Using Konnected with Hass.io and SSL/TLS

Using the DuckDNS add-on

If you want to expose your Hass.io installation to the outside internet to enable remote access, a popular way to do this is by using the DuckDNS add-on with built-in SSL/TLS security using free certificates issued by Let's Encrypt. This approach secures your Hass.io installation itself, requiring all clients connecting to Hass to use HTTPS, even when accessing local instances.

SSL/TLS adds siginficant processing & memory overhead to the Konnected device, resulting in much greater latency as compared to unsecured connectons. Expect latency of up to 2 seconds on sensor state changes appearing in Hass. To avoid this latency overhead, consider a reverse proxy approach (described below).

When configuring Hass with the DuckDNS addon, you will set the base_url configuration to your publicly facing DuckDNS url. Konnected uses the base_url value by default to communicate to Hass. However, since your Raspberry Pi and Konnected device(s) are on the same network, you can avoid the extra DNS lookup and dependency on DuckDNS by setting api_host in your Hass config to the local IP address of your Hass instance. Example configuration:

http:
  base_url: https://my-domain.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

konnected:
  access_token: REPLACE_ME_WITH_A_RANDOM_STRING
  api_host: https://192.168.1.120:8123
  devices:
    - id: aabbcc
      binary_sensors:
        - zone: 1
          type: door


Using a Reverse Proxy

A reverse proxy is a separate internet-facing service for receiving inbound requests and terminating SSL/TLS that then proxies that request over your internal LAN to Hass over HTTP. This method enables you to continue using unsecured HTTP protocols to interact with Hass locally, but still secures incoming connections from the outside. The advantage here in the context of Konnected is that Konnected continues to talk to Hass locally over unsecured HTTP which is much faster.

There are a number of ways to set up a reverse proxy. Two popular community add-ons for this using Hass.io are Caddy and Nginx.

Konnected support cannot help with reverse proxy or SSL/TLS setup! If you're having trouble, try the Home Assistant community.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.