Hi all,
I use an ASUS router which has its own ddns client and encryption certs from LetsEncrypt.
I would like to open up Home Assistant to the outside world and was looking over the various steps.
Since the router is just going to port forward 443 to the HA server, do I copy the router cert to HA, or does the HA server need its own certificate?
Thanks.
Old thread, but with duckdns going down a couple times last week, I was curious about this as well. I did try just copying the cert files but unfortunately did not work. Anyone ever use the certs from asuscomm in ha? Or better question might be, how can i create a cert for HA that is not a duckdns.org url
I run Asuswrt-Merlin on an RT-AC88u and use a custom ddns script for cloudflare, but run a separate docker container for letsencrypt on my server, and use an Nginx reverse proxy for HA.
Replying to my own comment for others in the future. So my asus router has the ability to get certs automatically from lets encrypt. It allows you to export those files.
key.pem
cert.pem
I just copied them into my Home assistant home directory and changed the appropiate entries in the
http:
section of my config.yaml to point to those files. and it’s all working as expected now
just curious, does the cert from the router allow for subdomains/wildcards? or does everything have to be a subdirectory?
Its very easy, NO DuckDNS install need.
Copy the Asus Cert files in Home Assistant SSL folder
Only install NGINX Addon
NETWORK 443 and 80
Start the Addon, and work in 1 minut.
Remember change the url in mobile app https://yourname.asuscomm.com
And Open Ports in your Router.
Enjoy!
FONT: Configuration for HA https access (Asus AC68U built in DDNS service)
I just did this the other day and could not be happier
Basically ngnix running natively on my router. I have my own domain on google domains. I’m using Cloudflare for dns. Cloudflare has an api that works with certbot.
Required a little bit of understanding of ngnix and dns.
wahOO!
thankyou for share!
Just to follow up. I’ll try to write a more definitive guide later on this. Would mostly plagerize from the article I posted but here are the basic things I did.
server {
listen 443 ssl;
root /config/www;
index index.html index.htm index.php;
server_name HASS.YOURDOMAIN.COM; (or whatever you name it)
# include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
# auth_basic "Restricted";
# auth_basic_user_file /config/nginx/.htpasswd;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
proxy_ssl_verify off;
# include /config/nginx/proxy.conf;
proxy_pass http://YOURIPHERE:8123;
}
} }
The config file ends up being in
/tmp/mnt/entware/entware/etc/nginx/sites-enabled
So homeassitant.conf or whatever you name it.
I will say that these steps are a bit confusing, and I know I did not write everything out in order It was a couple days of back and forth, but it’s working perfectly now. I have a few sites behind NGNIX.
Oh I forgot, you need a cname in cloudflare for your HA instance. So for example if your domain is
stuff.com you need a cname for HASS, then hass.stuff.com will be your instance.
Here is what the asus ddns setting would look like too
ok, hope this stream of consciousness helps at least a little bit.
Having my own domain, not needing duckdns, and being able to have internal and external urls for HA have been nice. The fact it runs fully on my ASUS router is also pretty cool.
Thanks for sharing. Currently, I’m using DuckDNS and forwarding port 8123 to 8123 and I’m accessing my HA through https://duckdns.com:8123.
I have a few questions:
Thanks in advance.
I don’t know if this thread is still alive but I have the same question !
What is the easiest way to retrieve certificates once it is expired.
Thanks
Many topics on the forum about built-in DDNS. And no one can answer…
Hi Clydde,
I am exactly on the same boat you were some months ago. But now the NGINX add on doesn’t allow to tweak the config file as before.
I guess that I should enter your parameters in the “Custom Nginx Configuration” box but I can’t figure out how to do it without raising errors.
As you did then I want to use my own CERTs (downloaded from the UI of the Asus router) instead of requesting new ones but I can’t achieve that through the UI of the addon. Can you help me?
A lot of time passed, but as I just went through the setup, let me bring this up and give the solution that worked for me, with some symptoms.
One more thing: after you install the Nginx add-on, restart the Home Assistant. For some reason, I wasn’t able to use the Nginx add-on configuration page until I did that.
Also, don’t forget to add this to your configuration.yaml:
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
Important: do not change the IP address. This is really odd, but even though my whole home network is in the 192.168.x.x range, Nginx server chose to use the 172.30.33.x address.