I’m running my own HA locally, in my house, but I would like to be able to access it also when I’m not home. So I’ve put it on my Zerotier One VPN, which works fine. Except for two things:

  1. HA no longer knows when I’m home - it thinks I’m always home;

  2. Other people in my household would also like to have remote access, but it’s unrealistic to have them install and use the VPN.

So - can I just open it up, and rely on long, complex passeords? Or is that a complete no-go?

  • Decq@lemmy.worldEnglish
    7·
    2 days ago

    I’ve got it accessible from the internet through a reverse proxy… My default https drops all connections, so you need to access the right subdomain, which are not advertised on dns or certificates (I use a wildcard). Probably not perfect though but it helps a bit. I also have geo-blocking enabled on my pfSense router, so basically everything outside my country gets blocked by the firewall anyway.

    It will always be a risk vs benefit consideration.

    • The Zen Cow Says Mu@infosec.pubEnglish
      2·
      6 hours ago

      the wildcard certificates make a huge difference. I had my services all on servicename.mydomain.com each with an individual certificate, and those certificate registration scrapers make them public and they got hit a lot (but blocked by crowdsec). since moving all my services to servicename.app.mydomain.com with a wildcard dns record and cert for *.app.mydomain.com, they’re completely not-public and my crowdsec logs have gone silent.

      would running everything thru my tailscale be better? yup, but there’s a lot of situations that I want to access home that I can’t use with a vpn, where I can’t install my own software.