Hey all!

I’m fairly new to Home Assistant and have just created a few dashboards to be able to view my router statistics and be able to restart them via REST if need be. Love being able to do this seamlessly from one place.

It got me thinking however, that I can only really access the dashboard when I’m on my internal network. I know that there is a paid Home Assistant cloud that would enable me to view my dashboards and such publicly and securely, but I was wondering if this community has set it up themselves for free and securely.

Would anyone be able to guide me in the right direction?

  • Admiral Patrick@dubvee.org
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 year ago

    For years, I used Wireguard as my only way to access it remotely. Worked well but always annoying toggling that on/off since all my traffic went over WG and some apps (bank, Pokemon Go, Netflix) didn’t like that my source IP was a VPS.

    I set up Authelia a year or two ago and now have HA exposed behind that with 2FA. I don’t know if the HA app will work with that, but I use the PWA and it works great.

    Haven’t had any intrusions (yet?) and my HA is “always on” so long as my Authelia session is valid. Other apps are also behind Authelia, so signing into one signs me into all.

    • vividspecter@vlemmy.net
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      Worked well but always annoying toggling that on/off since all my traffic went over WG and some apps (bank, Pokemon Go, Netflix) didn’t like that my source IP was a VPS.

      For the record, with wireguard you can configure AllowedIPs on the client such that internet traffic isn’t routed through the tunnel. Basically, don’t use the wildcard 0.0.0.0/0 and instead set the wireguard network and the LAN subnet that Home Assistant is on if you need to access other devices.

      • Admiral Patrick@dubvee.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Yep, and I eventually set up a separate WG profile that had just my LAN route and set the DNS to my PiHole.

        The full route was more useful most of the time so I still tended to use that more often. Cell signal at the office was nonexistent toward the middle of the building (where the bathrooms are) and the guest WiFi blocked “time waster” sites like Reddit.