To connect to your Home Assistant instance from outside your home network, you need:
- A fixed IP address or domain name (ex. my-ha.example.com)
- A valid SSL certificate (to encrypt communications)
- VPN or forwarded ports
Duck DNS gives you a free subdomain name (ex. your-choice.duckdns.org) while Let's Encrypt gives you a free SSL certificate.
- Follow these instructions to install and setup the Duck DNS and Let's Encrypt.
- Ensure your Duck DNS add-on config looks like the below (replacing
YOUR_DUCK_DNS_TOKENandYOUR_DUCK_DNS_SUBDMOAINappropriately):
lets_encrypt:
accept_terms: true
certfile: fullchain.pem
keyfile: privkey.pem
token: YOUR_DUCK_DNS_TOKEN
domains:
- YOUR_DUCK_DNS_SUBDOMAIN.duckdns.org
seconds: 300- Ensure the HTTP section of your config/configuration.yaml looks like the below (replacing
YOUR_DUCK_DNS_SUBDMOAINappropriately):
http:
base_url: YOUR_DUCK_DNS_SUBDOMAIN.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem Your home router likely has a firewall preventing people outside of your home to connect into your home. While this is great for security, you'll need to make some changes to allow secure, remote access to your Home Assistant instance. Since everyone's router is different, I'll outline the options and you'll need to consult your router's manual for how to implement them.
A VPN is the securest option, listed here, to remotely connect back to your home. It also allows you to connect to all home resources, as opposed to just your Home Assistant server. It does however require significantly more setup on your home router and on any device that will connect back to your home (ex. your phone, your spouse's phone, etc).
Port forwarding is the easiest and most common way to remotely connect back to your Home Assistant server. After its setup, you simply enter your domain name into the Home Assistant companion or web browser (you cal also enter your router's public IP if you know it).
This ease of use comes with some security risk (as anyone who know your domain name or router's public IP can now access your Home Assistant server).
You can avoid dealing with Dynamic DNS, SSL Certificates, and port forwarding by using a paid subscription to Nuba Casa (aka Home Assistant Cloud). This subscription also helps support the core Home Assistant development team.