Now have a small annoyance
from inside the network I can access HASS from
http:192.168.1.238:8123
but NOT from https://xxx.duckdns.org
from outside the network I can access HASS from
https://xxx.duckdns.org
which means if I am home with WiFi or 3G I have to change the address on my smartphone browser.
How to solve this?
I think this had something to do with your router settings. On my router (Ubiquiti Edgerouter lite) I had to check the option:
Hairpin NAT
Enable hairpin NAT (also known as "NAT loopback" or "NAT reflection")I see (very complicated to me).
I have an asus dls-55u, it should have the option but I do not see it in the configuration. Where it should be? (regarding NAT I have only one option to enable/disable it)
Looks like there is an firmware upgrade that solves the problem on this type of router. http://drivers.softpedia.com/get/Router-Switch-Access-Point/ASUS/ASUS-DSL-N55U-verC1-Router-Firmware-1073.shtml
So install the firmware update and check if the problem still exist.
Caution: I can not be held responsible for this upgrade.
I have upgrade to a 2016 firmware (latest from asus), in the description says nat loopback fixed. But I do not find the settings!!
I have a similar setup, but I’m running HASS on my Synology (without Docker). I can’t get passed the “502 Bad Gateway nginx” error (mentioned earlier in this post) when attempting to connect to HASS at “https://xxx.myds.me” in Chrome.
Ideally, I would like to connect to “https://xxx.myds.me/ha” or have a subdomain for HASS, but I’m not sure how to do that yet. For now I have to connect to the Synology web portal via “https://xxx.myds.me:5001”, since the reverse proxy I setup is re-directing “https://xxx.myds.me” (port 443) to internal port 8123. I’m not even sure if I need a reverse proxy to accomplish what I am trying to do. I was able to delete the 443 port forward on my router and I can still connect secured https to the synology web portal over port 5001… but it doesn’t seem to be possible to connect https directly over port 8123. I’m not sure how all of this works. Can someone please help! I already wasted all of yesterday trying different things. See below for details.
This stuff is working:
Here is my setup:
Home Assistant is running on the Synology (not using Docker)
Synology control panel->Security->Certificate:
Added Let’s Encrypt Certificate for xxx.myds.me
Router:
Port 443 -> 443 on Synology
Edited Portal.mustache file according to this post.
Synology Control Panel->Application Portal->Reverse Proxy:
Source: https://xxx.myds.me (port 443)
Destination: http://localhost:8123
Cert files:
Manually copied these 2 files to same folders as configuration.yaml:
/usr/syno/etc/certificate/system/default/fullchain.pem
/usr/syno/etc/certificate/system/default/privkey.pem
NOTE: Have also tried changing permissions on these files point to them directly in the configuration.yaml file. I’m not sure what the ideal way of doing this is.
Home Assistant configuration.yaml:
http:
api_password: !secret http_password
ip_ban_enabled: true
login_attempts_threshold: 5
ssl_certificate: fullchain.pem
ssl_key: privkey.pemOk, it works finally. Here are the things I changed which might have fixed it:
Note, I am using “https://xxx.myds.me” to connect to homeassistant, so I need to use “https://xxx.myds.me:5001” to connect to the Synology web interface. It would be nice if I could use “https://xxx.myds.me/ha” to connect to home assistant instead… I remember seeing something in the location section of the nginx config file where I might be able to do this. Anyone have this working? Or how can a create a subdomain with synology’s ddns?
Just wanted to say thanks for taking the time to post this! It was exactly what I was looking for.
You’re welcome.
This post helped me a lot, but i’m still stuck on something.
When i want to go to: xxx.synology.me, i get a loading screen of HASS and then the error unable to connect.
Anyone has a fix for that?
Did you recently updated your Synology? If so: DSM 6.2 resets your Portal.mustache again. Look at https://github.com/wilfredsmit/dsm-reverse-proxy-websocket.
I’m now running on DSM 6.1.7-15284 so normally it should be ok. Also because my other apps are working fine using nginx.
@doubleUS i don’t get it anymore. I tried everything using certificates, reverse proxy, even edited my iptables and then everything was broken. Still got the loadingscreen of homeassistant and then it says “Unable to connect”.
I saw in the logs that it says: (MainThread) [homeassistant.components.http.view] Serving /api/websocket to 192.168.0.x (auth: True)
Can you provide some help ?
EDIT
While typing this reaction i saw the github link you provided. I tried that link again and that did the magic. Finally it is working after trail and error. Thank you for sending the link!
I got everything working except Telegram.
In the error log, it says
Invalid telegram webhook http://[HA IP]:8123/api/telegram_webhooks must be https
In HA configuration, I don’t set base_url, ssl_certificate and ssl_key under the http: component.
Should I set the 3 variables under the http component?
If I added…
base_url: !secret http_base_url
ssl_certificate: !secret ssl_certificate
ssl_key: !secret ssl_key
The Telegram works but the frontend stop working and gives this error…
[homeassistant.components.notify.rest] Error sending message. Response 502: Bad Gateway:
Did you managed to get it work?
Currently i don’t have any experience with telegram…
First I really want to say words of appreciation to @doubleUS and others for time spent on this and helping others. It helped me a lot.
I’d like to add my experience which works for me and could possibly help to next gens of users:
dont forget replace “your” to your own name at synology.me
add custom heaters:
go to External Access/Router Configuration
you are done )
you dont need to do any changes in HA config for http section
you can access your HA as “https://your.synology.me” outside and inside your local network
you can continue use your fav local address of ha
``Super finally it worked with this simple reverse proxy thing @sergeymaysak thanks a lot ! Now if i go to my HA with https i cant get to my visual code cause it refere to my nas ip:port of vscode What do i need to set to see my setting via vscode or configurator?`
I’ve reading lots and lots of topics on this forum and I don’t get this to work. I really hope someone can give me a hint/solution.
I have the following configuration:
The problem is when I go to https://xxxx.duckdns.org it’s using the Certificate of my NAS and not the new duckdns.org certificate.
I know I’m missing something but I don’t know what. Who can point me to the right direction?
