WTH- would be nice to have Multiple Choice for Access @ login?

dCon0ne · October 25, 2022, 1:28pm

Would be nice to have an EASY way, to choose type of access to HA. What I mean is, right now, I am connected to HA via HA Cloud. But, when my internet goes down, I lose access.

Would be nice at login, to have a choice, to login using the CLOUD, or Local(ly)…

TheFes · October 25, 2022, 1:35pm

There is an option for that

dCon0ne · October 26, 2022, 1:16am

is there a Companion for Windows?

TheFes · October 26, 2022, 8:18am

No, but I assume you use your web browser there. Just go either to your internal or external url

Hellis81 · October 26, 2022, 8:31am

I would say you got this wrong.
HA is local, and the cloud is the “addon”.
homeassistant.local is the url if I remember correctly or the IP:8123

dCon0ne · November 10, 2022, 4:43pm

I’m aware of the local ip access, that is the way, I originally had it setup that way. But, I got to the point, were the need for remote access, was the next logical step, so I setup with Duck DNS with Let’s Encrypt. And when HA Cloud, came along, I switched, for the extra features.
Ever since, the “Duck+Let’s Enq”, setup for remote access, I have been Unable to access HA locally, using “192.168.xxx.xxx:8123”…
What, am I missing, so that, I can have both, Local and Remote Access??

CentralCommand · November 10, 2022, 6:16pm

A reverse proxy most likely.

If you added the SSL certificate you made with let’s encrypt to HA directly and put it in the config for http then you have probably disabled lan only access. HA either requires all traffic be encrypted or none, it cannot do both.

Your options are:

Use cloud. Then you get an external only https url and an internal only http url
Set up a reverse proxy. Remove all SSL stuff from http in HA and move the certificate to your proxy. Map whatever port you expose on your router to the proxy, not HA. Then you get an external only https url that goes through the proxy and an internal only http url that goes directly to HA. This addon works well for this.
Set up an alternate tunneling system like cloudflared. Works the same as #1 in the end (since cloud is also a tunneling system)
Use a VPN or tailscale/zerotier/etc. setup. Then HA isn’t exposed externally at all but you can only get to it from specific devices outside your LAN
Set up a DNS server and have everything on your LAN use it. And a DNS rewrite entry for your duckdns domain to resolve to the LAN IP. Don’t change HA’s SSL config, the same url works in all cases but it resolved to different ips inside and outside your LAN
Leave everything as is. Go to https://<internal url>:8123 when inside your url and your duckdns url outside. Tell all your stuff to ignore the scary SSL warning when on your LAN and hope all your stuff has a “don’t verify the certificate” option

IMO these are in order of least difficult to most difficult both in terms of initial setup and ongoing maintenance (like 3 might be more difficult to set up then 4 but once it’s setup you’re done). #6 is at the bottom mainly because it is by far the worst option IMO since it’s just as difficult to set up as #2 but also requires manually undermining security at each device after that. But pick whichever you prefer.

dCon0ne · November 11, 2022, 3:44pm

@CentralCommand Thanks for this list of Options, (this list should be Pinned somewhere), it will help others decide.

For some reason, when I first setup the HA Cloud, I was unable to use “https://local-ip:8123” url. But, I just tried the local url, and it is working now.

Still, an option to select Local or Remote at login would be Nice…