I have recently installed Home Assistant, and I am looking to use my nest mini to control HA. Currently have nothing related to google set up on my HA and the docs are quite confusing to me.
The goal is just to have local fulfillment with my nest mini and outside control of HA isn’t needed for my use case. (Manual setup/non-nabu casa)
My main question is, in the docs it would state that it would require SSL for the cloud part of the setup, but scrolling down to the local fulfillment section, it said that SSL should not be configured. So at the end, is SSL required or not?
Traffic through the internet should always be encrypted using SSL/TLS, traffic in your home network does not need to - but is still fine to do (more advanced…)
As long as you do not need to open a port in your router / firewall you might not need to handle certificates but use some SSL/TLS encrypted address of google services. HA will handle the SSL/TLS stuff for you (as your browser does).
If google push these information to you, where you need to open a port for in your router / firewall, you should definitly use certificates - or better services like nabu casa handling the hard part for you.
Another indicator is, do you need to store a HA generated access key (access token) at google or provide google with an address to your HA instance - you might do the work here. If you need a google generated key in HA you should be fine - google handles encryption for you.
All the SSL/TLS stuff is quite hard and require some knowledge on how to handle.
Thanks for the reply. But my question is if it is needed for it to work rather than if it needed for security reasons. In the doc it says SSL should be used in the first part but not in the local part.
I haven’t set anything up yet so I don’t know if I should set up SSL or not.
I tried to bring you to the point you provide some (precise) information on what you want to use and what you read already. While providing you the information you might need to consider your self.
Assuming you are talking about the nest integration you need to grant internet facing access to your HA instance, atleast to google (And therefore to the rest of the internet). See the “Manaul configuration steps” required. Therefore, the security stuff should be a concern to you. And more importantly to me, with the information that you need to expose your instance to the internet I could have given you the anwser.
But to address your question, you might read the section “Configure OAuth Application Credentials[Cloud Console]” again.
Additionally, I can’t tell where you found anything about local fullfillment, but you might provide these information going forward But likely a company like Alphabet and its subsidiaries might not be well-known for something cloud-free…
I assume by fulfillment you mean connecting to the web frontend. If so, it is not necessary to use SSL at all. On public networks you should of course.
This is because the Google Assistant device will connect directly to the IP of your Home Assistant instance and will fail if it encounters an invalid SSL certificate.
For secure remote access, use a reverse proxy such as the NGINX SSL add-on instead of directing external traffic straight to Home Assistant.
So on your local LAN you need to be able to access HA via HTTP, as in http://x.x.x.x:8123.
Then remotely you need to be able to access HA via HTTPS, like http://xyz.duckdns.org or some other domain.
But likely a company like Alphabet and its subsidiaries might not be well-known for something cloud-free…