Free of charge DDNS for Home Assistant remote access

By AdminHome Assistant

🌍 Accessing Home Assistant from Anywhere

Having access to Home Assistant not just within your home network but from anywhere in the world can greatly enhance the convenience and control over your smart devices. Whether you’re at work, on vacation, or just out for the day, remote access lets you monitor and manage your home seamlessly.

🔑 Why Remote Access Is Important:

  • Monitor Your Home: Check security cameras, sensor statuses, or energy usage remotely.
  • Control Devices: Turn lights on/off, adjust thermostats, or lock/unlock doors from anywhere.
  • Receive Real-Time Notifications: Get instant alerts about important events, like motion detection or temperature changes.

🌐 Setting Up a Public Domain for Home Assistant

To securely access Home Assistant from anywhere, a public domain is required. This allows you to connect to your smart home using an easy-to-remember web address instead of a complex IP address.

💡 Why Do You Need a Public Domain?

  • Enables secure remote access via HTTPS
  • Required for generating SSL certificates with Let’s Encrypt
  • Simplifies connectivity without relying on dynamic IP addresses

💰 The Only Paid Step

Purchasing a domain is the only paid step in this guide. Domain prices are usually affordable, starting at just a few dollars per year, depending on the provider and the domain extension (.com, .net, .home, etc.).

🌍 How to Get a Public Domain

When setting up remote access to Home Assistant, choosing the right domain registrar can simplify your workflow. I highly recommend using GoDaddy to purchase your domain. One of the standout features of GoDaddy is the ability to update DNS records automatically using a simple script. This means you can create your own Dynamic DNS (DDNS) for free, without relying on third-party DDNS services like DuckDNS.

⚠️ Please find a detailed explanation on who to create DDNS script with code sample in this article 

🌐 Configure Your Router’s DNS for Seamless Access

To avoid connection issues when switching between your home Wi-Fi and mobile data, configure your router’s DNS to resolve your public domain to your Home Assistant’s local IP.

⚙️ How to Set Up DNS for Home Assistant:

  1. Access Your Router’s DNS Settings:

    • Go to the DNS/DHCP settings in your router’s admin panel.

  2. Add a DNS Record:

    • Host/Domain: your-domain.com
    • Type: A (Address Record)
    • IP Address: The local IP of your Home Assistant (e.g., 192.168.1.100)

  3. Save Changes and Restart Router (if needed).

🔐 Securing Home Assistant with SSL

When accessing Home Assistant remotely, the second and most important step is to secure the connection using SSL (Secure Sockets Layer). This ensures that all data exchanged between your devices and Home Assistant is encrypted, protecting it from potential threats.

Using Let’s Encrypt for Free SSL Certificates

Fortunately, Home Assistant offers a built-in “Let’s Encrypt” add-on, which makes it easy to generate SSL certificates for free. These certificates are valid for 90 days.

🚀 How to Set Up SSL with Let’s Encrypt

  1. Install the Let’s Encrypt Add-on

    • Go to Settings → Add-ons in Home Assistant.
    • Click “+ Add-on Store” and search for “Let’s Encrypt”.
    • Install the add-on, but don’t start it.

  2. Configure the Add-on

    • Enter your domain name (you’ll need this from the previous step of this article).
    • Add your email address for important SSL expiration notifications.
    • Example configuration (to see it click on “tree-dots” menu at right-top corner of “Let’s Encrypt” “Options” section):
domains:
  - your doman
email: your_mail
keyfile: privkey.pem
certfile: fullchain.pem
challenge: http
dns: {}

Save the configuration and click “Start” to begin the certificate generation process.

🔐 When it comes to securing your Home Assistant with SSL encryption, you have two main options:

🚀 Option 1: Configure HTTPS Directly in Home Assistant

Pros:

  • Simple Setup: No need for additional software like NGINX.
  • Built-in Support: Home Assistant supports SSL natively.

⚠️ Limitations:

  • Single Protocol Support: Home Assistant can’t handle both HTTP and HTTPS at the same time.
  • Compatibility Issues: Some integrations that rely on webhooks without SSL may not work properly.

⚙️ Configuration:

Following configuration should be added with “File editor” addon to configuration.yaml 

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ip_ban_enabled: true
  login_attempts_threshold: 5
  server_port: 8123

⚠️ Important Notes:

  • ip_ban_enabled: true and login_attempts_threshold: 5  are needed to prevent brute force attacks if your instance is accessible from the Internet.
  • File names of the certificate and private keys must be the same as in previous step.
  • After making changes, don’t forget to restart Home Assistant for the new settings to take effect.
  • Port forwarding must be configured on your router to enable access from the Internet. 

🌐 Option 2: Use NGINX Reverse Proxy for SSL

Pros:

  • Dual Protocol Support: Access Home Assistant via both HTTP (for local integrations) and HTTPS (for secure remote access).
  • Flexible & Scalable: Easily manage multiple services behind one SSL certificate.
  • Better Performance: Especially with complex setups or multiple devices.

⚠️ Considerations:

  • Slightly More Complex: Requires basic knowledge of NGINX.
  • Resource Usage: Slightly higher CPU usage compared to direct HTTPS.

⚙️ How It Works:

  1. Install “NGINX Home Assistant SSL proxy” addon

    • Add file names of the certificate and private keys from Let’s Encrypt configuration.
    • Define port for SSL connection.
    • Start addon.
    • Try HTTPS connection to your Home Assistant.

  2. Install stand-alone NGINX instanse on your server :
    Read this article to install and configure nginx and Home Assistant.

💡 Which Option Should You Choose?

FeatureDirect HTTPS in Home AssistantNGINX Reverse Proxy
Ease of Setup✅ Easier⚠️ Requires NGINX configuration
Supports Both HTTP/HTTPS❌ No✅ Yes
Performance⚠️ Basic✅ Optimized for larger setups
Integration Compatibility❌ Limited (webhooks issues)✅ Full compatibility
Flexibility⚠️ Limited✅ Highly flexible

🚀 How to Set Up Port Forwarding:

To access Home Assistant from outside your home network, you’ll need to set up port forwarding on your router.

  1. Log into Your Router’s Admin Panel:

    • Usually accessible via 192.168.1.1 or 192.168.0.1.

  2. Find Port Forwarding Settings:

    • Look under Advanced Settings, NAT, or Firewall (varies by router).

  3. Create a Port Forwarding Rule:

    • External Port: 8123 (standard Home Assistant port). I recommend using the same port for the ability to connect your HA mobile application inside and outside your home network.
    • Internal IP Address: The IP of your Home Assistant device (e.g., 192.168.1.100)
    • Internal Port: 8123 (Home Assistant default)
    • Protocol: TCP

    Example:

    External PortInternal IPInternal PortProtocol
    8123Home Assitant IP8123TCP

⚠️ Security Considerations

  • Strong Passwords: Use strong credentials for your Home Assistant account.
  • 2FA (Two-Factor Authentication): Enable 2FA for an extra layer of security.
  • Firewall Rules: Restrict external access if possible (allow only specific IPs).
  • Fail2Ban (Optional): Protect against brute-force attacks if you’re self-hosting NGINX.