[solved] LE + DuckDNS: WAN works, LAN not => solution "NGINX Home Assistant SSL proxy" Add-on!

I recently have configured DuckDNS & LE but cannot login with the Android app anymore from LAN.

From the mobile network it works and I have configured the WiFi SSID’s.
When I start the companion app on the LAN it seems to crash.
Any idea/suggestion to solve this?

I’m using 3.0.2 full on Android 10.

TIA!

What addresses do you have set in the android app?

1 Like

https://xxx.duckdns.org
https://HA-IP:8123

I set my phone up to use the WAN URL because I wanted access when I’m not at home, then, more recently, added the local (LAN) address so I in-home access would be more direct. I did get it working on the android app. (The LAN address is not a URL, but 192.168.40.xxx:8123).
On my laptop, I just have two links set up, one for “local” and one for WAN access.

@qoheleth: you enter the LAN address in the Android app without a protocol (http[s])?

On a computer, in a modern browser, most of them add https as default and if you use http://HA-IP:8123 (without s) you normally don’t get into HA, in case you configured Let’s Encrypt

This is true (and the case on my browser, which also incidentally accepts the homeassistant.local:8123 address as well.)
However, my Internal Connection URL in the app is set to http://192.168…:8123/ (without the s) and that is working for me. My point wasn’t about the s or lack thereof, but about the use of an IP address instead of the homeassistant.local construction.
The non-local address does indeed use https:…

AND you’re using a Let’s Encrypt certificate with HA?

Well it cannot be the HA install that’s sure. It’s something to do with your LAN.

  • for DDNS you must have port forwarding on, so check you have not changed the port

  • check remote HA-IP url is resolving in your phone. Install some common line app and ping HA-IP and check the IP address is correctly reported. Then ping the IP directly. All ok?

  • Check router and all boxes to ensure HA-IP is not multiply defined and/or not defined. It should only be defined once in your router and nowhere else.

It seems to be something with the certificate which doesn’t work with the LAN IP AND the app.
Whereas with a browser, you are able to bypass it by making an example exception.
Tried with a browser on the mobile device and that works…

Lot’s of people seem to have this problem when exposing HA to the internet and apparently the “NGINX Home Assistant SSL proxy” Add-on is the solution.

The certificate is only valid for your external DuckDNS domain, that’s why you get a certificate error when you try to access HA through the local IP address. The companion app can’t handle this certificate error.

NGINX is a reverse prixy that allows you to have a SSL connection externally and still have http access locally without the SSL overhead.

1 Like

Thanks guys!
I was indeed the NXINX reverse proxy Add-on that was necessary to solve this. :partying_face:

For anyone stumbling on this topic with the same problem, this is a well written guide which explains it all very well: Remote access for Home Assistant

Kudos to @Tinkerer ! :clap: :+1: :ok_hand:

1 Like