Hi, I am building a webpage which access to HA, under /config/www. But the HA instruction say that if the url is known to somebody else, it is accessible from everywhere. If I check it, yes, it doesn’t ask for HA credentials. So scary about this, and how can I limit to, say, only from local IP?
Also realized that with a direct url to a python script under /config/www, it shows what is written inside the script itself!
Whitelist some other directory and use that instead
homeassistant:
whitelist_external_dirs:
- your-directory-here
Note that if you wan’t to pass images to android app notify the image url must be accessible from internet.
If you’re building your own backend/frontend and need to interface with HA use the HA api and have your own code outside home assistant folders. If HA need to access these folders use the whitelist option.
Hi taikapan,
Thank you very much for the advices.
So to understand that correctly, will the folder structure be like,
/usr/share/hassio/homeassistant/www <= I put html files here
/home/user/python-scripts <= put this folder in “white_external_dirs” and put python scripts here.
That I believe would not give direct access to the scripts,
but my understanding is that in /usr/share/hassio/homeassistant/www,
the html is still accessible from everywhere, where I want to limit only
from local IP if possible.
Thank you in advance!
I don’t have much knowledge on the topic but sounds like you are trying to HA to serve web pages and run python scripts from that page?
I think that in general it is not good idea to have HA serve web pages that can run scripts to interface with your HA instance. It can serve only static files.
I would propose using e.g. node red with dashboard addon. This can interface HA already and you can limit the dashboard access.
Or then use totally another program to serve the html files with backend support. Maybe flask?
What are the content you would put on the html file and what does the python scripts control? How did you plan to interface to HA?
As a hobbyist and no professionality in this field, coming back to programming for the first time
in 20 years, I appreciate your comments very much.
I am trying to learn the methods people would take generally in this era (; to achieve:
- Make a home portal website for a old iPad running kiosk mode.
- This website would gather info like road traffic, scraping through websites through a python script. The script automatically runs on crontab, generating a html, and then iframed from the portal. => I moved this script out of /config/www now.
- Adding buttons on the portal to trigger a switch on HA
- Showing status of entities, such as retrieving album art from a media_player.
I am feeling now that I am not taking the right method to gather data from a server
with unstatic data like HA and external websites.
And maybe trying to use HA’s webserver functionality in a wrong way.
Node red with dashboard looks interesting, I will take a look at it.
Thank you in advance.
Aa Okay, I see!
You can get inspiration of these as well
There was also some lovelace trics to limit what specific user is seeing. I remember reading a post about it but didn’t find it quick.
Thank you again.
Yes, Google search led me to Home Panel and I am exploring that.
I didn’t know aJake and looks very interesting too.
I came to know that I probably need to learn more on Ajax scripting.
That probably is what I was looking for. Dynamic data update, but without
page loading.
Thank you so much!