Server control or Management

I am using HassWP - a great way for beginners to learn about the system in the familiar Windows environment.
I found Server control, Server Management under configuration on the GUI. If I stop the server it seems to stop the whole system, closing the console window. Is this just HassWP? I was expecting it to keep running the actual operations while closing down the web server for security.
Is there a way of shutting down just the server, or blocking it so the modem/router port forward can be left in place, and have that easily controlled?
My expectation is to have it ‘wake up’ at specific times so that when away at work or holiday I could have a quick look but otherwise be secure, and maybe at the flick of a switch (mechanical) when I get home come back to normal operation until bedtime.
As with the missing whitelisting remote IPs this seems fundamental to Home Control security.

HassWP is … an interesting thing, and not even close to being an officially supported install. I am glad to see that the creator finally warns that things may not work:

Attention: Direct works in Windows is not tested by the core developers of Home Assistant. So some components/integrations may not work at all.

What they’ve skipped over is that the problem is many libraries Home Assistant uses don’t exist/work correctly on Windows. If you want to run HA in Windows then you should follow the official guides.


Yes, stopping the server is supposed to shut down Home Assistant. Home Assistant is supposed to be left running all the time. There is no separate web server, the UI is built in to Home Assistant.

For secure remote access there’s many things you can do, and there are good threads here on what that means, but:

  1. Use SSL
  2. Use a strong password and MFA
  3. Don’t use port 443 or 8123
  4. Use a proxy server for IP filtering (and more)
  5. Use a VPN instead for remote access

I’ve had my Home Assistant exposed to the internet following the first four points there since early 2017. I get an average of maybe one probe a year and I’ve yet to see a serious attempt, or even a generic set of exploits attempted.

Thanks for the insight into the design concept. I have a Raspi prepared as it would be ecologically irresponsible to run a big machine 24/7 but the WP version is easier for a beginner to test some stuff out, where it works. I saw some threads here about getting hacked so got worried.

Many of those threads are ancient and the issues there will no longer apply - like back when there wasn’t any authentication.

Many of the others are the result of people blindly exposing systems to the Internet without any understanding of what they’re doing.