi with Home Assistant OS (using the image provided on home-assistant.io in the installation tutorial).

I can access my home assistant remotely using ha.mydomain.com:8123 (which is not secure).

I added the letsencrypt addon in Home Assistant and set it up with my subdomain, mail, etc. I temporary opened port 80 in my router and pointed it to port 80 of the internal IP of home assistant.

Running the letsencrypt addon worked fine and the logs says it stored certificates in:


Certificate is saved at: /data/letsencrypt/live/ha.mydomain.com/fullchain.pem
Key is saved at:         /data/letsencrypt/live/ha.mydomain.com/privkey.pem

But what’s up next?
I guess I’m only one or two steps away from having a working remote access setup!

Okay… I got it up and running!

Last few steps needed was to add as follows to configuration.yaml:

homeassistant:
  external_url: "https://ha.mydomain.com"
  internal_url: http://192.168.0.110:8123

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ip_ban_enabled: true
  login_attempts_threshold: 5

(when you run the letsencrypt addon it will move the certificates to /ssl-folder automatically … I guess? At least I didn’t have to look for them in /data/letsencrypt/live/ha.mydomain.com/ somewhere in a docker container?!?)

The portforwarding on the router is set as 443 forwarding to 192.168.0.110:8123.

When accessing from my local network, I have to remember to add https to the URL and choose to trust the certificate.

I guess that all there is to it, right? Any comments?

4 Likes