Home Assistant on a Pi, Wordpress on the Synology.
I mean an exdample of port forwarding with sub domains…
Sorry, trying to understand.
In my router when I port forward 443 I can do it only once. And have no options of domains. I am sure I am missing something but do not know what
One router rule: port forward 443 to the Synology and in the Synology configure all the reverse proxy rules (Using Let's encrypt certificate of Synology NAS).
you forward 443 to IP of synology and port 443. Correct?
TCP and UDP?
So I did this:
changed portal mustache
in router this
in synology (its at 192.168.1.25)
from my outside network (and also internally) I can’t access
https:xxx.duckdns.org
I can access like this (from inside network
https://192.168.238:8123 (http does not work)
this has to be done, or only
"Also reroute port 443 to 8123 as a Reverse Proxy-rule. "
I did not change Portal.mustache having trouble modifiying it, no permissions.
EDIT finally changed the Portal.mustache, but now I receive
502 Bad Gateway
NGINX
this is the Portal.mustache modifed. I don’t know what else to look for
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_intercept_errors on;
proxy_http_version 1.1;
{{#resolver}}
proxy_pass $backend;
{{/resolver}}
{{^resolver}}
proxy_pass {{backend}};
{{/resolver}}
}Your router and revert proxy settings looks okay, but you have to change the mustache file. I changed it with the package config file editor. Login as admin is required to get permissions.
I managed to modify it. But is not working, is not connecting from the outside
can you post your Portal.mustache?
I added other sub-domain and tghey work. SO the probelms is in HASS …what can be?
EDIT
I took out
base_url https://xxx.duckdns.org
then tried putting this
base_url https://192.168.1.238:8123
still not working
also did this
http:
api_password: !secret api_password
# ssl_certificate: !secret ssl_certificate
# ssl_key: !secret ssl_key
# base_url: !secret base_url
still not working.
Well I give up
SOLVED,
Had to clear tyhe cache of android browser
Now have a small annoyance
from inside the network I can access HASS from
http:192.168.1.238:8123
but NOT from https://xxx.duckdns.org
from outside the network I can access HASS from
https://xxx.duckdns.org
which means if I am home with WiFi or 3G I have to change the address on my smartphone browser.
How to solve this?
I think this had something to do with your router settings. On my router (Ubiquiti Edgerouter lite) I had to check the option:
Hairpin NAT
Enable hairpin NAT (also known as "NAT loopback" or "NAT reflection")I see (very complicated to me).
I have an asus dls-55u, it should have the option but I do not see it in the configuration. Where it should be? (regarding NAT I have only one option to enable/disable it)
Looks like there is an firmware upgrade that solves the problem on this type of router. http://drivers.softpedia.com/get/Router-Switch-Access-Point/ASUS/ASUS-DSL-N55U-verC1-Router-Firmware-1073.shtml
So install the firmware update and check if the problem still exist.
Caution: I can not be held responsible for this upgrade.
I have upgrade to a 2016 firmware (latest from asus), in the description says nat loopback fixed. But I do not find the settings!!
I have a similar setup, but I’m running HASS on my Synology (without Docker). I can’t get passed the “502 Bad Gateway nginx” error (mentioned earlier in this post) when attempting to connect to HASS at “https://xxx.myds.me” in Chrome.
Ideally, I would like to connect to “https://xxx.myds.me/ha” or have a subdomain for HASS, but I’m not sure how to do that yet. For now I have to connect to the Synology web portal via “https://xxx.myds.me:5001”, since the reverse proxy I setup is re-directing “https://xxx.myds.me” (port 443) to internal port 8123. I’m not even sure if I need a reverse proxy to accomplish what I am trying to do. I was able to delete the 443 port forward on my router and I can still connect secured https to the synology web portal over port 5001… but it doesn’t seem to be possible to connect https directly over port 8123. I’m not sure how all of this works. Can someone please help! I already wasted all of yesterday trying different things. See below for details.
This stuff is working:
- external https connection to synology web portal (port 5001) is working (let’s encrypt certificate added through synology)
- external http unsecure access to home assistant is working
- external http unsecure access through Reverse Proxy is working (if updating Reverse Proxy to use HTTP port for source and removing ssl_certificate and ssl_key from configuration.yaml.)
Here is my setup:
Home Assistant is running on the Synology (not using Docker)
Synology control panel->Security->Certificate:
Added Let’s Encrypt Certificate for xxx.myds.me
Router:
Port 443 -> 443 on Synology
Edited Portal.mustache file according to this post.
Synology Control Panel->Application Portal->Reverse Proxy:
Source: https://xxx.myds.me (port 443)
Destination: http://localhost:8123
Cert files:
Manually copied these 2 files to same folders as configuration.yaml:
/usr/syno/etc/certificate/system/default/fullchain.pem
/usr/syno/etc/certificate/system/default/privkey.pem
NOTE: Have also tried changing permissions on these files point to them directly in the configuration.yaml file. I’m not sure what the ideal way of doing this is.
Home Assistant configuration.yaml:
http:
api_password: !secret http_password
ip_ban_enabled: true
login_attempts_threshold: 5
ssl_certificate: fullchain.pem
ssl_key: privkey.pem