Last week we installed Hass.io in a Raspberry Pi 3, we set up two ways to access the Home Assistant configuration files, and we also password protected the Home Assistant web interface. Today, we are going to configure the DuckDNS add-on so we can access Home Assistant remotely and securely using an SSL connection.
Before setting up remote access to Hass.io, make sure that you password protected the Home Assistant web interface. You can learn how to do it in my previous article
Step 1: Install DuckDNS
Open Home Assistant, go to Hass.io, select Add-on Store and then Duck DNS. Click on Install and give it a couple of minutes for the add-on to install. Once the installation finish, go to duckdns.org and sign in using one of the available methods to create a new account. Create a new subdomain name and then copy the new DuckDNS token. Go back to Home Assistant, and under Config, edit the following:
- Accept terms, change it to true
- Token, enter the new DuckDNS token number
- Domains, enter the new domain name created in the DuckDNS website.
{ "lets_encrypt": { "accept_terms": true, "certfile": "fullchain.pem", "keyfile": "privkey.pem" }, "token": "Your_DuckDNS_Token_Number", "domains": [ "your_domain.duckdns.org" ], "seconds": 300 }
Make sure that the token number and the domain name are enclosed with quotation marks “ ”. When finished, click on Save.
Step 2: Set up port forwarding
IMPORTANT UPDATE: Paulus Schoutsen @balloob via Twitter stated that it is not required to set up a port forwarding rule for Let’s Encrypt. The DuckDNS add-on uses the DNS challenge with Let’s Encrypt. So, please disregard the forwarding rule Hassio_Lets Encrypt created at 2:06 in the YouTube video and the Hassio_SSL rule created at 2:30.
The Second Hassio_SSL rule created at 3:12 in the YouTube video, that forwards port 443 to 8123, it is definitely required.
I have updated step 2 in this guide to reflect the proper configuration.
There are a few things that you need to set up in the router. First of all, you need to set up that the Raspberry Pi always gets the same IP address, and you also need to set up a port forwarding rule. All router settings are a little bit different so, I wouldn’t be able to tell you exactly where to go to set this up. There is a website called portforward.com that you can visit for instructions on how to setup port forwarding rules in a specific router brand.
Here is how it would be for an Asus router:
- Service Name: Name it the same, Hassio_SSL
- Port Range: Set it to 443
- Local IP: Enter your Raspberry Pi’s IP address
- Local Port: Set it to 8123 (instead of 443)
- Protocol: Leave it as TCP
Click Apply and then reboot the router. Once the router is back online, go back to Home Assistant and start the DuckDNS add-on. Check the Log to make sure that the set up was successful.
Step 3: Edit the configuration.yaml file
Next, you need to add the new DuckDNS URL and also the SSL information in the configuration.yaml file. In Home Assistant, use the Configurator add-on to access the configuration.yaml file (You can also use Samba to edit the configuration.yaml file using any text editor). Under HTTP, set up the base_url to the new DuckDNS domain name. Then enter the following information for the SSL certificate and the SSL key. Lastly, click Save and restart Home Assistant to apply the changes.
http: base_url: https://your_domain.duckdns.org:8123 ssl_certificate: /ssl/fullchain.pem ssl_key: /ssl/privkey.pem
The DuckDNS add-on is now set up, and we can access Home Assistant remotely and, also locally with the new DuckDNS URL.
Step 4: Reconfigure the Configurator add-on
Last but not least, there are a couple of things that we need to reconfigure, and this is if you are using the Configurator add-on only. Now that Hass.io is configured with DuckDNS, if you try to access the Configurator add-on from the shortcut in the Home Assistant side menu, it won’t open. To correct this go to Hass.io, Configurator and under Config, change the SSL to true. Click on Save and then click on Open web UI. In the configuration.yaml file, look for the panel_iframe that we set up in the previous article. Under url, change the default link to the new DuckDNS URL and set up the port 3218 at the end. Make sure that you put https at the beginning of the URL. Then, click on Save and restart Home Assistant.
panel_iframe: configurator: title: Configurator icon: mdi:wrench url: https://your_domain.duckdns.org:3218
Now, we also need to set up a port forwarding rule for the configurator so go back to your router settings and create a new forwarding rule with the following:
- Service Name: Name it Hassio_configurator
- Port Range: Set it to 3218
- Local IP: Enter your Raspberry Pi’s IP address
- Local Port: Set it to 3218
- Protocol: Leave it as TCP
Click Apply and then restart the router one last time. Now when you try to reaccess the Configurator from the side menu, it opens using the new DuckDNS URL.
All right, we’re going to leave it here for now, but on the next article, we would go over how to install Node-RED so we can make Home Assistant even better. So, definitely stay tuned for that.