Hi.
I want to be able to access my HA from outside my house securely with my own custom domain. I am able to access it insecurely by using http://homeassistant.mycustomdomain.com:8123 but I really don’t want it to be insecure.
I’ve seen countless tutorials and threads on using duckDNS but I don’t get how to apply it to my own domain. I can change DNS records and port forward but I don’t get how to put it all together.
Thanks
You are 1 step ahead of the game, since you already have the dns working. I recommend using the Caddy2 addon (only way I have done it).
then in /share/caddy/ put this in a file called Caddyfile (no extension)
{
email [email protected]
}
(header) {
header {
Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
Referrer-Policy "same-origin"
-Server
Content-Security-Policy "frame-ancestors mycustomdomain.com *.mycustomdomain.com"
Permissions-Policy "geolocation=(self mycustomdomain.com *.mycustomdomain.com)"
}
}
homeassistant.mycustomdomain.com {
import header
encode gzip
reverse_proxy yourHomeAssisistantLocalIPAddress:8123
}
Where yourHomeAssisistantLocalIPAddress is the local IP address of your homeassistant (192.168.1.XXX) . Forward your external router ports 80 and 443 to this IP. Caddy should automatically renew the encryption certificate and forward requests from that subdomain to your homeassistant. I think that’s it, took a little trial and error to get it all working. Others may have better solutions, try what works for you. The header part is optional, but it apparently makes it more secure. You can add more entries for different subdomains if you run other services (like vaultwarden, emby, etc)
you will need to add this repository into your Supervisor->Addon Store->Three Dot Menu->Repositories
https://github.com/einschmidt/hassio-addons
Hi Jaaem,
Thanks for this. I’ve installed caddy, created the folders and then created the file, Caddyfile (no extension). I’ve entered my email, and replace mycustomdomain with my domain and set the IP.
I’ve entered for the caddy config
non_caddyfile_config:
email: myemail
domain: mydomain
destination: localIP
port: 8123
args: []
env_vars: []
log_level: info
Caddy runs and now when I go to https://homeassistant.mydomain.com I get “This site can’t provide a secure connection – ERR_SSL_PROTOCOL_ERROR”
I have ports 8123, 443 and 80 going to the internal IP.
External → Internal
8123 → 8123
443 → 443
80 → 80
I think I’ve done everything correct but I’m all very new to this. Here are my logs too:
I guess you need http://yourHomeAssisistantLocalIPAddress:8123
See reverse_proxy (Caddyfile directive) — Caddy Documentation
Looks like you did everything correct. Possibly your ISP blocks port 80? If that is true, you may need to do a DNS challenge, which is a pain. I would check on the caddy site for help
Caddy Community
It should not matter, but you should not have port 8123 forwarded (the whole point is to just use 80 and 443, and not expose 8123). Caddy will automatically forward 80 to 443 as well.
Also try http:// your to your IP. Caddy should autoforward, this will at least tell you that caddy is working.
Maybe post your caddy file. To remove variables, you can also remove the (header) section and the import header line.
Also, try the suggestion above. I do not have the http:// and it works. I don’t think you need to, but you may need to set the external IP address in your homeassistant setup. Configuration->General
So I left it for a bit. Didn’t do anything, no restarts, no config changes, nothing. But suddenly it’s working. Thank you for the help. It’s much appreciated. Also, thanks @koying for further support.