Move infrastructure cookbooks to docs (#2331)

* Move apache configuration to docs

* Add redirect

* Move certificate cookbooks to docs

* Add redirect

* Move tor configuration to docs

* Fix extension

* Update headings and add redirect

* Move file to docs

* Add redirect and remove whitespaces

* Add new sections
This commit is contained in:
Fabian Affolter 2017-03-25 19:19:33 +01:00 committed by GitHub
parent 82c9798f10
commit 8f1095fda0
6 changed files with 43 additions and 25 deletions

View File

@ -1,13 +1,13 @@
---
layout: page
title: "Apache Configuration"
title: "Apache Proxy"
description: "Configure Apache to work with Home Assistant as a subdomain"
date: 2016-06-20 13:05
sidebar: true
comments: false
sharing: true
footer: true
ha_category: Infrastructure
redirect_from: /cookbook/apache_configuration/
---
This example demonstrates how you can configure Apache to act as a proxy for Home Assistant.

View File

@ -7,7 +7,7 @@ sidebar: true
comments: false
sharing: true
footer: true
ha_category: Infrastructure
redirect_from: /cookbook/githubbackup/
---
Backing up and regularly syncing your Home Assistant configuration to [GitHub](http://GitHub.com) has several benefits:
@ -149,7 +149,7 @@ Every time you run this script, you will be prompted for a comment to describe t
[Travis CI](https://travis-ci.org) is a continuous integration testing system that runs every time the code in your repository is updated and allows you to validate that your code works on a fresh install.
- [Authorise Travis CI](https://travis-ci.org/auth) to have access to your github repos.
- [Authorise Travis CI](https://travis-ci.org/auth) to have access to your github repos.
- Create the build script that travis will run to test your repo.
- Create a dummy secrets.yaml for Travis.
@ -159,7 +159,7 @@ language: python
python:
- "3.4"
before_install:
- mv travis_secrets.yaml secrets.yaml
- mv travis_secrets.yaml secrets.yaml
install:
- pip3 install homeassistant
script:
@ -188,7 +188,7 @@ $ git status
Examples:
```bash
homeassistant@raspberrypi:~/.homeassistant $ git ls-files
homeassistant@raspberrypi:~/.homeassistant $ git ls-files
.gitignore
README.md
automation.yaml

View File

@ -7,17 +7,19 @@ sidebar: true
comments: false
sharing: true
footer: true
ha_category: Infrastructure
redirect_from: /cookbook/tls_domain_certificate/
---
If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. You can use [Self-sign certificate](/cookbook/tls_self_signed_certificate/) but your browser will present a warning and some https-only features might not work.
### {% linkable_title Prerequirement for this guide %}
* Your Home Assistant instance is not exposed to the internet. If it is - use [this guide]({{site_root}}/blog/2015/12/13/setup-encryption-using-lets-encrypt/)
* You control a public domain name. The domain doesn't have to point to a site. A domain controlled by a *trusted* friend will do. (A friend you trust not to MITM you)
* Your home router supports custom DNS entries.
### {% linkable_title Run certbot %}
```bash
$ mkdir certbot
$ cd certbot
@ -44,17 +46,21 @@ Press Enter to Continue
```
* Deploy the value to TXT field using your domain registar.
* Go to a site that queries domain record. For example [this one](https://mxtoolbox.com/TXTLookup.aspx) and look if it sees your brand new TXT field (Don't forget to enter the full domain: `_acme-challenge.mydomain.com`)
* Press Enter at certbot prompt.
### {% linkable_title Make mydomain.com point to your Home Assistant instance %}
If your router uses DNSMasq (for example DDWRT) add the following line to DNSMasq options:
```
```text
address=/mydomain.com/<hass ip>
```
### {% linkable_title Edit your Home Assistant configuration to use your certificates %}
The [`http`](/components/http/) section must contain the full path to the needed files.
```yaml
http:
api_password: YOUR_SECRET_PASSWORD
@ -62,4 +68,5 @@ http:
ssl_certificate: /etc/letsencrypt/live/mydomain.com/fullchain.pem
ssl_key: /etc/letsencrypt/live/mydomain.com/privkey.pem
```
Make sure the files are accessible by the user that runs Home Assistant, eg. `homeassistant` for a HASSbian setup.

View File

@ -7,7 +7,7 @@ sidebar: true
comments: false
sharing: true
footer: true
ha_category: Infrastructure
redirect_from: /cookbook/tls_self_signed_certificate/
---
If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. [Let's encrypt]({{site_root}}/blog/2015/12/13/setup-encryption-using-lets-encrypt/) will only work if you have a DNS entry and remote access is allowed. The solution is to use a self-signed certificate. As you most likely don't have a certification authority (CA) your browser will conplain about the security. If you have a CA then this will not be an issue.

View File

@ -7,12 +7,10 @@ sidebar: true
comments: false
sharing: true
footer: true
ha_category: Infrastructure
author: Nathan Freitas
author_twitter: n8fr8
redirect_from: /cookbook/tor_configuration/
---
This is an example about how you can configure Tor to provide secure remote access to your Home Assistant instance as an Onion site, through Tor's Hidden Service feature. With this enabled, you do not need to open your firewall ports or setup HTTPS to enable secure remote access.
This is an example about how you can configure Tor to provide secure remote access to your Home Assistant instance as an Onion site, through [Tor's Hidden Service](https://www.torproject.org/docs/hidden-services.html.en) feature. With this enabled, you do not need to open your firewall ports or setup HTTPS to enable secure remote access.
This is useful if you want to have:
@ -21,21 +19,19 @@ This is useful if you want to have:
* Want to block attackers from even being able to access/scan your port and server at all
* Want to block anyone from knowing your home IP address and seeing your traffic to your Home Assistant
#### {% linkable_title Background and Contact %}
## {% linkable_title Background and Contact %}
This configuration is part of an effort to apply strong cryptography technologies (like Onion Routing and End-to-End Encryption) to technology we increasingly depend on in our day to day lives. Just like when WhatsApp enabled end-to-end encryption messaging for everyone, every home automation and IoT platform should do the same, because A) the technology is all there, freely licensed and open-source and B) up to this point, all the commercial manufacturers have been doing a horrific job with security.
You can learn more about how Tor can be used to secure home automation and IoT platforms through this short set of slides on the [Internet of Onion Things](https://github.com/n8fr8/talks/blob/master/onion_things/Internet%20of%20Onion%20Things.pdf)
This configuration was provided by @n8fr8 ([github](https://github.com/n8fr8), [twitter](https://twitter.com/n8fr8)) of the [Guardian Project](https://guardianproject.info) and [Tor Project](https://torproject.org). You can send questions, feedback and ideas to [support@guardianproject.info](mailto:support@guardianproject.info).
#### {% linkable_title Hidden Services and Onion Sites %}
## {% linkable_title Hidden Services and Onion Sites %}
Tor allows clients and relays to offer hidden services. That is, you can offer a web server, SSH server, etc., without revealing your IP address to its users. In fact, because you don't use any public address, you can run a hidden service from behind your firewall. Learn more about Hidden Services on the [Tor Project website](https://www.torproject.org/docs/tor-hidden-service.html.en).
Onion sites are websites that run on a Tor Hidden Service node. "dot onion" sites are an [IETF recognized special use domain name](https://datatracker.ietf.org/doc/rfc7686/).
#### {% linkable_title Setting up Tor on your Home Assistant %}
## {% linkable_title Setting up Tor on your Home Assistant %}
First, install Tor. On a Debian-based system, you can install the package easily:
@ -82,7 +78,7 @@ abcdef1234567890.onion ABCDEF1122334455667789 # client: haremote1
You are now done with the Home Assistant Tor server configuration. Make sure your Home Assistant instance is running, and now you can move to client configuration.
#### {% linkable_title Tor Client Access Setup %}
## {% linkable_title Tor Client Access Setup %}
Using this setup, you can access your Home Assistant instance over Tor from your laptop or mobile device, using Tor Browser and other software.
@ -100,7 +96,7 @@ For [Orbot: Tor on Android](https://guardianproject.info/apps/orbot), add it in
On iOS, we have not fully tested this yet, but you should be able to add custom torrc entries on [Onion Browser](https://mike.tig.as/onionbrowser/), Red Onion or TOBY browsers, all available in the iTunes App Store.
#### {% linkable_title Some More Advanced Ideas %}
## {% linkable_title Some More Advanced Ideas %}
With this configuration, only you can access your Home Assistant instance Onion site through Tor, and no one else. You can share the authentication cookie with multiple devices and users, or you can generate a unique one for each - up to you! If you have multiple, say for an industrial, business or corporate configuration, this would provide an easy way to revoke access to a specific user or device.
@ -109,4 +105,6 @@ If you always access your Home Assistant instance via Tor, you can easily run th
You could also use Tor as a means to connect your Home Assistant instance to a remote device, sensor or other service that you do not want to or connect provide a direct, open IP connection to. Again, Tor provides authenticated and confidential routing (aka "privacy and encryption") by default, without having to setup TLS/SSL or VPN. It is just important to secure IoT nodes within your network, as it is to secure remote access!
As mentioned, with Orbot on Android, you can enable a "full device" VPN mode, that allows any app you have to tunnel through Tor, even if it is not Tor or proxy aware. This means you should be able to enter your "dot onion" Onion site address into any app you want to access to your Home Assistant instance, and it should work.
This configuration was provided by @n8fr8 ([github](https://github.com/n8fr8), [twitter](https://twitter.com/n8fr8)) of the [Guardian Project](https://guardianproject.info) and [Tor Project](https://torproject.org). You can send questions, feedback and ideas to [support@guardianproject.info](mailto:support@guardianproject.info).

View File

@ -136,7 +136,6 @@
<li>{% active_link /docs/ecosystem/appdaemon/api/ AppDaemon API Reference %}</li>
</ul>
</li>
<li>
{% active_link /docs/ecosystem/hadashboard/ HADashboard %}
<ul>
@ -147,7 +146,6 @@
<li>{% active_link /docs/ecosystem/hadashboard/updating/ Updating HADashboard %}</li>
</ul>
</li>
<li>
{% active_link /docs/ecosystem/notebooks/ Notebooks %}
<ul>
@ -179,9 +177,24 @@
<li>{% active_link /docs/ecosystem/ios/integration/ Integration with other apps %}</li>
</ul>
</li>
<li>{% active_link /docs/ecosystem/nginx/ NGINX %}</li>
<li>
Remote access
<ul>
<li>{% active_link /docs/ecosystem/apache/ Apache %}</li>
<li>{% active_link /docs/ecosystem/nginx/ NGINX %}</li>
<li>{% active_link /docs/ecosystem/tor/ Tor Onion Service %}</li>
</ul>
</li>
<li>
Certificates
<ul>
<li>{% active_link /docs/ecosystem/certificates/tls_self_signed_certificate/ Self-signed certificate %}</li>
<li>{% active_link /docs/ecosystem/certificates/tls_domain_certificate/ Certificate domain owners %}</li>
</ul>
</li>
<li>{% active_link /docs/ecosystem/scenegen/ scenegen %}</li>
<li>{% active_link /docs/ecosystem/synology/ Synology %}</li>
<li>{% active_link /docs/ecosystem/backup/backup_github/ Backup to GitHub %}</li>
</ul>
</ul>
</div>