I signed up for Nabu Casa. And it is working on my computer. Home Assistant is running on my Synology NAS as a Docker Container. But how is Nabu Casa getting into my box? I don’t see any new security certificates or anything in Synology DSM. The main thing I think I’ve done for it is to open up the port.
Nabu Casa isn’t getting into your box, your box is reaching out to them. Your Home Assistant connects outward to Nabu Casa servers. Nabu casa creates a secure environment to connect to from the outside, and it uses the connection your Home Assistant instance made to exchange data. There’s no need to open any ports from the outside going in. There should also not be a need to open an outbound port (unless you block outbound traffic by default).
A more detailed description can be found here:
I already read the Remote UI page. I was looking for more specific information. Like how does it “create a secure environment”? Why doesn’t it need open ports? Where are the certificates on my Synology box or the Docker Container stored? I’m sure most people wouldn’t care nor want to know, but I always like to know how things work.
I came across this thread while trying to answer this question for myself, thought I’d pass along the details I found.
Looking at the hass-nabucasa implementation, the code flow for connecting to cloud starts here:
The implementation for managing the connection and async messages is there: