I´m new to HA but I´ve been trying to setup duckdns to access my Hassio via https. I´ve followed the exact same tutorials out there (https://www.juanmtech.com/ is the best for me) but still cannot have it working properly. I´ve setup the config YAML file, duckdns plugin in hassio, duckdns account and the firewall rules, but as you can see below, I still get the access issue going with https.
Can anyone shed some light? I´m not sure how to test any ports within Hassio, but I can tell for sure that the router is configured properly to forward 443 to 8123.
Your baseurl and the one you are trying to access your home assistant with have port 8123. Yet you have only exposed port 443 to the outside world. I think if you change the port from 8123 to 443 that your issue should be resolved.
thanks for your reply - I did try the same (opposing ports) and including individual rules for both ports … same issue … I wish there was a way to determine it within hassio, any commands I could try to figure this out?
thanks man - still same issue, changed yaml and tried accessing it via https, same issue … when I tried without the port at the web address, I get the attached.
Does your baseurl in the configuration.yaml include https? Also in the browser are you attempting to access “xxxx.duckdns.org” or “https://xxxx.duckdns.org”. In my configuration.yaml I include https in on my base url.
If you include “https://xxxx.duckdns.org” in an http: entry (in configuration.yaml) you subsequently ONLY be able to access your HA using “https://xxxx.duckdns.org” and not be able to get to it from (say) 192.168.0.200:8123 locally on your lan (which is a bugger if your phone line is down etc.)
Please look at : - DuckDNS - It's not just me - it's you! everything you should need is in there unless you need to wipe out your existing config (see earlier in same thread) It also means that as https defaults to port 443 you can just expose port 443 and direct it to 443 on your HA (encrypted all through) 8123 is not encrypted. No other ports required.
If you enable SSL then the communication is encrypted regardless of port @Mutt. I was trying to establish if he was putting https in the configuration.yaml and trying to access via the browser without specifying https. While port 443 automatically puts https on that url due to the browsers knowing that 443 and 8443 are SSL ports these ports are not required for SSL. Just because you specify a different port doesn’t mean you lose the ssl encryption.
I’m not sure that you are correct.
And if you are; somebody should tell my browser that.
If I connect to HA locally e.g. 192.168.0.200:8123 the browser states “Your connection to this site is not secure” (it’s on my LAN behind my gateway and firewall, so I’m still feeling pretty secure).
However : -
If I connect (from the same machine) to https://myfortressofsolitude.duckdns.org it tells me “Connection is secure”
So somebody other than me thinks that this is the case.
Also; please remember that I’m using nginx which technically is a … well to quote the nginx.com website : - “NGINX is a high‑performance, highly scalable, highly available web server, reverse proxy server, and web accelerator (combining the features of an HTTP load balancer, content cache, and more). NGINX offers a highly scalable architecture that is very different from that of Apache (and many other open source and commercial products in the same category).” This may well mean that it is able to differentiate (given the load balancing bit AND the fact that the two way encryption is a bit more processor intensive (maybe not much, but if you scale it up, it may become significant) and generally it’s the principle rather than striving for that 0.00001% improvement. I certainly have noticed 8123 response to be observably faster than 443.)
Part of the reason it says unsecure is because the certificate that the site is using isn’t for your ip address it’s for “myfortressofsolitude.duckdns.org”, this causes the browser to say the connection is not secure because it cannot validate the connection against the certificate. To prove this click on the lock icon beside the url and have a look at the messaging inside there of it, which should say Certificate invalid
If you do the same with your other url it will say Certificate valid.
I use SSL connections without using the default port personally and never have issues with not having a secure connection unless I use an IP Address which is as I stated because my cert is not for that web address.
Nginx is a great product and I do not disagree with the use of it if your use case calls for using that particular tool. I am using the duckdns addon without Nginx and a non standard SSL port. Neither the port of 443/8443 nor nginx is required to make your connection communicate over ssl. If you are attempting to use a port proxy service to expose to the outside world that is great for that but not required.
I would expect that is observably faster than 443, if 8123 is going directly into your home assistant instance, this is because with Nginx in the middle of your trip from your computer you have now intentionally added an additional hop to reach your final destination If your nginx server is also on the same pi as the home assistant then the resources are being taken away from home assistant as the network traffic occurs. This would cause an observable slow down when using that particular port of 443.
I feel like I have derailed the particular thread and I am willing to talk more about this in a different thread. As long as @Andre_Bruno has had his issue resolved by any method he could I am happy.
@Andre_Bruno,
Tom is absolutely right, I apologise for diverting your thread away from your issues. Can you please update us with your status, you have one very network savvy guy on your case (and me heckling from the sidelines ; - )
Cheers
Mutt
