Home Assistant Core remote access

Installation
1

Hello,
I’m new to home assistant. I have just installed Home Assistant Core. How can I access HA from outside my home network? I saw in HA os you can just add duckdns as a add on but how can I do it in core were there are no add ons.

2

I run without addons, and can access Home Assistant two different ways. You can use one or both depending on what you need.

The first is a reverse proxy. There are several, but nginx is the one I use. There is a docker program called “swag”. It combines duckdns, letsencrypt, fail2ban, and nginx all in one docker container. Here is a setup guide

Another alternative is a VPN, like Wireguard. I wrote up a post about it here

Those options can be configured without docker, but they are much harder to setup without it. The container versions have all the required dependencies and updates are much easier. VPN is more secure, but some integrations, like Google Home and Smartthings, need an accessible https url to work and need a proxy. I use the android and wife uses the homeassistant ios app- they need an https url to work which is setup with the reverse proxy. If using the VPN, the VPN would have to run on the phones all the time, and would slow up everything as my home internet upload speed is very slow.

I run both the VPN and proxy because I use the VPN to access deeper parts of the config I dont want accessible through a url, like portainer or my homeassistant config directory. I use the proxy to access homeassistant itself, with two factor authentication on.

Whatever you setup, you want it secure. If you aren’t sure or dont feel comfortable, you can setup the nabu casa subscription service for remote access for a small monthly fee. See this post about making sure you have a secure setup if you do it yourself.

3

I don’t know if that is going to work. I’m running dietpi os without docker. Do you have another recommendation without docker?

4

This guide is agnostic of how you run HA.

The TL/DR is:

  1. Install something to keep your dynamic DNS hostname up to date
  2. Install and configure something to generate SSL certificates for your hostname (dehydrated or certbot)
  3. Decide whether you’re going to do SSL in a proxy server (good choice) or directly in HA (maybe not a good choice)
  4. Install and configure your chosen proxy server
  5. Configure HA for the reverse proxy
  6. Set up your port forwarding and test it all