this post was submitted on 04 Jul 2023
10 points (91.7% liked)
homeassistant
15686 readers
45 users here now
Home Assistant is open source home automation that puts local control and privacy first.
Powered by a worldwide community of tinkerers and DIY enthusiasts.
Home Assistant can be self-installed on ProxMox, Raspberry Pi, or even purchased pre-installed: Home Assistant: Installation
Discussion of Home-Assistant adjacent topics is absolutely fine, within reason.
If you're not sure, DM @GreatAlbatross@feddit.uk
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You can use Tailscale and Zerotier to access your local HomeAssistant from any devices connected with your Tailscale/Zerotier account.
But if you want to expose your HomeAssistant to public using a custom domain name, one way to do that is by using Cloudflare Tunnel: https://www.makeuseof.com/use-cloudflare-tunnel-expose-local-servers-internet/
I'm thinking to expose HA via a cloudflare tunnel; but I'm concerned as to what security implications this may have. I'm not sure what, if any, security issues the HA login page may have. I can easily put everything through a reverse proxy, which I already have set up for other reasons. I may migrate all my externally exposed webpages via cloudflare.
Have any lemmings used cloudflare for this? what is your experience with it?
Security is a rabbit hole and you can go very deep depending on your risk model (an ordinary middle class people has different cybersecurity risk than, say, a CEO of a major bank). Let's say you are an ordinary lemming that don't have to be worry about being specifically targeted by a hacker group or a nation state, you just don't want some botnets get into your network and take over your IoT stuff, I think the following is reasonable enough:
Would using Tailscale be similar to a VPN where I'd have to establish a VPN connection and have all my traffic directed to Tailscale?
Tailscale is a virtual lan network. When you enable tailscale, you'll have an additional network and ip address in your connected devices. It's not actually redirecting all your traffics there, unless you specifically configure it to do so (if you do so, you can designated a device as an "exit node" for your outbound traffic).