What tips for security have you got I didn't mention here!? 👇

+1 for a VLAN deep-dive! Awesome video, like ways. Keep it up man.

A detailed video about docker containers...Like what are docker containers..What are the pros and cons of using HA on docker containers..etc..

Hey Lewis, would definitely be interested in a VLAN video. Synology user here (no native VLAN setup on my device.. yet), but I think covering it using your personal equipment would get many on the right track for digging into their own equipment. Thanks again for the great content!

How long have you been doing this? I am looking at a professional. Great intro, love that you got straight to the point. As always great video!

Enable HTTPS would be nice to have an example :D. Great video and thanks for the tips!

Thanks for the bonus security suggestions Lewis, I'm much more comfortable about enabling remote access to HA now. 👍🏻

2:06 Lewis: "Use strong password" 4:06 Lewis: *uses 4 character password* *facepalm*

Will you do a video on VLAN? And what specific software equipment you personally use?

Great video with useful tips. Considering Home Assistant itself often contains a lot of sensitive information and access, where would you put it in a VLAN network?

You mentioned IoT at the end of your video, I'm in the process as we speak of setting up my home network after upgrading to omada equipment, router, switch and ap. What devices / device types would you reccomend I assign an IoT subnet address to? Thankyou for all your videos, I'm a Homeassistant semi-novice and you have helped and inspired a lot!

Thank you again for a clear well explained video. Freenum seems not to work as of now. Are there any good alternatives?

Regarding vlans: where do you think is the best practice to put HA on? your main vlan, IoT one or seperate for itself? I'm looking into buying a Ubiquiti USG-3. Don't like its limited throughput tho with IDS/IPS but yeah, don't think I want to invest more in something like the 4 pro one or, a dream machine for an instance, for my uses. Thanks and btw great video, enabled 2FA which I didn't think is an option on HA.

Great tips as a new user. Thank you!

Another great Video - Thanks and keep up the good work

Nice one, thanks. But where do I check which IP's have been banned? And possibly lifting some of those bans? Thank you

Will you make a part 2 of this kind of security-related topic about Home assistant?

Don't expose HA to the Internet. Keep it local and connect to it through a VPN.

I think we all are now interrested to know more about the VLAN tip. You can just do a video with your setup so that we can understand better how all that works. Tks, and congrats for all your work.

With security, its never just one thing. The best approach is a layered one :-)

Would love to see a good primer on VLAN with Home Assistant.

Could you please make a VLAN security management video for Home Assistant? That will really help protect my HA. Thanks in advance!! Best regards, Adi

Another great video!

thanks very good job 😀😀😀😀

Love your videos! I feel like I'm learning from Magneto (Michael fassbinder) you look very similar!🤣 Thanks for your help👍

I assume that if I am using WireGuard to access from outside my home I should not need to use HTTPS nor DuckDNS, correct?

I would love more info on the VLAN. What is the minimum or suggested hardware. I am thinking of upgrading from an ISP modem/router

rather than using vlan's use an enterprise firewall there are a number of free ones for home uses (such as Sophos), and setup all your IoT devices with fixed IP addresses, then you can exclude those devices you don't trust 100% from accessing the WAN. Added benefit of this is you can tell if those devices are trying to phone home. It is a pain to use fixed IP addresses but if you create a network IP address plan for your devices you only ever have to set the IP address once. Using fixed IP addresses also allows you to shut down a devices access if it has unusual traffic from your firewall.

👍 great video mate

Where is the VLANs video? 🤭I really want to know how you manage your iot devices on a different network.

Again a very informative video for a rookie, like me. However adding your specs (2 lines about ipban) it results in a error. Saying: the login attemps line is not possible under the `http` section. How to overcome this. Thank you.

Hey Lewis, that was a really good video about setting up remote access to HA. Many months ago I got my remote access setup and it is working fine. I recently looked over my logs and saw a message to remove the base_url entry from my HTTP integration. That's when I started looking around and found your video which raise a couple questions. Q1: In your video you said that when setting up port forwarding that you could change the HA default port which would make the URL cleaner. I assume meaning to not have to include the port in the URL. I didn't do anything that I know of to change my HA default port but my 8123 port isn't open (using canyouseeme), I only have the 443 port forwarded, and I don't include a port in my URL. The instructions I followed were fairly similar to yours, except I didn't include the 8123 to 8123 port forwarding. Did I change my default somehow and how did I do that? Q2: I want to remove the base_url entry from HTTP. I currently have no URLs entered in the Configuration>General page. Is it as simple as just deleting the base_url entry and pasting the URL that was in base_url into the Internal & External spaces in Configuration>General? FYI, I'm running a supervised instance on Ubuntu on a NUC 10.

Excellent Video. Issues with 2FA and iPhone companion app. Never asked for the authentication code on iphone or ipad. Worked on both for a while. iphone stopped wotking with error: login attempt or request with invalid authentication from... Finally disable 2FA and am working again. Does 2FA work with the companion apps? Thanks!

Would you be able to explain to how provide Admin only access for Logbook and History menus? I want to give access the sitter who I created a custom Lovelace card that they only have access too. What I just noticed is they still have access to logbook, history, maps, etc.

My Question/Request. How do I set up Github for my config? (How do I easily share there etc?) I tried it years ago and got nowhere with it.

VSC reports "Property ipban is not allowed". This because HTTPS access hasn't been enabled?

would also love to see a vid how to enable ssd boot on raspberry pi 3b...i think there are not much vid on this topic.

Great tips! I found the secrets file tip especially useful. Do you know if it is possible to use the secrets file to store passwords for HA Supervisor Add-ons like MariaDB, Samba Share, or SSH & Web Terminal?

IoT devices notoriously have bad security. Having a separate vlan for them is a good way to decrease the risk of an exploited IoT device from providing access to the rest of your network.

Is there an easy way to remove IP's from the blacklist? My wife is the type who'll guess at her password 20 times rather than resetting it, and I'm confident she'll blacklist our home IP, her mobile IP, and her work IP all within a few months.

Disable ssh if you dont use or setup keys.

I followed your instructions on using DuckDNS and Letsencrypt etc. I was able to get everything working, how do I get my GF access? She has the newest Iphone 14. I assume its an issue with the certificate requirements? I copied the fullshain pem to her IOS phone, installed the cert and still cannot get access. "Login Credentials Failed" can you help?

Recommended routers and setup for vlans

Hi, any tips on "login attempt failed" problem with duckdns and/or nginx? i've tried multiple different tips from internet, but with no luck. i'd like to have ip_ban enabled, but due to that problem i can't. trusted proxies / users don't seem to work. I've tried using NAT and firewall rules and i can't even remember what else i've tried but nothing seems to help. also could you make a in depth video of trusted users and how to use them? PS. your videos are great! not too fast and great explanations!

Where are the blocked ip addresses stored if they get blacklisted? What if your own ip gets black listed?

What about IDS/IPS ? or NIPS

Have you had any issues with the home assistant app and not using port 8123 for your external connections?

Vlan tutorial please 😀👍

Do the vlan

When using 2FA, will this stop any snapshots from being uploaded to my Google drive? Many thanks

A nice tutorial would be how to setup duckdns and MQTT. Since I configured duck DNS my MQTT is no longer working and I'm not sure why.

Timestamps would help.

I got the 403 access denied, not able to connect to HA even locally. Think it might be tip no 5. What to do?

Hi is it possible to add my Local IP address not to get banned please

after restart the server for ip_ban my home assistant stop works, now i'm stucked on the page "unable to connect to HA" :(

Imej itu terlalu menyinggung perasaan