Configure Home Assistant for remote access with DuckDNS
This article is a continuation from Use Samba to configure Home Assistant, but theoretically you can continue from Install Home Assistant on RaspberryPi if you don’t want to have the benefit of accessing your installation with Samba.
What I’ll cover
Like in the previous article, here I’ll start from an existing installation of Home Assistant done in a python virtual environment (on a RaspberryPi, but this doesn’t really matter) running in the “homeassistant” user account (so isolated from the root user for safety reasons).
If you followed both of the previous articles, you should also have Samba installed and therefore you can edit the configuration file (you’ll see which one and how) from your preferred editor on your preferred remote machine.
I’ll explain how we’ll be able to access our Home Assistant system from a remote location (through internet) without using any static IP address.
Why can’t I just use the static IP?
Well, you can actually, but it’s not very practical nor “elegant”.
In theory, once you know your public IP you could use that one to connect to your machine (still need a little bit of work, but it’s minimal).
The problem with this direct approach is both that you need to know and remember the numbers of your IP and also the fact that your internet provider will probably change your public IP periodically… so you’ll need to find out your new IP in order to been able to connect again.
It’s undeniable that is much better to been able to remember an internet address (such as www.google.com or myhomeassitant.com) that never changes, in order to connect to our machine.
So, if you’re ready, let’s start!
Access Home Assistant from ANYWHERE!
So right now (if you look at the previous posts) we can only access our installation from http://homeassistant.local:8123 from within our private LAN.
We want not to access it from everywhere in the World!
Configure your router
This step has nothing to do with Home Assistant but it’s mandatory and required any time you want to access a resource in your private LAN from outside.
It’s very simple and everything it really does is registering a port (8123 in our case) telling our router (that connects us to the external world) to send any request from outside, requested to that specific port, to a well defined device in our internal network (and to a specific port that could even be different if we really want)… that in our case is the computer with the Home Assistant installation (that is a RaspberryPi in my case). This is called Port Forwarding.
That said though, the routers are all different and there is no way for me to show where this configuration is precisely located on your router.
Despite this, it should not be difficult to locate.
First of all you need to access your router.
On Windows you can use the command “ipconfig /all” and look for the “DNS Servers” line.
On Mac you can try to use “cat /etc/resolv.conf” or other methods. You can easily find it out with a minimum search on the web.
Otherwise look at your IP and you can try to substitute the last number with “1” or “254”. So for example things like: 192.168.0.1, 192.168.0.254 or 192.168.1.1, 192.168.1.254.
Once you have the router configuration page in front of you, you need to find the section where you can setup the port forwarding .
It is generally inside a section of the router that will probably require you to access it using an admin account.
Check the manual, search the web or simply look for the port forwarding section and create a new port forwarding.
Set the port 8123 as the only port to forward, select the TCP protocol, and select the system with the Home Assistant installed as the destination computer.
As a reference, this is an example of how it could look like:
That’s all!
Test it
search “myip” on google and you should receive the information about your public IP.
grab that address (let’s call it a.b.c.d) put it in your browser with the port 8123 (a.b.c.d:8123).
at this point your Home Assistant page should be visible in the same way it was when you accessed it within your LAN.
Ok that’s the mandatory step we have to do if we want to connect to our Home Assistant from internet. Let’s now see how can we make it practical and reliable.
Setup a DNS
Now… as you can imagine, discovering your IP every time is not very practical, considering that it could easily change! (aside from the fact that, as we mentioned, having to remember that 4 numbers is not ideal).
To avoid this we want to use a DNS system that will allow us to type something like myhomeassitant.com for example and automatically resolve it into the IP that will bring us back home (literally).
The service we’ll configure and use is called DuckDNS: https://www.duckdns.org/
Decide one of the offered method of registering/signing-in and you can immediately decide your very own domain for free!
This is the UI that offer you this:
Register a domain in DuckDNS
Pick one sub domain and click on the “add domain”.
At this point you are ready! You just need to keep track of a couple of data that we’ll need to configure Home Assistant to use it.
From the page with your domain (I highlighted some important part to look at):
You can check that the current IP is the one you can find with google (as shown previously).
In particular now keep track of:
- Domain
- Token
At this point we have a system that from anywhere in the world will allow us to open a web address like “yourDomain.duckdns.org” and redirect this connection to our home IP.
The only problem is that as it stands, this will work until our IP will remain the same. As soon as our internet provider will change our public IP, this redirection will fail, still pointing to our old IP address!
To solve this we’ll need the cooperation of our Home Assistant. It will be it in fact that will take care of keeping updated the IP associated with our DuckDNS domain, contacting DuckDNS for us!
Let’s do this now.
Configure DuckDNS in Home Assistant
The reference page for this (to find out more) is: https://www.home-assistant.io/components/duckdns/
Let’s start opening our “configuration.yaml” file (you should now be able to edit it from your preferred machine through Samba or directly from the RaspberryPi, with ssh or directly).
Edit it adding this section (I add this at the end, but you can really add it anywhere. Just follow the logic suggested by the indentation):
1 2 3 |
duckdns: domain: YOUR_SUBDOMAIN access_token: YOUR_ACCESS_TOKEN |
Naturally use your sub domain and token that you saw on the DuckDNS website few moments ago.
Our Home Assistant is ready to talk with DuckDNS and update our IP so that we’ll be able to reach it at any time using our domain string.
That’s really it!
Test the configuration
It’s good practice to test the changes before restarting Home Assistant and applying them.
From the interface
You can do this directly from the Home Assistant Dashboard, clicking on the “Configuration” option:
Then choosing the “General” section:
and finally clicking on the “Check Config” button:
If everything goes as planned you will see a nice green reassuring message:
otherwise an error message and the detail will be displayed. For example:
If this happens, don’t restart the Home Assistant and go back into the configuration file to fix the problem first.
From the command line
We’ll need to login into the machine with ssh, switch to the homeassistant user, activate the python virtual environment we setup (see : Install Home Assistant on RaspberryPi) and then execute:
1 |
hass --script check_config |
The output should just be something like this if everything is fine:
1 2 |
(homeassistant) homeassistant@homeassistant:~ $ hass --script check_config Testing configuration at /home/homeassistant/.homeassistant |
NOTE: In case of error you’ll notice it as you’ll clearly notice the presence errors. For example:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
(homeassistant) homeassistant@homeassistant:~ $ hass --script check_config Testing configuration at /home/homeassistant/.homeassistant ERROR:homeassistant.util.yaml:while scanning a simple key in "/home/homeassistant/.homeassistant/configuration.yaml", line 66, column 1 could not find expected ':' in "/home/homeassistant/.homeassistant/configuration.yaml", line 67, column 1 Failed config General Errors: - Error loading /home/homeassistant/.homeassistant/configuration.yaml: while scanning a simple key in "/home/homeassistant/.homeassistant/configuration.yaml", line 66, column 1 could not find expected ':' in "/home/homeassistant/.homeassistant/configuration.yaml", line 67, column 1 Successful config (partial) |
If that’s the case for you go back and check your configuration (use the errors as a guideline).
Apply the changes
If everything is fine you can then restart the Home Assistant to reload the new configuration.
You can do this restarting the machine (physically or through ssh) or you can just restart the service from the root (pi) user with:
1 |
sudo systemctl restart home-assistant@homeassistant |
then you can check the status and verify that it’s running:
1 2 3 4 5 6 7 |
pi@homeassistant:~ $ sudo systemctl status home-assistant@homeassistant.service ● home-assistant@homeassistant.service - Home Assistant Loaded: loaded (/etc/systemd/system/home-assistant@homeassistant.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-10-19 19:49:36 UTC; 26s ago Main PID: 2539 (hass) CGroup: /system.slice/system-home\x2dassistant.slice/home-assistant@homeassistant.service └─2539 /srv/homeassistant/bin/python3 /srv/homeassistant/bin/hass -c /home/homeassistant/.homeassistant |
Job Done!
All done! At this point you should be able to reach your homeassistant from anywhere in the world just reaching the web address:
http://<yourdomain>.duckdns.org:8123
The browser will contact DuckDNS and find out your latest public IP. It will then contact your home Router at the requested port 8123 that will in turn redirect the call to our Home Assistant computer… beautiful!
but wait… there is more…
Despite we achieved our goal there is an extra step that is generally recommended:
Right now our connection is http (non-secure). This means that we are potentially open to attacks or more vulnerable in general.
In order to avoid this, it’s good practice to secure the connection with SSL and HTTPS.
Don’t worry if you don’t know what I’m talking about. I’ll explain everything in the next article.
If you enjoyed this article, found it interesting or just learned something new (or simply liked it) please share it, comment or feel free to if you think I deserved it or you simply want to show your appreciation :). In any case thanks for passing by and until next time!
Hello, thank you for this tutorial but do you have a tutorial from the prompt hassio and menu hassio?