You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: source/_docs/ecosystem/backup/backup_github.markdown
+4-4
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ sidebar: true
7
7
comments: false
8
8
sharing: true
9
9
footer: true
10
-
ha_category: Infrastructure
10
+
redirect_from: /cookbook/githubbackup/
11
11
---
12
12
13
13
Backing up and regularly syncing your Home Assistant configuration to [GitHub](http://GitHub.com) has several benefits:
@@ -149,7 +149,7 @@ Every time you run this script, you will be prompted for a comment to describe t
149
149
150
150
[Travis CI](https://travis-ci.org) is a continuous integration testing system that runs every time the code in your repository is updated and allows you to validate that your code works on a fresh install.
151
151
152
-
-[Authorise Travis CI](https://travis-ci.org/auth) to have access to your github repos.
152
+
-[Authorise Travis CI](https://travis-ci.org/auth) to have access to your github repos.
153
153
- Create the build script that travis will run to test your repo.
Copy file name to clipboardExpand all lines: source/_docs/ecosystem/certificates/tls_domain_certificate.markdown
+10-3
Original file line number
Diff line number
Diff line change
@@ -7,17 +7,19 @@ sidebar: true
7
7
comments: false
8
8
sharing: true
9
9
footer: true
10
-
ha_category: Infrastructure
10
+
redirect_from: /cookbook/tls_domain_certificate/
11
11
---
12
12
13
13
If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. You can use [Self-sign certificate](/cookbook/tls_self_signed_certificate/) but your browser will present a warning and some https-only features might not work.
14
14
15
15
### {% linkable_title Prerequirement for this guide %}
16
+
16
17
* Your Home Assistant instance is not exposed to the internet. If it is - use [this guide]({{site_root}}/blog/2015/12/13/setup-encryption-using-lets-encrypt/)
17
18
* You control a public domain name. The domain doesn't have to point to a site. A domain controlled by a *trusted* friend will do. (A friend you trust not to MITM you)
18
19
* Your home router supports custom DNS entries.
19
20
20
21
### {% linkable_title Run certbot %}
22
+
21
23
```bash
22
24
$ mkdir certbot
23
25
$ cd certbot
@@ -44,22 +46,27 @@ Press Enter to Continue
44
46
```
45
47
46
48
* Deploy the value to TXT field using your domain registar.
47
-
48
49
* Go to a site that queries domain record. For example [this one](https://mxtoolbox.com/TXTLookup.aspx) and look if it sees your brand new TXT field (Don't forget to enter the full domain: `_acme-challenge.mydomain.com`)
49
50
* Press Enter at certbot prompt.
50
51
51
52
### {% linkable_title Make mydomain.com point to your Home Assistant instance %}
53
+
52
54
If your router uses DNSMasq (for example DDWRT) add the following line to DNSMasq options:
53
-
```
55
+
56
+
```text
54
57
address=/mydomain.com/<hass ip>
55
58
```
56
59
57
60
### {% linkable_title Edit your Home Assistant configuration to use your certificates %}
61
+
62
+
The [`http`](/components/http/) section must contain the full path to the needed files.
If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. [Let's encrypt]({{site_root}}/blog/2015/12/13/setup-encryption-using-lets-encrypt/) will only work if you have a DNS entry and remote access is allowed. The solution is to use a self-signed certificate. As you most likely don't have a certification authority (CA) your browser will conplain about the security. If you have a CA then this will not be an issue.
Copy file name to clipboardExpand all lines: source/_docs/ecosystem/tor.markdown
+10-12
Original file line number
Diff line number
Diff line change
@@ -7,12 +7,10 @@ sidebar: true
7
7
comments: false
8
8
sharing: true
9
9
footer: true
10
-
ha_category: Infrastructure
11
-
author: Nathan Freitas
12
-
author_twitter: n8fr8
10
+
redirect_from: /cookbook/tor_configuration/
13
11
---
14
12
15
-
This is an example about how you can configure Tor to provide secure remote access to your Home Assistant instance as an Onion site, through Tor's Hidden Service feature. With this enabled, you do not need to open your firewall ports or setup HTTPS to enable secure remote access.
13
+
This is an example about how you can configure Tor to provide secure remote access to your Home Assistant instance as an Onion site, through [Tor's Hidden Service](https://www.torproject.org/docs/hidden-services.html.en) feature. With this enabled, you do not need to open your firewall ports or setup HTTPS to enable secure remote access.
16
14
17
15
This is useful if you want to have:
18
16
@@ -21,21 +19,19 @@ This is useful if you want to have:
21
19
* Want to block attackers from even being able to access/scan your port and server at all
22
20
* Want to block anyone from knowing your home IP address and seeing your traffic to your Home Assistant
23
21
24
-
####{% linkable_title Background and Contact %}
22
+
## {% linkable_title Background and Contact %}
25
23
26
24
This configuration is part of an effort to apply strong cryptography technologies (like Onion Routing and End-to-End Encryption) to technology we increasingly depend on in our day to day lives. Just like when WhatsApp enabled end-to-end encryption messaging for everyone, every home automation and IoT platform should do the same, because A) the technology is all there, freely licensed and open-source and B) up to this point, all the commercial manufacturers have been doing a horrific job with security.
27
25
28
26
You can learn more about how Tor can be used to secure home automation and IoT platforms through this short set of slides on the [Internet of Onion Things](https://github.com/n8fr8/talks/blob/master/onion_things/Internet%20of%20Onion%20Things.pdf)
29
27
30
-
This configuration was provided by @n8fr8 ([github](https://github.com/n8fr8), [twitter](https://twitter.com/n8fr8)) of the [Guardian Project](https://guardianproject.info) and [Tor Project](https://torproject.org). You can send questions, feedback and ideas to [support@guardianproject.info](mailto:support@guardianproject.info).
31
-
32
-
#### {% linkable_title Hidden Services and Onion Sites %}
28
+
## {% linkable_title Hidden Services and Onion Sites %}
33
29
34
30
Tor allows clients and relays to offer hidden services. That is, you can offer a web server, SSH server, etc., without revealing your IP address to its users. In fact, because you don't use any public address, you can run a hidden service from behind your firewall. Learn more about Hidden Services on the [Tor Project website](https://www.torproject.org/docs/tor-hidden-service.html.en).
35
31
36
32
Onion sites are websites that run on a Tor Hidden Service node. "dot onion" sites are an [IETF recognized special use domain name](https://datatracker.ietf.org/doc/rfc7686/).
37
33
38
-
####{% linkable_title Setting up Tor on your Home Assistant %}
34
+
## {% linkable_title Setting up Tor on your Home Assistant %}
39
35
40
36
First, install Tor. On a Debian-based system, you can install the package easily:
You are now done with the Home Assistant Tor server configuration. Make sure your Home Assistant instance is running, and now you can move to client configuration.
84
80
85
-
####{% linkable_title Tor Client Access Setup %}
81
+
## {% linkable_title Tor Client Access Setup %}
86
82
87
83
Using this setup, you can access your Home Assistant instance over Tor from your laptop or mobile device, using Tor Browser and other software.
88
84
@@ -100,7 +96,7 @@ For [Orbot: Tor on Android](https://guardianproject.info/apps/orbot), add it in
100
96
101
97
On iOS, we have not fully tested this yet, but you should be able to add custom torrc entries on [Onion Browser](https://mike.tig.as/onionbrowser/), Red Onion or TOBY browsers, all available in the iTunes App Store.
102
98
103
-
####{% linkable_title Some More Advanced Ideas %}
99
+
## {% linkable_title Some More Advanced Ideas %}
104
100
105
101
With this configuration, only you can access your Home Assistant instance Onion site through Tor, and no one else. You can share the authentication cookie with multiple devices and users, or you can generate a unique one for each - up to you! If you have multiple, say for an industrial, business or corporate configuration, this would provide an easy way to revoke access to a specific user or device.
106
102
@@ -109,4 +105,6 @@ If you always access your Home Assistant instance via Tor, you can easily run th
109
105
You could also use Tor as a means to connect your Home Assistant instance to a remote device, sensor or other service that you do not want to or connect provide a direct, open IP connection to. Again, Tor provides authenticated and confidential routing (aka "privacy and encryption") by default, without having to setup TLS/SSL or VPN. It is just important to secure IoT nodes within your network, as it is to secure remote access!
110
106
111
107
As mentioned, with Orbot on Android, you can enable a "full device" VPN mode, that allows any app you have to tunnel through Tor, even if it is not Tor or proxy aware. This means you should be able to enter your "dot onion" Onion site address into any app you want to access to your Home Assistant instance, and it should work.
112
-
108
+
109
+
This configuration was provided by @n8fr8 ([github](https://github.com/n8fr8), [twitter](https://twitter.com/n8fr8)) of the [Guardian Project](https://guardianproject.info) and [Tor Project](https://torproject.org). You can send questions, feedback and ideas to [support@guardianproject.info](mailto:support@guardianproject.info).
0 commit comments