Home Assistant security concern

There’s also a desktop github program you can install and download your repo. Makes it pretty easy to scan your files in your history and see if you’ve ever uploaded your secrets.

The benefit of a VLAN is you can apply firewall rules to restrict what devices on the VLAN can or cannot access. For example, you may wish to give your IoT devices internet access, but isolate them from seeing each other or communicating with your main network.

Is there an addon for VLAN in Hassio?

So maybe is need to make a Security addon like OpenVPN or something?
I can’t find working solution for dynamic dns openvpn on demand on iphone and android.

Or maybe this is new feature to add to Home Assistant Cloud.
Security connect to your ha.

Using a VLAN is part of your network configuration. Nothing to do with Hassio.

1 Like

Before you learn about VLANs, I suggest you learn about networking.

An alternative would be a YouTube video that talks about networking.

Once you get the handle in networking, you can step into VLANs. You need to know about subnetting and broadcast domains before you get into VLANs.

1 Like

Thanks but I have a pretty good understanding of networking… just not VLANs. Not sure how to use one of those when I only have a router and a Pi (permanently on) running Hassio hence my question about an add on.

@lesonquan @jwelter Hi, one question on these incedents, are you using the .homeassitant/www method of hosting things like images for device trackers and custom state cards?

I’m not sure that makes any sense. If you understood basic networking then understanding the VLAN info linked above is a piece of cake and you’d know VLANs have nothing to do with Hassio itself and not post about it a second time.


On that subject the xiaomi will still function though HA even if blocked from accessing the internet (once it’s setup at least). So unless you are using the MiHome app there’s no reason not to block all extert traffic to/from it.

Can you go into more detail on how you set up 2FA?

Out of curiosity, what are people using reverse proxies for with HA? Given that HA natively support use of HTTPS, are you using it to serve multiple webpages/servers off one port?

What advantage is there to using a reverse proxy over just using the built in HTTPS in HA (for someone not needing to serve multiple webpages)?

I expose my HA to the internet using the built in HTTPS functionality on a non-standard port but also run fail2ban, IDS and IPS (emerging threats and snort community rules), and iptables concurrent/new connection rate limiting.

Thats my setup, but minus the HAProxy, i use reverse squid on pfsense.

Now i’m a little worried

Thank you for this, i just tested after changing my underwear !

I’m safe, well this returned 401 Unauthorized

It provides a little extra security. If the reverse proxy has a default webpage that also shows up when using the IP instead of the hostname, then requests only get through to HASS if the correct hostname is used in the request. So bulk scanning of IP addresses (like shodan) will get some website unrelated to HASS. When using the server of HASS itself it will also respond if the hostname is incorrect.

1 Like

I have a web server on another machine and in order to use my LE cert I have to go from one machine to the other.

1 Like

I already had a Digital Ocean droplet (VPS) running multiple sites. It was super easy to add my HA to a reverse proxy config on there, where all my Lets Encrypt certs are handled effortlessly and easily from my VPS. I also get the benefit of blocking ALL traffic to my forwarded port on my network, except for the connection to/from my VPS. My VPS runs a secured MQTT server and allows me to bridge to that too from my network. Basically, I don’t require any ports to be forwarded on my network except for allowing from my VPS.


As a community maybe we could create a post to centralize some of the security pitfalls and tips for users to make it more secure.
When setting up It’s easy to forget, miss something or even get something wrong like the x-forward.

Maybe a guide to VPN with home assistant user in mind. I’m not sure if there is documentation about.