I’m trying to keep my network clear from servers sniffing around. I don’t like the thought my home assistant and other web services are indexed and just waiting for a search with a 0 day exploit.
I found out any authorized ssl certificate is listed publicly. I’m still thinking how to overcome this issue.
for some integrations i need a ssl at port 443
The best solution for home assistant to have a option to allow local ip ranges,list of public ip’s for remote use. plus a list of all host names the of the connected cloud services used by HA.
this way there is no way none authorized systems can access home assistant (and connected systems) to index it or doing what ever. And any cloud service you add has access to your instance.
Is it so? I haven’t checked, but one could ask Nabu Casa (if used) whether they opt out of (for example) Google indexing. If you host yourself, then a robots file and such would need to be set up.
That’s by design. The whole point is to be able to verify a public cert via the chain.
Or, set up a VPN with private (self-signed client and server certs).
Not necessarily. If you mean that when your instance connects to a cloud service (and not the other way around), then a malicious response is possible, true, but it’s not quite the same thing as having access (but access could be gained). I’m being very pedantic, I know, but it’s important, since you have control over what services you want your HA to connect to.
Is it so? I haven’t checked, but one could ask Nabu Casa (if used) whether they opt out of (for example) Google indexing. If you host yourself, then a robots file and such would need to be set up.
i’m not sure the robot file is protected by some law. I know the existence of payed search engines that provide much deeper searches than google.
Not necessarily. If you mean that when your instance connects to a cloud service (and not the other way around), then a malicious response is possible, true, but it’s not quite the same thing as having access (but access could be gained). I’m being very pedantic, I know, but it’s important, since you have control over what services you want your HA to connect to.
Atleast tuya, google home and samsung smarthome. in my config require a https on port 443.