Hi there,
i’m planning to remote access my HA, SSL via DuckDNS and Let’s Encrypt is working, the alternative approach via TOR-addon looks promising too.
Call me paranoid, but i’m a bit nervous to expose my HA to the cruel world outside…For SSL i have to open one port, for Home Panel additional ports on my router…and only one (strong) password is my line of defense?
The TOR-addon sounds much more secured, but my understanding of TOR is not deep enough to trust on this one.
So, what options are there to build another layer of defense to secure my remote access via SSL?
Thanks in advance!
you could use Clouldflare
and with Cloudflare Access you can harden it stronger
https://techkarussell.ch/home-assistant-hardening/
1 Like
Not at all. It is a very serious step, which I have decided not to take. The first thing you have to ask, is do you really need remote access. Automations could do everything for you when you are not home.
1 Like
Small correction. You don’t need to open port 443, you need to open a port, it doesn’t need to 443.
1 Like
That looks very promising, i will have a closer look at CF. Thanks!
Similar to above, I use:
so that in the unlikely (but not impossible) event where your password is discovered/guessed without being IP_Banned, hackers would then need the MFA code which changes every 30 sec
1 Like
Following your hints, i started looking at cloudflare.
Installation of the NGINX addon in Hass.io worked smoothly, testing remote access via SSL and my duckdns domain worked at the according proxy port.
Now i’d like to allow only Cloudflare IPs to connect to my proxy, like @elRadix described. But trying to add duckdns.org as a new site for further configuration gives me “We were unable to identify duckdns.org as a registered domain.” - Anyone stumbled across this before?