Hi Guys, I’m quite new with HA and I’m running it on a Raspberry Pi 3. At the moment I am busy with remote access. However I try to set it up using DuckDNs and NGINX. In the process of Port Forwarding I get stuck. The port is normally set to 433 but that port is already in use. How can i change this?
Change the external port on the router or where? Your question isn’t clear.
Sorry for me not being clear.
I’m setting up my DNS via DuckDNS. However the incoming port is set by default to 443.
This port is already in use at my wifi network for my Synology-server, which is a seperate device than where my HA runs on(Raspberry). I use this port for the https link with the server.
So my problem is, in normal condition you port forward port 443(DuckDNS) to your HA. However this port is already in use. Is there any possibility that I can change the port to a different port since port 443 is already in use?
pls let me know if the problem is clear right now, because these things are quite new to me and I’m having a bit of a struggle to explain the situation haha
thank you anyhow in advance!!
You can select any port you wish to forward to home assistant.
That being said, if you’re using letsencrypt which requires 443 then you need to use a DNS challenge instead. Not sure if that’s your issue though.
How can i check whether im using letsencrypt ?
What certificate are you trying to use with home assistant?
Oh I see, I am using NGINX and that is based on SSL Proxy, which is letsencrypt right?
You can use any certificate authority you want. But lots of people use letsencrypt. And you can use any port forwards you want. But you’ll likely need a dns challenge.
ok… thanks for the info. This is a bit unkown territory for me. Do you know how to do this? I’d like to change the port that is being used by DuckDNS, for accessing HA…
Show what exactly you have done so far. With configs / setups / environment / logs / errors / what you are using specifically / how you are trying to access HA / what works / what is not working, etc.
… so that other users here would know how to help.
= = = =
Are you saying you have already get an https access into your Synology already? If yes, that means you have already got a cert and a domain name, yes?
Don’t know whether your Synology offering reverse proxy feature, but if it does (I believe it does), you might not need duckdns nor nginx… setting up something in your synology, and then pointing to: http://192.168.your.ha.lan.ip:8123
Problem seems to be fixed for now. It had something to do with the token given in DuckDNS. If you copy the token, the first digit is a space that needed to be removed…
Download nginxproxymanager add on.
Point your router 80 and 443 at home assistant ip 192.168.xxx.xxx.
Make an A listing for your domain and subdomains. Pointing at your IP for the two subdomains you want
In nginxproxymanager Make a proxy host
synology.yourdomain.com → 192.168.xxx.xxx port 443
homeassistant.yourdomain.com → 192.168.xxx.xxx port 8123
Under ssl select create new certificate.
Force ssl.
Download Adguard, and set DNS entries for your subdomains to home assistant ip address, which is your proxy host.
Now internal on your network, or out in oblivion you can use the same address to access your hosts. synology.yourdomain.com
And people are still amazed as they get ransomware or DDoS attacks. Why would you ever do this?
Both synology (free) and nabu casa (almost free) have great connection possibilities which are far more secure. Now you just opening the doors for all kinds of nasty people on the internet. And since you are not really an expert in this matter I don’t think you have a great firewall with packet inspection and filtering options.
Choose for nabu casa and synology’s own cloud service or a VPN. Do not open your ports to the internet. Just my thoughts. Good luck.
Yeah I tried using my Syno for Smarthome software but my Syno wasnt suitable for it unfortunately…
That is totally not what I meant. Never mind.
How did you arrive at that conclusion? I mean, what makes it not suitable?
You know nothing about me or what I am or am not lol.
the fact that you are suggesting to use Nabu or Synology shows me you’ve left uPNP enabled. which is even more dangerous than using specific ports to a reverse proxy host, where public facing stuff can reside in a DMZ.
But sure lets suggest to just use ‘secure’ free methods that utilize upnp that can open anyport on demand on your router.
They work perfectly fine without UPnP. And I don’t use any of them. I use a VPN.
And no I don’t know anything about you, because the reply wasn’t about you. It was about the topic starter, who multiple times mentions it is new to him and he has little to no knowledge about it.
But even if it was a reply to you, it still is bad advise if you ask me. But hey, I’ll just shut up and and move on.