jeans/home-assistant.io
jeans/home-assistant.io
1
0
Fork 0
mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-07-22 00:36:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add link to installation section (fixes #8937) (#8942)

Browse Source
This commit is contained in:
Fabian Affolter 2019-03-15 10:16:00 +01:00 committed by GitHub
parent 7d896c621a
commit 32adced7f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
source/_docs/configuration/securing.markdown
View File

@ -16,13 +16,13 @@ One major advantage of Home Assistant is that it's not dependent on cloud servic
Here's the summary of what you *must* do to secure your Home Assistant system:
☐ Configure [secrets](/topics/secrets/) (but do remember to back them up)
☐ Regularly keep the system up to date
- Configure [secrets](/docs/configuration/secrets/) (but do remember to back them up)
- Regularly keep the system up to date
If you only want to use components supported by [Home Assistant cloud](/cloud/) then you don't need to enable remote access. This is obviously the most secure option, but does mean that you're relying on a cloud service for that functionality.
☐ For remote access to the UI, use a [VPN](http://www.pivpn.io/), [Tor](/docs/ecosystem/tor/), or an [SSH tunnel](/blog/2017/11/02/secure-shell-tunnel/)
☐ For remote access for components, use a [TLS/SSL](/docs/ecosystem/certificates/lets_encrypt/) certificate
- For remote access to the UI, use a [VPN](http://www.pivpn.io/), [Tor](/docs/ecosystem/tor/) or an [SSH tunnel](/blog/2017/11/02/secure-shell-tunnel/)
- For remote access for components, use a [TLS/SSL](/docs/ecosystem/certificates/lets_encrypt/) certificate
### {% linkable_title You should %}
@ -39,7 +39,7 @@ As well as the above we advise that you consider the following to improve securi
### {% linkable_title Remote access for just the UI %}
If you only want remote access for access to the web UI then we advise that you follow the **All installs** section, then set up one of:
If you only want remote access for access to the web UI then we advise that you follow the [Installation](/docs/installation/) section, then set up one of:
- A VPN such as [PiVPN](http://www.pivpn.io/) or [ZeroTier](https://www.zerotier.com/), which will give you access to your whole home network
- [Tor](/docs/ecosystem/tor/), which also avoids the need for port forwarding
@ -49,10 +49,10 @@ If you only want remote access for access to the web UI then we advise that you
For remote access for a component, for example, a device tracker, you have to enable access to the API by:
1. Following the steps in **All installs**, then
1. Following the steps in [Installation](/docs/installation/), then
2. Forwarding a port and protect your communication with one of:
* A [TLS/SSL](/docs/ecosystem/certificates/lets_encrypt/) certificate (you can use one from Let's Encrypt, or any commercial SSL certificate vendor)
* A [self-signed certificate](/cookbook/tls_self_signed_certificate/) - be warned though, some services will refuse to work with self-signed certificates
3. Optionally use a proxy like [NGINX](/docs/ecosystem/nginx/), [Apache](/cookbook/apache_configuration/), or another. These allow you to provide finer-grained access. You could use this to limit access to specific parts of the API (for example, only `/api/owntracks/`)
3. Optionally use a proxy like [NGINX](/docs/ecosystem/nginx/), [Apache](/docs/ecosystem/apache/), [HAproxy](/docs/ecosystem/haproxy/) or another. These allow you to provide finer-grained access. You could use this to limit access to specific parts of the API (for example, only `/api/owntracks/`)
4. Enable IP Filtering and configure a low [Login Attempts Threshold](/components/http/)
5. If you use a proxy then install [fail2ban](https://www.fail2ban.org/wiki/index.php/Main_Page) to [monitor your proxy logs](/cookbook/fail2ban/) (or Home Assistant logs) for failed authentication