slychiu
Administrator
| Joined: | Saturday Apr 29th, 2006 |
| Location: | Singapore |
| Posts: | 5845 |
| Status: |
Offline
|
back to top
|
This is a guide to setting up encrypted remote access using DuckDns and Lets encrypt to secure the connection. This content is mainly from https://smarthomeaddict.co.uk/2022/07/home-assistant-remote-access-using-duckdns-and-letsencrypt/ which is one of the best guides.
Why this method?
- It’s a quick and relatively easy way to get remote access to Home Assistant.
- It provides an SSL certificate to keep your connection secure.
Some downsides
- There is a need to open up a port in your router to forward the port.
- Internal access will now report a certificate error, but you can safely ignore this
First Go to DuckDNS.org. Sign in or create an account. Create a domain with the name of your choice, it will end in duckdns.org. Click Add Domain.
The domain will then appear below. To link your account with the addon, select and copy the string in the token field. Don’t give anybody this token, as it’s a security risk to share it.
Next Install the DuckDNS addon. Go to Settings, Addons and then click on Addon Store. Click DuckDNS. Click Install. Once it’s installed, enable the watchdog and go to the Configuration tab. As you can see, we need some information to add to the config.
 
add the duckdns URL in the domains box eg xxxx.duckdns.org You should see the same URL above the Domains box with an X.
Warning - you may see another X on the left. Press X to delete this blank domainotherwise the add on will not work. This caused me a lot of time to sort it out
Also when you copy and paste the token from the duckdns page, check that there are no spaces in the front of the token. By default the token is copied with one or more spaces.
In the Let’s Encrypt section, change false in accept terms to true in order to allow the addon to request an SSL certificate. Finally click Save.
We now need to let Home Assistant know it’s using an SSL certificate. To do this, edit the configuration.yaml file and add an http section, then add the following two lines.
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
Click Save.
Click Developer Tools, and check config. If there are any errors correct them – If all is well click Restart.
Next forward forward a port in your router to allow traffic through so that you can access your Home Assistant instance from the Internet.
Go to your router IP address.
- Forward port 8123 to internal Port 8123. Protocol is TCP
- Forward port 443 to internal Port 8123. Protocol is TCP
As we’re using an SSL certificate, we’ll be using https. This means that the traffic between your browser or mobile and Home Assistant is encrypted, so nobody can intercept or see what you are doing. The standard port for https is port 443, however Home Assistant is on port 8123.
When you go back to Home Assistant, eg http://homeassistant-local:8123 you will get an error. This is because you’ve turned on SSL, so we need to change the URL slightly to use https instead of http, ie https://homeassistant-local:8123 Once you do this, you’ll get a warning that your connection is not private as we’re using the IP address. It is safe to ignore this as this is inside your network. Click Advanced, and then the Proceed link. Home Assistant will now display and you can use this as normal.
From a browser outside the home network, enter your DuckDNS url that you set up, ensuring you precede this with https:. eg https://mydomain.duckdns You do not need port 8123
Log in using your normal credentials. Once logged in, you can then operate home assistant as if you were browsing from your home network.
You can use the remote access domain eg https://mydomain.duckdns even within your home network so you do not need to use the local IP address.
|
