Curious if anyone has thoughts on a full Cloudflare setup vs going the Lets Encrypt route most people use. Any goods, bads, and security implications going either way would be good discussion. I have read a lot of different discussions on here and on Reddit, but haven’t seen anything discuss the two together in much detail.
Right now I have a full Cloudflare setup and its working really good. The Cloudflare setup was a little more complex, but I got it working without too much hassle.
Current Setup:
Cloudflare --> NGINX (443) --> Home Assistant (8123)
Home Assistant has an API password set and IP blocking is enabled. Trusted networks is set and no encryption is required on the local network. This works well for emergency local access, when Comcast goes down, and other services interacting with it. I have my network segregated into VLANs and I’m not too concerned about someone accessing my traffic inside my network (I have bigger problems at that point).
I’m using my own domain I bought through Google Domains with dynamic DNS on the Home Assistant related sub-domain updated via my router.
On the Cloudflare side, I use DNSSec, SSL set to Full (Strict), Authenticated Origin Pulls, and a Cloudflare SSL certificate (free version). I don’t pay for any additional services through them.
My only real cost is my own domain which is very cheap for a non .com/.net domain.
Curious in what everyone else thinks.