Hey all,
so ive setup Hassio with the following from the addon store:
Duck DNS
SSH Server (using an RSA token and private/public key)
I now only able to access Hassio via HTTPS. (http doesnt work)
Also, i can access my Hassio externally, via my DuckDNS domain name.
this is both on and off my network, using https://duckdnsname.duckdns.org.
However, 4 questions please…
Question1
I’m a little nervous about security and so is there a way to confirm all the steps i have done, with opening ports and stuff, is all good?
On my router, i have
External Port 80 → Internal Port 80 → IP of Hassio internally
External Port 443 → Intrernal Post 8123 → IP of Hassio Internally
I have a static IP address set internally for Hassio
I have the following in my configuration.yaml file
http:
base_url: https://xxxx.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
ip_ban_enabled: true
login_attempts_threshold: 4
Question2
I have configured a “secrets.yaml” file, as noted and i have all main “secrets” in my “configuation.yaml” file pointed to it (which works great and performs as expected).
Im still unsure as to the point of doing this oveall, as if you can access “configuration.yaml”, then you can also, easily, access “secrets.yaml” as they live in the same location?
so is this more about being able to share your config file with others easily and not have to worry about people seeing stuff you dont want them to see, rather then actually hiding your secret stuff from someone who gains access?
Question3
Whenever i access my internal Hassio deployment (within my network), via either:
https://hassio.local:8123 or
https://myinternalIP:8123
i get the following error on Chrome, before i can access.
Your connection is not private
Attackers might be trying to steal your information from 192.168.0.122 (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
Is this expected? or do i need to change something to resolve this?
as mantioned, i dont get this if i go via DuckDNS internally or externally to my network.
Question4
When I access Hassio extenrally, off my network via DuckDNS, it has saved the password and so passes my directly to the UI.
IS this sensible? i assume for external access, i should really force a password check each time? if so, how do i configure that sorry? or is there a better more secure way i should be setting up my external access sorry?