so ive setup Hassio with the following from the addon store:
SSH Server (using an RSA token and private/public key)
I now only able to access Hassio via HTTPS. (http doesnt work)
Also, i can access my Hassio externally, via my DuckDNS domain name.
this is both on and off my network, using https://duckdnsname.duckdns.org.
However, 4 questions please…
I’m a little nervous about security and so is there a way to confirm all the steps i have done, with opening ports and stuff, is all good?
On my router, i have
External Port 80 -> Internal Port 80 -> IP of Hassio internally
External Port 443 -> Intrernal Post 8123 -> IP of Hassio Internally
I have a static IP address set internally for Hassio
I have the following in my configuration.yaml file
I have configured a “secrets.yaml” file, as noted and i have all main “secrets” in my “configuation.yaml” file pointed to it (which works great and performs as expected).
Im still unsure as to the point of doing this oveall, as if you can access “configuration.yaml”, then you can also, easily, access “secrets.yaml” as they live in the same location?
so is this more about being able to share your config file with others easily and not have to worry about people seeing stuff you dont want them to see, rather then actually hiding your secret stuff from someone who gains access?
i get the following error on Chrome, before i can access.
Your connection is not private
Attackers might be trying to steal your information from 192.168.0.122 (for example, passwords, messages, or credit cards). Learn more
Is this expected? or do i need to change something to resolve this?
as mantioned, i dont get this if i go via DuckDNS internally or externally to my network.
When I access Hassio extenrally, off my network via DuckDNS, it has saved the password and so passes my directly to the UI.
IS this sensible? i assume for external access, i should really force a password check each time? if so, how do i configure that sorry? or is there a better more secure way i should be setting up my external access sorry?