My HA installation is HAOS. I’m using http internally, on 8123. Most of the time, this works. However, there are times when I hit the URL by FQDN and it says “Unable to connect to Home Assistant. Retrying in XX seconds…” OR it displays an NGINX error indicating I’m connecting via HTTP on a HTTPS Port. I do not have the NGINX add on installed. The FQDN resolves internally to the IP Address of the HA instance. While this is happening, I can go to the IP address of the HA instance just fine. After some time, the FQDN will resume working without any intervention on my part. Where can I look to find configuration or logs that may explain this behavior?
What device are you connecting from and are you using a browser, and if so…what browser?
Some devices refuse to use the DHCP provided DNS servers and some browser also have this option.
Especially DNS-over-HTTPS settings should be turned off when using local DNS servers.
Some browsers also try to connect to the HTTPS port as default, if you do not state HTTP explicitly.
Browser, and have connected from Mac, Windows, Brave, Firefox, Chrome, Edge. Using DNS on UDP 53. When I get the error, I am not seeing the browser do the HTTPS connection.
I had left it HTTP internally specifically for Google TTS, but I think that will be fine if I switch to HTTPS I make sure the certificate is CA signed, and maybe that’s my best option.
Ok, then you might have a DNS issue.
DNS have nothing to do with HA.
DNS is resolved at your configured DNS servers and the IP address that it receives from there is then used to connect to HA.
My guess is that you have an external DNS server listed or your internal DNS server sometimes resolve the FQDN by asking the external DNS servers.
I understand the DNS has nothing to do with HA, and I’ve been verifying from the CLI of the client that it resolves the FQDN properly. I am now thinking that the CLI test was a misleading result… I think like you suggest that the browser is resolving to another address. Solving this could be a little brutal.
“Talking” through this… My setup for DNS is Adguard Home running on OPNsense, redirecting internal domains to BIND also running on OPNsense. Digging through the Adguard logs to find times it fails to redirect properly is a bit of a pain… However, my FQDN does resolve externally as well, to the external IP of my firewall, and hits NGINX on OPNsense to connect back to HA. I used this setup for a brief time prior to subscribing to Nabu Casa, and it is no longer necassary. While I haven’t found a way to easily parse the Adguard logs, I DID look at the NGINX logs on OPNsense, and sure enough, there are hits on the NGINX service from internal IPs for the HA FQDN. This lends credence to your suspicion that DNS is sometimes returning the external IP Address. I can remove the external DNS record as it’s no longer needed, as well as the NGINX configuration on the firewall, but I suspect that will just lead to a connection error in the browser, and I will have to figure out why Adguard Home is sometimes sending the queries to my upstream external DNS rather than to my internal server to really resolve this issue.
Thanks for your insight and helping realize the need to look deeper into my DNS environment… I was assuming that was working correctly, and thinking perhaps there was a built in NGINX service on HA that was responding! I think it’s time to take this issue to the Adguard Home support forum and figure out why Adguard Home is not always redirecting my requests to the internal IP!
DNS servers are usually set to be used even with a so called round-robin algorithm.
DNS servers are not a prioritized list.