Hello again! Sorry for my late reply, I’ve been busy these days. Thanks all for the answers.
“I suspect the problem lies in the firewall of the container host” → In fact that was part of the problem: the firewall in my host was blocking port 443. I allowed traffic for this port and that made a step forward. But things were still not working. I’ve been struggling with it these days and I got it to work. I will explain how, in case it is useful to someone.
I basically followed this tutorial using swag and duckdns: Remote access with Docker
A particularity of my setup is that, as explained, I own a domain and I have an Apache2 server running on this host. My IP is dynamic, but I have a little script that makes my domain to always point to my actual public IP. This is quite usual for simple/little web servers. My website is http (not encrypted) and I am planning to move forward to https in short. But at this very moment I still don’t have a certificate for my website.
I have used a different port than 443 to access to my HA from outside to avoid using a known port. To achieve this I made a rule in my router that redirects [WAN_HA_PORT] to port 443 of my host. When I will introduce https to my webserver I guess I will have to change 443 to another port. But for the time being I left it like that.
These are my config files, in case these are useful to someone. What you see in CAPITALS you will have to adapt to your setup. Not the full files here, just what you need for remote access.
configuration.yaml (HA config file):
default_config:
homeassistant:
external_url: "https://homeassistant.MYUSER.duckdns.org"
internal_url: "http://192.168.X.X:8123"
http:
ip_ban_enabled: true
login_attempts_threshold: 3
use_x_forwarded_for: true
trusted_proxies:
- 172.10.0.0/24 # Docker network
duckdns:
domain: "MYUSER.duckdns.org"
access_token: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
docker-compose.yml (docker compose config file):
version: "3"
services:
homeassistant:
container_name: homeassistant
image: homeassistant/home-assistant
volumes:
- /home/[USER]/homeassistant_config:/config
environment:
- "TZ=Europe/Brussels"
ports:
- 8123:8123
network_mode: host
restart: unless-stopped
swag:
image: ghcr.io/linuxserver/swag
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Brussels
- URL=[MYUSER].duckdns.org
- VALIDATION=duckdns
- DUCKDNSTOKEN=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
- SUBDOMAINS=wildcard
volumes:
- /home/[USER]/swag_config:/config
ports:
- 443:443
restart: unless-stopped
# set trusted docker internal network
networks:
default:
ipam:
config:
- subnet: 172.10.0.0/24
homeassistant.subdomain.conf (swag config file):
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name homeassistant.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 192.168.X.XXX;
set $upstream_port 8123;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ ^/(api|local|media)/ {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 192.168.X.XXX;
set $upstream_port 8123;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
If someone sees something wrong in these files don’t hesitate to say!
To access my HA these are the URLs depending on if I am connecting from LAN or from WAN:
http://192.168.X.XXX:8123
https://homeassistant.MYUSER.duckdns.org:[WAN_HA_PORT]
These can be used in the Companion Android App or directly on the browser.
When I started with all this I had the idea that maybe I could avoid using duckdns because I had a domain of my own and my little script updates the DNS servers each time my public IP changes. I am still wondering how I could achieve this. Someone knows if this could be possible?