Setup on Synology NAS with remote access

Hello,
I’m interested in learning home automation and am trying to set-up Home Assistant. I have been having challenges with Home Assistant and am looking for any suggestions or guidance.

Set-up Requirements and Details:

  • I’ve been using Synology NAS in my home for many years and am currently running a DS918+. I figured I could run Home Assistant off my Synology so I have started down this path. I’m certainly open to other options as well. I’m not clear what the benefit of running it on the Synology vs my home PC.
  • I would like to be able to remote access my Home Assistant.
  • I would like to be able to share my Home Assistant set-up (or parts of it) with my family members so they can have control and access to some home controls.
  • I have a number of different devices in my house that I will link to Home Assistant. Ecobee, Sonoff, NuHeat, Kasa, B-hyve
  • I got Home Assistant running on my Synology using a Virtual Machine and Docker.
  • I installed HACS.
  • Attempting to set-up remote access has caused the following issues.
    o I created a DuckDNS account
    o Set-up port forwarding and Dynamic DNS in my EdgeMax router (EdgeOS). I’m not confident I set this up correctly as I found a few different methods online.
    o Installed DuckDNS on HomeAssistant
    o After installing DuckDNS my HomeAssistant fails the configuration check. Error was against External and Internal URLs.
    o I removed the External and Internal lines from the configuration Yaml file and it passed the configuration check.
    o Now I can’t access Home Assistant.
    o Using SAMBA I can access the configuration files. So I opened the config file and removed everything that was added per the instructions for DuckDNS. Still HomeAssistant won’t open.
1 Like

I can answer to some of your questions…

  • why HA on Synology and not on your PC? If nothing else, Syno runs 24/7 anyway and it has HDD mirroring, so i one of your HDD’s die you won’t loose anything.

  • You can set up remote acces via your synology’s domain → go to reverse proxy for that. No need for any DuckDNS. I explained procedure on my site. And don’t forget port forwarding in your router (explained at the beginning of my page). So, let’s say that now you already set up Synology DDNS address as https://yourname.synology.me. So, HA will be available at: https://home.yourname.synology.me.

  • you can set up different users with different access inside your HA installation. All users will access HA via syno’s reverse proxy address.

2 Likes

Thanks for your response Pavel, much appreciated.

I will look into remote access via synology’s domain. A few additional questions:

Router changes:

  1. My router is an EdgeMax. Do I need to set up Port Forwarding and Dynamic DNS?
  2. I’m seeing varying details for Port Forwarding. Some say to forward 443, 8123 and 80. How do I confirm which ports to forward to 8123?

I only forwarded port 443 in my router, which is default port for https. There’s no need for port 8123, because connection to your HA won’t go directly to HA, but through synology’s proxy server. Also no need for port 80, since you won’t access HA with basic http (only https). When you will add prefix “home” Synology will know where to divert traffic, since you define that inside syno’s proxy manager. So, say, “yourname.synology.me” will go into your router’s main page, but “home.synology.me” will go to your internal IP of HA and corresponding port, since that is what you’ll define in synology’s proxy manager. This way you can access to various internal devices inside your home network without any additional port forwarding in router - synology does it all. It’s pretty simple actually once you understand the logic behind. Let’s assume that you have NVR recorder. You can set up acces from outside with, say, “nvr.yourname.me”, by entering local IP and port of our NVR in synology’s proxy manager and you’re done. Or access your RPi with, say, “pi.yourname.me”…. All you have to do is enter correct data in syno”s proxy manager. And, you get a certificate for each of these subdomains for free (via let’s encrypt).

You need to setup dynamic dns only in your synology. There’s no need for setting up in router if you won’t use it. Synology has two free ddns domains: one is *.synology.me, while other is something quickconnect…. I only use first one, btw.

I have had some success. Using DSM Reverse Proxy I’m able to access Synology main page. I created a Reverse Proxy for HA per your instructions but entering that host name into my browser just takes me to the Synology main page rather than Home Assistant. I’m sure I have done something basic wrong.

I seem to have to working now. I had to add this to my configuration file in home assistant.

http:
use_x_forwarded_for: true
trusted_proxies:
- IP address for HA on Virtual Machine

Yes, it’s quite possible that these lines are mandatory…
I also have similar stuff in my config:

http: # ------------------------------------------------------------------------ HTTP
  ip_ban_enabled: true
  login_attempts_threshold: 10
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.0.0/24
    - 172.30.32.0/24
    - 172.17.0.0/24

Second and third IP is written in virtual machine manager in Synology. I don’t know if it’s mandatory, i think that i’ve read somewhere back then, so i add them.

I’m getting close to giving up on accessing Home Assistant remotely.

I have set up Reverse Proxy in my Synology per instructions provided on this site.

From my iphone I’m able to access my Home Assistant remotely using Safari but I’m unable to access using the Home Assistant Companion App or Firefox. When my phone is not on my local network the Companion App give error 'The certificate for this server is invalid. You might be connecting to a server that is pretending to be “my Home Assistant URL” which could put your confidential information at risk.
I’m not sure why I can login from Safari but not Companion or Firefox. Any suggestions? I considered just accessing from Safari but it makes me enter my login and password each use, it doesn’t seem to remember them even when I check the remember box.

Also, I would consider paying for a Nabu Casa account to hopefully eliminate the technical issues I’ve been having connecting remotely. I don’t mind paying for a single Nabu account but I don’t want to pay for each member of my family to access our Home Assistant account. Would we be able to access a single Nabu account from multiple devices?

Did you create certificate in control panel → security → certificates ? There you can create a free certificate via let’s encrypt. After you created certificate for your subdomain you must assign it: in “certificate” page click “settings” and select your new certificate for your new subdomain.

Thanks Pavel, I had selected the domain certificate for the subdomain. I have now updated the subdomain certificate.
Seems to work. Let’s see.

1 Like

@PhotoZilla @Protoncek
If I understood you all, by installing HA in your NAS you can fully access your HA remotely per iphone as you do local.
If so, it is very kind of you @PhotoZilla to write a documentation / user guide in details and share with me.
I want to setup my DS210+ with HA.
Thanks

Installing HA on synology is described on official HA site (home assistant installations -->alternative, find Synology). However, you MUST have your drives formatted in btrfs system, not ext3/4, otherwise you won’t be able to install VM manager and create virtual machine at all. Also - not all Synology NAS machines allow VM manager (at least not officially, sometimes there are side ways…)

As for externall access, i’ve posted link to my site above (second post, i think) - all you need is setup proxy in synology.

@Protoncek I use DS218+.
How can I check if my drives format?
I can not find Reverse Proxy Tool in my NAS Control Panel. Where is it exactly?
Thanks

You can check simply by going into Package center and see if you have “virtual machine manager” available for install and if you can install it. If you have wrong format it will warn you and won’t install - in this case the only option is to delete existing partition (storage pool) and create a new one - yes, i know - it means backup all your existing data, delete and re-create partition, and then copy all back to NAS… i’ve had to do that, sadly… there’s no way to convert existing partition from ext- to btrfs.

proxy panel is quite hidden, yes: Control panel → login portal → advanced → reverse proxy.

@Protoncek thanks. Now I can find it. I installed HA successfully in NAS using Docker

ok, great! i forgot that Docker is an option, yes. I guess you don’t need btrfs partition for docker, only if you install HA into VM, as explained HERE

@Protoncek In Reverse Proxy, I am now at Reverse Proxy Rules, tab Customer Header. After click Create I have to input the HeaderName and Value.
In your guide, Header Name is WebSocket, What is about Value???

@Protoncek Moreover I gave hostname, for example “dsm.thanhbinh.synology.me” but it does not accept by Let’s Encrypt.
How can I map IP-Adress:port_number like 192.xxx.xxx.xx:5001 to this hostname??
Thanks

When you click “create websocket” all should automatically be filled-in.
I think that in order to succesfully create let’s encrypt in your router you must forward port 443 to IP of your synology.

@Protoncek no, it is not automatically filled-in by me
How can you create your own domain? here
dsm.yourname.synology.me

In my systems I have only one possibility to create a domain using External Access, tab DDNS like
yourname.synology.me
I use it for Reverse Proxy.