Secured Access

Hi everybody !

I need your advices
I need to access to my HA from away with a secured way (from iOS AND Android AND Laptop), and when i’m connected on the wifi I need to access to my HA with 192.168.X.X. (the reason is I have dash buttons which send http api requests)

I tried the couple Letsencrypt - Duckdns : it works but local IP is unable so my dash buttons don’t work
I wanna try Tor, but with iOS we can’t have hidden services
I wanna try VPN but I’m noobie and I don’t know how to do and if my local adress will be available…

What could you advice me ?

thank you !

I can’t comment on the other methods, but I use VPN to connect to my HA at home with works fine for me. It provides a good layer of security and once set up it work just fine. That way you don’t have to expose your host. The VPN terminates at my router (an AVM Fritz!Box) and was pretty simple to setup, so maybe your router provides similar functionality.

I have it running through a reverse proxy with nginx from remote which also handles SSL. Local I still use http only without password even to increase the WAF.

~Cheers

I do the same - this really is the best option for remote access, better than using HAs native SSL IMO.

I’m using nginx to proxy 80 to 8123 and dataplicity for remote ssh and ssl.

Thank you for all your answers !!

With NGINX and a reverse proxy, can you access to http://192.168.X.X:8123 on the wifi ?
Do you have a tutorial to realize this method ?

Sorry I’m really a noob…

Yes I do. You can define port for nginx which he is listening. All requests to this port and IP will be proxies to 8123. All other requests will be handled directly by HASS web server. Config guide is available on site. NGINX config

Ok I’ll try !
I’ve got one question : ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

What is example.com and www.example.com ?

Except the server_name, you copy and paste strictely the text at the bottom ?

example.com should be your domain name. so your DuckDNS in this case I guess. And this is also what needs to go into the nginx config in the server_name line.

~Cheers

So if I’m already using duckdns and letsencrypt and want to switch to this method, do i just comment out the http: section of the config file and follow the nginx instructions?

Great !
Stupid question : the reverse proxy is used to enable access with 192.168.X.X ? Is he installed in the same time than this tutorial (https://home-assistant.io/docs/ecosystem/nginx/) ?

nginx IS the reverse proxy. What nginx does is it handles all the requests from OUTSIDE of your local ip range and maps it to a port on the same machine. HA is still accessible from LAN the normal way.

~Cheers

OOOOOKKKK !!
I understand !!

thank you so much to be patient and to answer to my questions !! I’ll try asap !!

you rocks !

I tried but unfortunetely it doesn’t work…
I followed exactly the tutorial, i haven’t trouble message, but I can’t access with https…

have you forwarded the port 443 to your nginx server?

From outside access it like
https://<yournamehere>.duckdns.org/
(No need for the port)

Oups… no…
Now, all connections with ports 443 and 80 are forwarded to 8123.
If I understand, I have to configure my router :
443 & 80 -> Nginx’s port
then Nginx’s does automaticaly the link -> HA

Or should I configure my router as : 443 & 80 (external) -> 443 (internal) ?

Where can I find the Nginx’s port ?

Just forward external 443 to internal :443.
Do not forward port 80 unless you specifically need it for something else.

Well, it’s works !!!

Thank you so much !!!

Do these methods require port forwarding, or changing the router settings? I was without internet for 3 days after trying to get port forwarding setup… After that experience I have been patiently waiting for the iOS app since I understand this allows remote access via an Amazon web server…?

I think a port forwarding is enough !
I use an android phone… also the iOS app…