SSL outside and http localy

Hi need some help to config the HA to work with SSL outside and http localy ia have already get an duckdns domain and config it i have also set the prot forward to the router 8123 to 8123 and 443 to 8123 and in config http:

base_url: https://<myurl duckdns>
   server_port: 8123
   ssl_certificate: /ssl/fullchain.pem
   ssl_key: /ssl/privkey.pem

but with the above i can only access it from https if i comment the 2 ssl then i can access it only localy

Short answer:
Don’t put the certificate into configuration.yaml but install the nginx add-on and use it as a reverse proxy and configure the certificate there.
Afterwards you’ll have SSL on a different port.

Thanks for your responce

with this option the error from outside is
Unable to connect to Home Assistant.

RETRY

config of ngix

domain: mydomain.duckdns.org
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
customize:
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf

Would be good to know what the error is…
However, did you set the trusted_proxies as described in the nginx docs?

i have set the following

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.0/24
nginx: [emerg] PEM_read_bio_DHparams("/data/dhparams.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: DH PARAMETERS)
[cmd] /run.sh exited 1

uff, sorry - this is the end of my expertise…
Other seem to have solved this by reinstalling the addon.

I made an unistall and reinstall of the addon and error disappeared from the logs now when i try to access from outside returns 400: Bad Request

No need for nginx proxy :yum:

outside, use https://my.duck.dns
inside use https://my.duck.dns:8123

provided you:

  • add duck.dns domain in your router
  • add dhcp reservation for 192.168.x.y (ha’s ip address) and name it ‘my’

with the dhcp reservation you ensure that your local dns resolves my.duck.dns as 192.168.x.y :wink:

http/400 is a message from the webserver - thats good.
In my case, I added the docker network to the trusted proxies:

  • 172.30.33.0/24

ho i can find the docker network ?
im running hassio on a PI

Actually, I just copied the trusted proxy settings from the nginx-addon docs. If you are running the hassio image I’d expect that to be the same on all installations:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24

already reserved ith no luck. :frowning: im frustated with this errors

i ll give it a try now

GREAT!! this was the solution everything up and running Thanks alot for your effort

1 Like