panzo19
(Panzo19)
July 25, 2021, 5:16pm
1
Hi need some help to config the HA to work with SSL outside and http localy ia have already get an duckdns domain and config it i have also set the prot forward to the router 8123 to 8123 and 443 to 8123 and in config http:
base_url: https://<myurl duckdns>
server_port: 8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
but with the above i can only access it from https if i comment the 2 ssl then i can access it only localy
Short answer:
Don’t put the certificate into configuration.yaml but install the nginx add-on and use it as a reverse proxy and configure the certificate there.
Afterwards you’ll have SSL on a different port.
panzo19
(Panzo19)
July 25, 2021, 5:27pm
3
Thanks for your responce
with this option the error from outside is
Unable to connect to Home Assistant.
RETRY
config of ngix
domain: mydomain.duckdns.org
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
customize:
active: false
default: nginx_proxy_default*.conf
servers: nginx_proxy/*.conf
Would be good to know what the error is…
However, did you set the trusted_proxies as described in the nginx docs?
panzo19
(Panzo19)
July 25, 2021, 5:36pm
5
i have set the following
http:
use_x_forwarded_for: true
trusted_proxies:
- 127.0.0.0/24
nginx: [emerg] PEM_read_bio_DHparams("/data/dhparams.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: DH PARAMETERS)
[cmd] /run.sh exited 1
uff, sorry - this is the end of my expertise…
Other seem to have solved this by reinstalling the addon.
panzo19
(Panzo19)
July 25, 2021, 5:46pm
7
I made an unistall and reinstall of the addon and error disappeared from the logs now when i try to access from outside returns 400: Bad Request
aceindy
(Aceindy)
July 25, 2021, 5:49pm
8
No need for nginx proxy
outside, use https://my.duck.dns
inside use https://my.duck.dns:8123
provided you:
add duck.dns domain in your router
add dhcp reservation for 192.168.x.y (ha’s ip address) and name it ‘my’
with the dhcp reservation you ensure that your local dns resolves my.duck.dns as 192.168.x.y
Another alternative is to define your own (local) domain in your router as well as esphome config…
what I did:
added a domain name in my router f.e. assistant.url
[image]
added a lease for a device on it’s IP f.e. 192.168.100.100 and gave it a name f.e. home
[image]
Added domain to esphome config:
domain: assistant.url
After that, all your devices should be able to resolve home.assistant.url as the reserved IP
(home.assistant.url should equal your qualified https dns name )…
http/400 is a message from the webserver - thats good.
In my case, I added the docker network to the trusted proxies:
panzo19
(Panzo19)
July 25, 2021, 5:57pm
10
ho i can find the docker network ?
im running hassio on a PI
Actually, I just copied the trusted proxy settings from the nginx-addon docs. If you are running the hassio image I’d expect that to be the same on all installations:
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
panzo19
(Panzo19)
July 25, 2021, 6:01pm
12
already reserved ith no luck. im frustated with this errors
panzo19
(Panzo19)
July 25, 2021, 6:10pm
14
GREAT!! this was the solution everything up and running Thanks alot for your effort
1 Like