I added other sub-domain and tghey work. SO the probelms is in HASS …what can be?
EDIT
I took out
base_url https://xxx.duckdns.org
then tried putting this
base_url https://192.168.1.238:8123
still not working
also did this
http:
api_password: !secret api_password
# ssl_certificate: !secret ssl_certificate
# ssl_key: !secret ssl_key
# base_url: !secret base_url
still not working.
Well I give up
SOLVED,
Had to clear tyhe cache of android browser
Now have a small annoyance
from inside the network I can access HASS from
http:192.168.1.238:8123
but NOT from https://xxx.duckdns.org
from outside the network I can access HASS from
https://xxx.duckdns.org
which means if I am home with WiFi or 3G I have to change the address on my smartphone browser.
How to solve this?
I think this had something to do with your router settings. On my router (Ubiquiti Edgerouter lite) I had to check the option:
Hairpin NAT
Enable hairpin NAT (also known as "NAT loopback" or "NAT reflection")I see (very complicated to me).
I have an asus dls-55u, it should have the option but I do not see it in the configuration. Where it should be? (regarding NAT I have only one option to enable/disable it)
Looks like there is an firmware upgrade that solves the problem on this type of router. http://drivers.softpedia.com/get/Router-Switch-Access-Point/ASUS/ASUS-DSL-N55U-verC1-Router-Firmware-1073.shtml
So install the firmware update and check if the problem still exist.
Caution: I can not be held responsible for this upgrade.
I have upgrade to a 2016 firmware (latest from asus), in the description says nat loopback fixed. But I do not find the settings!!
I have a similar setup, but I’m running HASS on my Synology (without Docker). I can’t get passed the “502 Bad Gateway nginx” error (mentioned earlier in this post) when attempting to connect to HASS at “https://xxx.myds.me” in Chrome.
Ideally, I would like to connect to “https://xxx.myds.me/ha” or have a subdomain for HASS, but I’m not sure how to do that yet. For now I have to connect to the Synology web portal via “https://xxx.myds.me:5001”, since the reverse proxy I setup is re-directing “https://xxx.myds.me” (port 443) to internal port 8123. I’m not even sure if I need a reverse proxy to accomplish what I am trying to do. I was able to delete the 443 port forward on my router and I can still connect secured https to the synology web portal over port 5001… but it doesn’t seem to be possible to connect https directly over port 8123. I’m not sure how all of this works. Can someone please help! I already wasted all of yesterday trying different things. See below for details.
This stuff is working:
- external https connection to synology web portal (port 5001) is working (let’s encrypt certificate added through synology)
- external http unsecure access to home assistant is working
- external http unsecure access through Reverse Proxy is working (if updating Reverse Proxy to use HTTP port for source and removing ssl_certificate and ssl_key from configuration.yaml.)
Here is my setup:
Home Assistant is running on the Synology (not using Docker)
Synology control panel->Security->Certificate:
Added Let’s Encrypt Certificate for xxx.myds.me
Router:
Port 443 -> 443 on Synology
Edited Portal.mustache file according to this post.
Synology Control Panel->Application Portal->Reverse Proxy:
Source: https://xxx.myds.me (port 443)
Destination: http://localhost:8123
Cert files:
Manually copied these 2 files to same folders as configuration.yaml:
/usr/syno/etc/certificate/system/default/fullchain.pem
/usr/syno/etc/certificate/system/default/privkey.pem
NOTE: Have also tried changing permissions on these files point to them directly in the configuration.yaml file. I’m not sure what the ideal way of doing this is.
Home Assistant configuration.yaml:
http:
api_password: !secret http_password
ip_ban_enabled: true
login_attempts_threshold: 5
ssl_certificate: fullchain.pem
ssl_key: privkey.pemOk, it works finally. Here are the things I changed which might have fixed it:
- Removed router port forward (443), then re-added.
- Removed Reverse proxy setting, then re-added.
- This is what probably, fixed it: Removed ssl_certificate and ssl_key lines from the configuration.yaml file. Note, I tried re-adding these and it actually made it to the homeassistant log-in page, but it timed out eventually and said it could not connect. I then removed these lines again and re-tested and it worked again.
Note, I am using “https://xxx.myds.me” to connect to homeassistant, so I need to use “https://xxx.myds.me:5001” to connect to the Synology web interface. It would be nice if I could use “https://xxx.myds.me/ha” to connect to home assistant instead… I remember seeing something in the location section of the nginx config file where I might be able to do this. Anyone have this working? Or how can a create a subdomain with synology’s ddns?
Just wanted to say thanks for taking the time to post this! It was exactly what I was looking for.
You’re welcome.
This post helped me a lot, but i’m still stuck on something.
When i want to go to: xxx.synology.me, i get a loading screen of HASS and then the error unable to connect.
Anyone has a fix for that?
1 Like
Did you recently updated your Synology? If so: DSM 6.2 resets your Portal.mustache again. Look at https://github.com/wilfredsmit/dsm-reverse-proxy-websocket.
I’m now running on DSM 6.1.7-15284 so normally it should be ok. Also because my other apps are working fine using nginx.
@doubleUS i don’t get it anymore. I tried everything using certificates, reverse proxy, even edited my iptables and then everything was broken. Still got the loadingscreen of homeassistant and then it says “Unable to connect”.
I saw in the logs that it says: (MainThread) [homeassistant.components.http.view] Serving /api/websocket to 192.168.0.x (auth: True)
Can you provide some help ?
EDIT
While typing this reaction i saw the github link you provided. I tried that link again and that did the magic. Finally it is working after trail and error. Thank you for sending the link!
I got everything working except Telegram.
In the error log, it says
Invalid telegram webhook http://[HA IP]:8123/api/telegram_webhooks must be https
In HA configuration, I don’t set base_url, ssl_certificate and ssl_key under the http: component.
Should I set the 3 variables under the http component?
If I added…
base_url: !secret http_base_url
ssl_certificate: !secret ssl_certificate
ssl_key: !secret ssl_key
The Telegram works but the frontend stop working and gives this error…
[homeassistant.components.notify.rest] Error sending message. Response 502: Bad Gateway:
Did you managed to get it work?
Currently i don’t have any experience with telegram…
First I really want to say words of appreciation to @doubleUS and others for time spent on this and helping others. It helped me a lot.
I’d like to add my experience which works for me and could possibly help to next gens of users:
- I have synology NAS with DSM 6.2.1-23824 Update 4 installed
- I have HA run in docker container with use of http (no https)
- I have lets encrypt certs in place for remote access to my synology box remotely
- all you need to do is:
- go to Control Panel/Application Portal/Reverse Proxy
- create new reverse proxy:
-
dont forget replace “your” to your own name at synology.me
-
add custom heaters:
this is needed to allow web sockets to work properly - i.e no need to change mustache files manually -
go to External Access/Router Configuration
- select “HTTPS, Reverse Proxy” with 443 port
- click “Save” and allow open this in your router (I have Time Capsule and DMS does great job to auto setup port forwards)
-
you are done )
-
you dont need to do any changes in HA config for http section
-
you can access your HA as “https://your.synology.me” outside and inside your local network
-
you can continue use your fav local address of ha
6 Likes