Using the DuckDNS add-on
If you want to expose your Hass.io installation to the outside internet to enable remote access, a popular way to do this is by using the DuckDNS add-on with built-in SSL/TLS security using free certificates issued by Let's Encrypt. This approach secures your Hass.io installation itself, requiring all clients connecting to Hass to use HTTPS, even when accessing local instances.
When configuring Hass with the DuckDNS addon, you will set the
base_url configuration to your publicly facing DuckDNS url. Konnected uses the
base_url value by default to communicate to Hass. However, since your Raspberry Pi and Konnected device(s) are on the same network, you can avoid the extra DNS lookup and dependency on DuckDNS by setting
api_host in your Hass config to the local IP address of your Hass instance. Example configuration:
http: base_url: https://my-domain.duckdns.org:8123 ssl_certificate: /ssl/fullchain.pem ssl_key: /ssl/privkey.pem konnected: access_token: REPLACE_ME_WITH_A_RANDOM_STRING api_host: https://192.168.1.120:8123 devices: - id: aabbcc binary_sensors: - zone: 1 type: door
Using a Reverse Proxy
A reverse proxy is a separate internet-facing service for receiving inbound requests and terminating SSL/TLS that then proxies that request over your internal LAN to Hass over HTTP. This method enables you to continue using unsecured HTTP protocols to interact with Hass locally, but still secures incoming connections from the outside. The advantage here in the context of Konnected is that Konnected continues to talk to Hass locally over unsecured HTTP which is much faster.