If you want to be able to access Home Assistant from anywhere in the world, you can use the following method to achieve this goal.
DuckDNS (Free)
Install DuckDNS Add-On
Open Home Assistant web portal, Go to Settings -> Add-ons -> ADD-ON STORE -> input DuckDNS, click install button.
Create a DuckDNS sub-domain
Go to DuckDNS website, Create an account and sub-domain
Setup DuckDNS Add-On
Go back to DuckDNS Add-On, in Configuration tab, click right top Menu choose “Edit in YAML“, setup sub-domain and token, turn on SSL.Config file example as bellow:
domains: - <your-sub-domain>.duckdns.org token: <your token> aliases: [] lets_encrypt: accept_terms: true algo: secp384r1 certfile: fullchain.pem keyfile: privkey.pem seconds: 300
Edit configuration.yaml
Go to Sidbar -> File editor-> configuration.yaml, Add bellow setting at the end.
http: ssl_certificate: /ssl/fullchain.pem ssl_key: /ssl/privkey.pem ip_ban_enabled: true login_attempts_threshold: 5
Set Home Assistant URL
Go to Settings -> System -> Network-> Home Assistant URL, set you address for internet and local Network.
Test sub-domain
Go to https://<sub-domain.duckdns.org>:8123 and the login page appears within 1-3 seconds, then you have successfully set up a reverse proxy with DuckDNS.
(Optional)Resolve DuckDNS domain to local IP
If you want use same address for external and internal address in HA, then you need a local DNS server which can resolve the domain to your local IP.
1.Install Dnsmasq Add-On
2.Setup Dnsmasq
defaults: - 8.8.8.8 - 8.8.4.4 forwards: [] hosts: - host: <your-sub-domain>.duckdns.org ip: 10.0.0.7 <HA Hub local IP> services: [] cnames: []
3.Set it as Primary DNS server in your Router
Test it:
C:\Users\Thomas>nslookup <your-sub-domain>.duckdns.org Server: Unknown Address: 10.0.0.7 Name: <your-sub-domain>.duckdns.org Address: 10.0.0.7
Use FRP (need FRP server with Public IP)
FRP is an open source, reliable, and efficient solution for providing secure access to internal networks through the internet. It allows for easy setup and configuration of TCP, UDP, HTTP, HTTPS, and other protocols, enabling users to expose services in the internal network to the outside world.
To configure frp penetration effectively, it is essential to have a server with an external network ip that is accessible from the external network. If not, the next tutorial can be skipped. The configuration tutorial is composed of two parts: the configuration of the server (external network server) and the configuration of the client (intranet server). By following these steps, you can be sure to configure their frp penetration correctly.
Install FRP on Public Server
wget https://github.com/fatedier/frp/releases/download/v0.33.0/frp_0.33.0_linux_amd64.tar.gz
tar -zxvf frp_0.33.0_linux_amd64.tar.gz
cd frp_0.33.0_linux_amd64/
Config FRP server
nano frps.ini
Set FRP Server config, example as bellow:
[common] # frp listen port, default is 7000 bind_port = 7000 # Token for Client auth token = 52010 # frp backend management port dashboard_port = 7500 # frp admin username and password dashboard_user = admin dashboard_pwd = admin enable_prometheus = true
Setup FRP service
nano /lib/systemd/system/frps.service
Set FRP service for boot start, example as bellow
[Unit] Description=fraps service After=network.target syslog.target Wants=network.target [Service] Type=simple # Use you own frp installed path ExecStart=/etc/frp/frps -c /etc/frp/frps.ini [Install] WantedBy=multi-user.target
Start and enable frps service
sudo systemctl start frps
sudo systemctl enable frps
Validate FRP server
open http://<frp server IP>:7500,the login your admin account which you create in “frps.ini” file.
Install FRP on Local Hub
Download the correct version of FRP based on your machine type – ARM or AMD64. The process is the same as you did for the server side.
Setup FRP service
Same as what you did for Server side. The only different is use “/etc/frp/frpc -c /etc/frp/frpc.ini”
Config FRP client
nano frpc.ini
Setup FRP Client configuartion
[common] server_addr = <FRP Server Public IP> server_port = 7000 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 7001 [Home Assistant] type = tcp local_ip = 127.0.0.1 local_port = 8123 remote_port = 7002
Validate FRP
Open http://<FRP Server Public IP>:7002, if you see the HA login page then you are good, if not ,go back to check the FRP config.
Home Assistant Cloud
Home Assistant Cloud is the simplest way to get remote access, for a fee of $6.50 per month.