Contry blocking only in paid account
Not sure if you are right. You get 5 free firewall rules and you can include all the countries you want to block in one firewall rule.
Found that. Not very familiar to firewall rules. Am I right when I say that if I have allow one country ip all other countries are deny?
A normal firewall would absolutely work that way but I think Cloudflare works a bit differently. I think you would have to block every other country and omit yours because I think there is an invisible “allow any” at the end. I think you can also block by IP address. It’s been a while since I played with Cloudflare firewall and don’t have an active instance I can test right now.
Ok I will ask cloudflaresupport. I only want my own country allowed
I’m using DuckDNS with nginx and letsencrypt. Fairly basic, compared to some of the other suggestions here, and I am always looking at available options. But for now, this is my setup.
To make things easy, I use docker, so linuxserver/duckdns and linuxserver/letsencrypt (witch includes nginx).
Take a look at Juans great guide for setting up the nginx/letsecrypt if that’s the way you want to go. This way you use one certificate, and can have numerous subdomains (e.g. hass.my.duckdns.org (home assistant), dash…duckdns.org (HADashboard), etc.).
I use a WireGuard VPN (it’s a new VPN technology, not a product). It’s super fast and lightweight on my phone (well, my home upload is only 10mbps, so download speeds away from home are a little slow, but it connects fast) and I run a Pi-Hole at home so I get the added benefit of ad blocking on any network my phone connects to.
1 Like
Do u have a need for a dynamic dns update? I want to use wireguard but I wud still need the duckdns add to to update the dns server. I know it can do that without a port open. But can I run duck dns without the letsencrypt? It seems so tightly integrated.
Yeah you need a dynamic DNS, I guess I forgot that in my last post. I use duckdns and I don’t use letsencrypt and I don’t portforward for duckdns. Obviously you still need to port forward to your wireguard server.
Can you explain your setup for on-demand VPN, iOS and HA. Thanks !
I’ve configured a profile for my iOS device to automatically connect via VPN when a specific URL is been connected to. So whenever I open up the iOS app or try to connect to my.homeassistant.url it opens up the VPN tunnel and connects just fine. This of course adds a little delay for establishing the VPN connection first but works otherwise fine.
See guides like this for details on how to set up the profile.
1 Like
Thanks so much Max. R u running HA on http on ur lan then? That’s the last detail I need to make the jump. I noticed some ppl r installing wireguard on their Ubiquiti edgerouters. I wonder what the performance is like. R u running urs on a pi?
Yeah I just connect to my HA over standard http at MyHassLocalIP:8123.
I was running HA and wireguard on my rpi 3B+ until just recently when I migrated everything to my old desktop. I never had any performance problems, though!
Hass is only one of many services I route through https://traefik.io
A number of which have additional http Auth in front of them.
Last question! Do u run wireguard in a docker container on ur pc tower or just on the base operating system. What’s ur base os? Thank u!
I am running Ubuntu 18.04 and wireguard is installed directly onto the OS. I think it’s the only thing I’ve installed on this system that isn’t in a docker container.
Also, I actually installed Hass.io on this system instead of just the hass docker container because you can install hassio addons with just a couple clicks, and ever better, hassio backs up your addons along with your home assistant backups so everything required to restore my HA server is all included in one backup file!
I’m considering this exact plan. I have so little time to play with this. Thanks so much for letting me know it works and I’m not wasting my time. I am guessing I need to figure out a different presence detection method. I’ve been using nmap but with a vpn, I think i would be marked home whenever I’m connect to the home network through the vpn
I use a subdomain of my private domain, port 443 for hass and 80 for lets encrypt, and namecheap as dynamic DNS provider. All on rpi2
I just set up a zone around my house and work and and disabled the location tracked I didn’t need in the HA app. I don’t know if these settings are available in the non-beta app though. https://imgur.com/a/wFzUWSz
Hi, I have also a device from the ama home app. Is there already a HA component for it?