diff --git a/source/_cookbook/apache_configuration.markdown b/source/_docs/ecosystem/apache.markdown similarity index 97% rename from source/_cookbook/apache_configuration.markdown rename to source/_docs/ecosystem/apache.markdown index 594c5ac249f9..e526cc3f79e5 100644 --- a/source/_cookbook/apache_configuration.markdown +++ b/source/_docs/ecosystem/apache.markdown @@ -1,13 +1,13 @@ --- layout: page -title: "Apache Configuration" +title: "Apache Proxy" description: "Configure Apache to work with Home Assistant as a subdomain" date: 2016-06-20 13:05 sidebar: true comments: false sharing: true footer: true -ha_category: Infrastructure +redirect_from: /cookbook/apache_configuration/ --- This example demonstrates how you can configure Apache to act as a proxy for Home Assistant. diff --git a/source/_cookbook/githubbackup.markdown b/source/_docs/ecosystem/backup/backup_github.markdown similarity index 98% rename from source/_cookbook/githubbackup.markdown rename to source/_docs/ecosystem/backup/backup_github.markdown index 5b46bdfa9d76..2af70720c5cd 100644 --- a/source/_cookbook/githubbackup.markdown +++ b/source/_docs/ecosystem/backup/backup_github.markdown @@ -7,7 +7,7 @@ sidebar: true comments: false sharing: true footer: true -ha_category: Infrastructure +redirect_from: /cookbook/githubbackup/ --- Backing up and regularly syncing your Home Assistant configuration to [GitHub](http://GitHub.com) has several benefits: @@ -149,7 +149,7 @@ Every time you run this script, you will be prompted for a comment to describe t [Travis CI](https://travis-ci.org) is a continuous integration testing system that runs every time the code in your repository is updated and allows you to validate that your code works on a fresh install. -- [Authorise Travis CI](https://travis-ci.org/auth) to have access to your github repos. +- [Authorise Travis CI](https://travis-ci.org/auth) to have access to your github repos. - Create the build script that travis will run to test your repo. - Create a dummy secrets.yaml for Travis. @@ -159,7 +159,7 @@ language: python python: - "3.4" before_install: - - mv travis_secrets.yaml secrets.yaml + - mv travis_secrets.yaml secrets.yaml install: - pip3 install homeassistant script: @@ -188,7 +188,7 @@ $ git status Examples: ```bash -homeassistant@raspberrypi:~/.homeassistant $ git ls-files +homeassistant@raspberrypi:~/.homeassistant $ git ls-files .gitignore README.md automation.yaml diff --git a/source/_cookbook/tls_domain_certificate.markdown b/source/_docs/ecosystem/certificates/tls_domain_certificate.markdown similarity index 94% rename from source/_cookbook/tls_domain_certificate.markdown rename to source/_docs/ecosystem/certificates/tls_domain_certificate.markdown index fb0d98e31fb4..91198ddd4f76 100644 --- a/source/_cookbook/tls_domain_certificate.markdown +++ b/source/_docs/ecosystem/certificates/tls_domain_certificate.markdown @@ -7,17 +7,19 @@ sidebar: true comments: false sharing: true footer: true -ha_category: Infrastructure +redirect_from: /cookbook/tls_domain_certificate/ --- If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. You can use [Self-sign certificate](/cookbook/tls_self_signed_certificate/) but your browser will present a warning and some https-only features might not work. ### {% linkable_title Prerequirement for this guide %} + * Your Home Assistant instance is not exposed to the internet. If it is - use [this guide]({{site_root}}/blog/2015/12/13/setup-encryption-using-lets-encrypt/) * You control a public domain name. The domain doesn't have to point to a site. A domain controlled by a *trusted* friend will do. (A friend you trust not to MITM you) * Your home router supports custom DNS entries. ### {% linkable_title Run certbot %} + ```bash $ mkdir certbot $ cd certbot @@ -44,17 +46,21 @@ Press Enter to Continue ``` * Deploy the value to TXT field using your domain registar. - * Go to a site that queries domain record. For example [this one](https://mxtoolbox.com/TXTLookup.aspx) and look if it sees your brand new TXT field (Don't forget to enter the full domain: `_acme-challenge.mydomain.com`) * Press Enter at certbot prompt. ### {% linkable_title Make mydomain.com point to your Home Assistant instance %} + If your router uses DNSMasq (for example DDWRT) add the following line to DNSMasq options: -``` + +```text address=/mydomain.com/ ``` ### {% linkable_title Edit your Home Assistant configuration to use your certificates %} + +The [`http`](/components/http/) section must contain the full path to the needed files. + ```yaml http: api_password: YOUR_SECRET_PASSWORD @@ -62,4 +68,5 @@ http: ssl_certificate: /etc/letsencrypt/live/mydomain.com/fullchain.pem ssl_key: /etc/letsencrypt/live/mydomain.com/privkey.pem ``` + Make sure the files are accessible by the user that runs Home Assistant, eg. `homeassistant` for a HASSbian setup. diff --git a/source/_cookbook/tls_self_signed_certificate.markdown b/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown similarity index 97% rename from source/_cookbook/tls_self_signed_certificate.markdown rename to source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown index 61ced56bf555..9eb1035eab69 100644 --- a/source/_cookbook/tls_self_signed_certificate.markdown +++ b/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown @@ -7,7 +7,7 @@ sidebar: true comments: false sharing: true footer: true -ha_category: Infrastructure +redirect_from: /cookbook/tls_self_signed_certificate/ --- If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. [Let's encrypt]({{site_root}}/blog/2015/12/13/setup-encryption-using-lets-encrypt/) will only work if you have a DNS entry and remote access is allowed. The solution is to use a self-signed certificate. As you most likely don't have a certification authority (CA) your browser will conplain about the security. If you have a CA then this will not be an issue. diff --git a/source/_cookbook/tor_configuration.markdown b/source/_docs/ecosystem/tor.markdown similarity index 92% rename from source/_cookbook/tor_configuration.markdown rename to source/_docs/ecosystem/tor.markdown index 5bc371d176ad..c5fd98dc0ebe 100644 --- a/source/_cookbook/tor_configuration.markdown +++ b/source/_docs/ecosystem/tor.markdown @@ -7,12 +7,10 @@ sidebar: true comments: false sharing: true footer: true -ha_category: Infrastructure -author: Nathan Freitas -author_twitter: n8fr8 +redirect_from: /cookbook/tor_configuration/ --- -This is an example about how you can configure Tor to provide secure remote access to your Home Assistant instance as an Onion site, through Tor's Hidden Service feature. With this enabled, you do not need to open your firewall ports or setup HTTPS to enable secure remote access. +This is an example about how you can configure Tor to provide secure remote access to your Home Assistant instance as an Onion site, through [Tor's Hidden Service](https://www.torproject.org/docs/hidden-services.html.en) feature. With this enabled, you do not need to open your firewall ports or setup HTTPS to enable secure remote access. This is useful if you want to have: @@ -21,21 +19,19 @@ This is useful if you want to have: * Want to block attackers from even being able to access/scan your port and server at all * Want to block anyone from knowing your home IP address and seeing your traffic to your Home Assistant -#### {% linkable_title Background and Contact %} +## {% linkable_title Background and Contact %} This configuration is part of an effort to apply strong cryptography technologies (like Onion Routing and End-to-End Encryption) to technology we increasingly depend on in our day to day lives. Just like when WhatsApp enabled end-to-end encryption messaging for everyone, every home automation and IoT platform should do the same, because A) the technology is all there, freely licensed and open-source and B) up to this point, all the commercial manufacturers have been doing a horrific job with security. You can learn more about how Tor can be used to secure home automation and IoT platforms through this short set of slides on the [Internet of Onion Things](https://github.com/n8fr8/talks/blob/master/onion_things/Internet%20of%20Onion%20Things.pdf) -This configuration was provided by @n8fr8 ([github](https://github.com/n8fr8), [twitter](https://twitter.com/n8fr8)) of the [Guardian Project](https://guardianproject.info) and [Tor Project](https://torproject.org). You can send questions, feedback and ideas to [support@guardianproject.info](mailto:support@guardianproject.info). - -#### {% linkable_title Hidden Services and Onion Sites %} +## {% linkable_title Hidden Services and Onion Sites %} Tor allows clients and relays to offer hidden services. That is, you can offer a web server, SSH server, etc., without revealing your IP address to its users. In fact, because you don't use any public address, you can run a hidden service from behind your firewall. Learn more about Hidden Services on the [Tor Project website](https://www.torproject.org/docs/tor-hidden-service.html.en). Onion sites are websites that run on a Tor Hidden Service node. "dot onion" sites are an [IETF recognized special use domain name](https://datatracker.ietf.org/doc/rfc7686/). -#### {% linkable_title Setting up Tor on your Home Assistant %} +## {% linkable_title Setting up Tor on your Home Assistant %} First, install Tor. On a Debian-based system, you can install the package easily: @@ -82,7 +78,7 @@ abcdef1234567890.onion ABCDEF1122334455667789 # client: haremote1 You are now done with the Home Assistant Tor server configuration. Make sure your Home Assistant instance is running, and now you can move to client configuration. -#### {% linkable_title Tor Client Access Setup %} +## {% linkable_title Tor Client Access Setup %} Using this setup, you can access your Home Assistant instance over Tor from your laptop or mobile device, using Tor Browser and other software. @@ -100,7 +96,7 @@ For [Orbot: Tor on Android](https://guardianproject.info/apps/orbot), add it in On iOS, we have not fully tested this yet, but you should be able to add custom torrc entries on [Onion Browser](https://mike.tig.as/onionbrowser/), Red Onion or TOBY browsers, all available in the iTunes App Store. -#### {% linkable_title Some More Advanced Ideas %} +## {% linkable_title Some More Advanced Ideas %} With this configuration, only you can access your Home Assistant instance Onion site through Tor, and no one else. You can share the authentication cookie with multiple devices and users, or you can generate a unique one for each - up to you! If you have multiple, say for an industrial, business or corporate configuration, this would provide an easy way to revoke access to a specific user or device. @@ -109,4 +105,6 @@ If you always access your Home Assistant instance via Tor, you can easily run th You could also use Tor as a means to connect your Home Assistant instance to a remote device, sensor or other service that you do not want to or connect provide a direct, open IP connection to. Again, Tor provides authenticated and confidential routing (aka "privacy and encryption") by default, without having to setup TLS/SSL or VPN. It is just important to secure IoT nodes within your network, as it is to secure remote access! As mentioned, with Orbot on Android, you can enable a "full device" VPN mode, that allows any app you have to tunnel through Tor, even if it is not Tor or proxy aware. This means you should be able to enter your "dot onion" Onion site address into any app you want to access to your Home Assistant instance, and it should work. - + +This configuration was provided by @n8fr8 ([github](https://github.com/n8fr8), [twitter](https://twitter.com/n8fr8)) of the [Guardian Project](https://guardianproject.info) and [Tor Project](https://torproject.org). You can send questions, feedback and ideas to [support@guardianproject.info](mailto:support@guardianproject.info). + diff --git a/source/_includes/asides/docs_navigation.html b/source/_includes/asides/docs_navigation.html index 570697ab6004..4bbcd23b1846 100644 --- a/source/_includes/asides/docs_navigation.html +++ b/source/_includes/asides/docs_navigation.html @@ -136,7 +136,6 @@

Topics

  • {% active_link /docs/ecosystem/appdaemon/api/ AppDaemon API Reference %}
    • -
  • {% active_link /docs/ecosystem/hadashboard/ HADashboard %}
    • -
  • {% active_link /docs/ecosystem/notebooks/ Notebooks %}
    • -
  • {% active_link /docs/ecosystem/nginx/ NGINX %}
    • +
  • + Remote access + +
    • +
  • + Certificates + +
  • {% active_link /docs/ecosystem/scenegen/ scenegen %}
  • {% active_link /docs/ecosystem/synology/ Synology %}
    • +
  • {% active_link /docs/ecosystem/backup/backup_github/ Backup to GitHub %}