Using Konnected with and SSL/TLS

Using the DuckDNS add-on

If you want to expose your installation to the outside internet to enable remote access, a popular way to do this is by using the DuckDNS add-on with built-in SSL/TLS security using free certificates issued by Let's Encrypt. This approach secures your installation itself, requiring all clients connecting to Hass to use HTTPS, even when accessing local instances.

SSL/TLS adds siginficant processing & memory overhead to the Konnected device, resulting in much greater latency as compared to unsecured connectons. Expect latency of up to 2 seconds on sensor state changes appearing in Hass. To avoid this latency overhead, consider a reverse proxy approach (described below).

When configuring Hass with the DuckDNS addon, you will set the base_url configuration to your publicly facing DuckDNS url. Konnected uses the base_url value by default to communicate to Hass. However, since your Raspberry Pi and Konnected device(s) are on the same network, you can avoid the extra DNS lookup and dependency on DuckDNS by setting api_host in your Hass config to the local IP address of your Hass instance. Example configuration:

  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

    - id: aabbcc
        - zone: 1
          type: door

Using a Reverse Proxy

A reverse proxy is a separate internet-facing service for receiving inbound requests and terminating SSL/TLS that then proxies that request over your internal LAN to Hass over HTTP. This method enables you to continue using unsecured HTTP protocols to interact with Hass locally, but still secures incoming connections from the outside. The advantage here in the context of Konnected is that Konnected continues to talk to Hass locally over unsecured HTTP which is much faster.

There are a number of ways to set up a reverse proxy. Two popular community add-ons for this using are Caddy and Nginx.

Konnected support cannot help with reverse proxy or SSL/TLS setup! If you're having trouble, try the Home Assistant community.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.