Hass.io – Secure Remote Admin Access with Duck DNS

Now that you have Hass.io running happily on your Raspberry Pi, the next thing in your mind is probably how to access the admin console remotely from the internet, so that you can control your smart home even when you are away from home.

One elegant and free solution is using Duck DNS. Duck DNS basically provide you an unique URL that you can remote access to your Hass.io on the Pi via a secure channel that is encrypted with SSL.

Here are 5 simple steps you need to do:

1) Create a Duck DNS URL.

You need to set up a domain there, or to be more specific, a subdomain.  Go to DuckDNS and sign in through one of the associated social media sites it supports (the current list is Google, Twitter, GitHub, Reddit, and Persona).  Once you’re authenticated, you will be directed to a page which provides a “token” and you will need to add a sub-domain name.  Pick a sub-domain name that is unique and meaningful to you, you can’t select anything that is already taken by other subscriber.  This will be the URL you enter to access Hass.io.  If you are successful in this step, you will see the domain listed along with your IP address.

2) Forward the port to your Hass.io.

You will need to instruct your router to open and forward the specific port to your Hass.io server.  Do this from the router admin console.  You will need to forward TCP port 443 to port 8123 at your pi’s IP address.  You may need to reboot your router to activate the new setting.

3) Install DNS addon.

From the Hass.io admin console, select the Hass.io tab and search for the Duck DNS addon to install it.  Once it is installed, you will need to make a few changes to the default configuration.

   "lets_encrypt": {
     "accept_terms": true,
     "certfile": "fullchain.pem",
     "keyfile": "privkey.pem"
   "token": "insert-your-token-here",
   "domains": [
   "seconds": 300

4) Add HTTP entry to your configuration file.

You can edit your configuration file with your favorite text editor, and make sure to use the “check configuration” from the admin UI to confirm that it is valid.

   base_url: your-subdomain-here.duckdns.org
   ssl_certificate: /ssl/fullchain.pem
   ssl_key: /ssl/privkey.pem
   api_password: your-password-here

5) Finally, restart your Hass.io on the pi. 

Once hass.io is back up, you will be able to access https://your-subdomain-here.duckdns.org from any web browser, inside or outside of your home network.

That’s it! mission accomplished! and you can now control your home automation Hass.io server securely (via SSL) around the world.