What tips for security have you got I didn't mention here!? 👇
@jordandeboer-piedt14683 жыл бұрын
Another security tip would be using a DNS provider that offers sophisticated protection and firewall rules at the edge, such as cloudflare. I'm in the process of setting up local firewall rules that expect all external traffic to my homeassistant to come from cloudflare or other cloud providers I rely on such as google.
@EverythingSmartHome3 жыл бұрын
For sure, cloudflare is excellent if you have your own domain name!
@simongchadwick3 жыл бұрын
OpenVPN and DuckDNS (DDNS) for remote access to HA. Also I only buy Tasmota-capable and Zigbee smart devices, so no IoT device is calling a Chinese mothership. Also the Tasmota devices access an NTP server on the HA box to stay in sync. Thanks for the video!
@EverythingSmartHome3 жыл бұрын
Good ones also! Thanks
@kyleylin3 жыл бұрын
Reverse proxy to provide an additional layer of obfuscation on the entry point (port 80/443). Hide Home Assistant behind a normal-looking blog site for example
@Neejoh3 жыл бұрын
+1 for a VLAN deep-dive! Awesome video, like ways. Keep it up man.
@EverythingSmartHome3 жыл бұрын
Would love too! The only problem is everyone has different hardware, what platform are you working with?
@RustyShackelford_3 жыл бұрын
Unify!
@try-that3 жыл бұрын
Another Unifi and pfSense user, I have a VLAN working, but would like to learn more about setting up and using VLANs. I've not found a video that makes feel confident setting them up and your videos always strike me as easy to understand and you still have time to answer questions.
@EverythingSmartHome3 жыл бұрын
I think we all need to petition Unifi to send me a gateway for a video 👀😂 and thanks, appreciate it!
@try-that3 жыл бұрын
@@EverythingSmartHome Must admit I run the controller on either a PI or as I'm doing now on OMV via a container. Looks as there are a change afoot at Unifi, so you might get one, not sure it's worth it though :(
@rajmohanjena1093 жыл бұрын
A detailed video about docker containers...Like what are docker containers..What are the pros and cons of using HA on docker containers..etc..
@bubokroar51573 жыл бұрын
Hey Lewis, would definitely be interested in a VLAN video. Synology user here (no native VLAN setup on my device.. yet), but I think covering it using your personal equipment would get many on the right track for digging into their own equipment. Thanks again for the great content!
@EverythingSmartHome3 жыл бұрын
Thank you, will defineitely look into it!
@WordupG2 жыл бұрын
@@EverythingSmartHome I agree. Would love to see your take on IOT VLAN structure. Based on your background I think it would be very useful. Thanks
@guillaumemolter2 жыл бұрын
@Everything Smart Home I would also love a VLAN setup video.
@TobyMole Жыл бұрын
Was there any VLAN video since this? Would love one (preferably one that doesn't just rely on ubiquity smarts, not all of us are up for that cost!) as I'm not too knowledgeable on networking.
@ZackBarett3 жыл бұрын
How long have you been doing this? I am looking at a professional. Great intro, love that you got straight to the point. As always great video!
@EverythingSmartHome3 жыл бұрын
Oh man your too kind Zack, I appreciate that! First video was pretty much exactly 6 months ago, first time ever on video and it shows 😂
@excimer782 ай бұрын
Enable HTTPS would be nice to have an example :D. Great video and thanks for the tips!
@rob19713 жыл бұрын
Thanks for the bonus security suggestions Lewis, I'm much more comfortable about enabling remote access to HA now. 👍🏻
@rob19713 жыл бұрын
I'll need to try and think of something other than 'mypassword' as my password now though 😉
Will you do a video on VLAN? And what specific software equipment you personally use?
@EverythingSmartHome3 жыл бұрын
I could but yes its very hard to do since everyone has different equipment!
@janmagnusrkke8815 Жыл бұрын
Great video with useful tips. Considering Home Assistant itself often contains a lot of sensitive information and access, where would you put it in a VLAN network?
@J27ODP2 жыл бұрын
You mentioned IoT at the end of your video, I'm in the process as we speak of setting up my home network after upgrading to omada equipment, router, switch and ap. What devices / device types would you reccomend I assign an IoT subnet address to? Thankyou for all your videos, I'm a Homeassistant semi-novice and you have helped and inspired a lot!
@ABKimp Жыл бұрын
Thank you again for a clear well explained video. Freenum seems not to work as of now. Are there any good alternatives?
@kreambo12353 жыл бұрын
Regarding vlans: where do you think is the best practice to put HA on? your main vlan, IoT one or seperate for itself? I'm looking into buying a Ubiquiti USG-3. Don't like its limited throughput tho with IDS/IPS but yeah, don't think I want to invest more in something like the 4 pro one or, a dream machine for an instance, for my uses. Thanks and btw great video, enabled 2FA which I didn't think is an option on HA.
@VegascomJeff3 жыл бұрын
Great tips as a new user. Thank you!
@EverythingSmartHome3 жыл бұрын
Thanks for the comment and support, appreciate it!
@tony1130003 жыл бұрын
Another great Video - Thanks and keep up the good work
@EverythingSmartHome3 жыл бұрын
Cheers Tony!
@Shaq2k3 жыл бұрын
Nice one, thanks. But where do I check which IP's have been banned? And possibly lifting some of those bans? Thank you
@EverythingSmartHome3 жыл бұрын
Hello! There is an IP_bans file created in the config folder once an IP is banned
@user-zr7kz4vs7c3 жыл бұрын
Will you make a part 2 of this kind of security-related topic about Home assistant?
@EverythingSmartHome3 жыл бұрын
Perhaps one day sure if there are more things to talk about!
@zelial33 жыл бұрын
Don't expose HA to the Internet. Keep it local and connect to it through a VPN.
@amagro94953 жыл бұрын
I think we all are now interrested to know more about the VLAN tip. You can just do a video with your setup so that we can understand better how all that works. Tks, and congrats for all your work.
@EverythingSmartHome3 жыл бұрын
Thank you, I'll get to work on it!
@PersonXes3 жыл бұрын
Thanks, looking forward to that. I have been holding off figuring out how to configure my ZyXEL managed switches and my unifi access points to set up vlans. Perhaps based on your example VLAN setup video I will find the courage! Setting up 2FA and IP banning was easy, thanks for the tips.
@an_R_key3 жыл бұрын
With security, its never just one thing. The best approach is a layered one :-)
@spattf36 ай бұрын
Would love to see a good primer on VLAN with Home Assistant.
@trdsclan90612 жыл бұрын
Could you please make a VLAN security management video for Home Assistant? That will really help protect my HA. Thanks in advance!! Best regards, Adi
@GnobarEl3 жыл бұрын
Another great video!
@EverythingSmartHome3 жыл бұрын
Thank you buddy appreciate it! 🙏
@lantrosforum83502 жыл бұрын
thanks very good job 😀😀😀😀
@bowinkle1433 жыл бұрын
Love your videos! I feel like I'm learning from Magneto (Michael fassbinder) you look very similar!🤣 Thanks for your help👍
@EverythingSmartHome3 жыл бұрын
Hahaha wish I had the same claim to fame but I'll take all I can get 😂 thanks Shane!
@richf71483 жыл бұрын
I assume that if I am using WireGuard to access from outside my home I should not need to use HTTPS nor DuckDNS, correct?
@kjjordans3 жыл бұрын
I would love more info on the VLAN. What is the minimum or suggested hardware. I am thinking of upgrading from an ISP modem/router
@beprivatecdblind78312 жыл бұрын
rather than using vlan's use an enterprise firewall there are a number of free ones for home uses (such as Sophos), and setup all your IoT devices with fixed IP addresses, then you can exclude those devices you don't trust 100% from accessing the WAN. Added benefit of this is you can tell if those devices are trying to phone home. It is a pain to use fixed IP addresses but if you create a network IP address plan for your devices you only ever have to set the IP address once. Using fixed IP addresses also allows you to shut down a devices access if it has unusual traffic from your firewall.
@glennsgrainger3 жыл бұрын
👍 great video mate
@EverythingSmartHome3 жыл бұрын
Thanks buddy appreciate it!
@victorstela Жыл бұрын
Where is the VLANs video? 🤭I really want to know how you manage your iot devices on a different network.
@rojoworst65362 жыл бұрын
Again a very informative video for a rookie, like me. However adding your specs (2 lines about ipban) it results in a error. Saying: the login attemps line is not possible under the `http` section. How to overcome this. Thank you.
@gordonmoll25133 жыл бұрын
Hey Lewis, that was a really good video about setting up remote access to HA. Many months ago I got my remote access setup and it is working fine. I recently looked over my logs and saw a message to remove the base_url entry from my HTTP integration. That's when I started looking around and found your video which raise a couple questions. Q1: In your video you said that when setting up port forwarding that you could change the HA default port which would make the URL cleaner. I assume meaning to not have to include the port in the URL. I didn't do anything that I know of to change my HA default port but my 8123 port isn't open (using canyouseeme), I only have the 443 port forwarded, and I don't include a port in my URL. The instructions I followed were fairly similar to yours, except I didn't include the 8123 to 8123 port forwarding. Did I change my default somehow and how did I do that? Q2: I want to remove the base_url entry from HTTP. I currently have no URLs entered in the Configuration>General page. Is it as simple as just deleting the base_url entry and pasting the URL that was in base_url into the Internal & External spaces in Configuration>General? FYI, I'm running a supervised instance on Ubuntu on a NUC 10.
@EverythingSmartHome3 жыл бұрын
Hi Gordon, thank you, appreciate it! That's because if I understand correctly it's because you've forwarded port 443 to 8123 which is kind of doing a translation on the fly so to speak. If you try to access it direct via the internal IP address using port 443 I would assume it wouldn't work. That's correct you can just simply remove the base URL. The internal and external URLs are required but it'd a good idea to set them
@ewkco2 жыл бұрын
Excellent Video. Issues with 2FA and iPhone companion app. Never asked for the authentication code on iphone or ipad. Worked on both for a while. iphone stopped wotking with error: login attempt or request with invalid authentication from... Finally disable 2FA and am working again. Does 2FA work with the companion apps? Thanks!
@ryang66722 жыл бұрын
Would you be able to explain to how provide Admin only access for Logbook and History menus? I want to give access the sitter who I created a custom Lovelace card that they only have access too. What I just noticed is they still have access to logbook, history, maps, etc.
@Roedy_Coedy3 жыл бұрын
My Question/Request. How do I set up Github for my config? (How do I easily share there etc?) I tried it years ago and got nowhere with it.
@SBinVancouver Жыл бұрын
VSC reports "Property ipban is not allowed". This because HTTPS access hasn't been enabled?
@rajmohanjena1093 жыл бұрын
would also love to see a vid how to enable ssd boot on raspberry pi 3b...i think there are not much vid on this topic.
@EverythingSmartHome3 жыл бұрын
Hello! Thanks for the suggestion, SSD is not supported on the Pi since they have not added support into the firmware, I think you can do it but it's very very hack and still requires the SD card to work
@rajmohanjena1093 жыл бұрын
@@EverythingSmartHome oohh okkk then
@openmike793 жыл бұрын
Great tips! I found the secrets file tip especially useful. Do you know if it is possible to use the secrets file to store passwords for HA Supervisor Add-ons like MariaDB, Samba Share, or SSH & Web Terminal?
@EverythingSmartHome3 жыл бұрын
Thanks! I'm not actually sure, give it a try!
@joypeterson37863 жыл бұрын
Michael, This can be done. In order to reference the secret from the MariaDB config you define the password in secrets.yaml, then do something like this in the MariaDB config: logins: - username: homeassistant password: '!secret mariadb_password' ----------------------------- The important part is to put the single quotes around the secret reference. Configuring HomeAssistant to use MariaDB also requires adding a recorder section to configuration.yaml. That section should define one property named db_url which also needs to use the MariaDB password. For that, I just defined a second secret named recorder_db_url to store the entire db_url in the secrets file and then use it as follows in configuration.yaml: recorder: db_url: !secret recorder_db_url I wish I knew a way of not having to repeat the MariaDB password in the 2 secrets in secrets.yaml for this to work, but I just got my Home Assistant blue and started setting it up today so I am new to all of this.
@MattHawkinsUK10 ай бұрын
The Google Drive Backup addon allows you to specify the backup password as a secrets item.
@drooplug2 жыл бұрын
IoT devices notoriously have bad security. Having a separate vlan for them is a good way to decrease the risk of an exploited IoT device from providing access to the rest of your network.
@johnroberts84933 жыл бұрын
Is there an easy way to remove IP's from the blacklist? My wife is the type who'll guess at her password 20 times rather than resetting it, and I'm confident she'll blacklist our home IP, her mobile IP, and her work IP all within a few months.
@EverythingSmartHome3 жыл бұрын
Hahaha I feel that 😂 yes there is an IP ban file created in the config folder, simply remove the ones you need to!
@maharshi46143 жыл бұрын
Disable ssh if you dont use or setup keys.
@Indewolf Жыл бұрын
I followed your instructions on using DuckDNS and Letsencrypt etc. I was able to get everything working, how do I get my GF access? She has the newest Iphone 14. I assume its an issue with the certificate requirements? I copied the fullshain pem to her IOS phone, installed the cert and still cannot get access. "Login Credentials Failed" can you help?
@scottboyd38003 жыл бұрын
Recommended routers and setup for vlans
@44jese3 жыл бұрын
Hi, any tips on "login attempt failed" problem with duckdns and/or nginx? i've tried multiple different tips from internet, but with no luck. i'd like to have ip_ban enabled, but due to that problem i can't. trusted proxies / users don't seem to work. I've tried using NAT and firewall rules and i can't even remember what else i've tried but nothing seems to help. also could you make a in depth video of trusted users and how to use them? PS. your videos are great! not too fast and great explanations!
@EverythingSmartHome3 жыл бұрын
Thanks, appreciate it! Sure I can probably help, can you hop over into the discord? It's probably easier to help there!
@44jese3 жыл бұрын
@@EverythingSmartHome sure, do you have DC link in your somewhere? And currently i can't get to the pc but with text i can answer whenever i can :)
@EverythingSmartHome3 жыл бұрын
It's in the description of all my videos!
@SigertErzeel3 жыл бұрын
Where are the blocked ip addresses stored if they get blacklisted? What if your own ip gets black listed?
@nicolasferrao36463 жыл бұрын
What about IDS/IPS ? or NIPS
@josephk98163 жыл бұрын
Have you had any issues with the home assistant app and not using port 8123 for your external connections?
@EverythingSmartHome3 жыл бұрын
I don't do this personally but in my testing no never had an issue
@josephk98163 жыл бұрын
@@EverythingSmartHome Damn, away from home i can connect using a web browser but the app tells me no. Not sure what kind of weirdness is going on. Either way good video thanks for making it.
@EverythingSmartHome3 жыл бұрын
Just checking, have you setup a proper certificate and DNS name etc?
@josephk98163 жыл бұрын
@@EverythingSmartHome DNS is all setup and works and my certs (where your video played a big role) works as well HTTPS FTW I can connect from other computers outside of the home no problem just the app doesn't seem to like having 2 different ports . for example if i am inside of my home i just connect to mydomain.duckdns.org:8123 if im outside of my house i use mydomain.duckdns.org:1999
@EverythingSmartHome3 жыл бұрын
Ah I see, out of curiosity why would you use 2 different ports for internal and external? Why not just use a single port (doesn't need to be 8123) for both?
@shaunwhiteley35443 жыл бұрын
Vlan tutorial please 😀👍
@EverythingSmartHome3 жыл бұрын
I'd love too! The problem is, what platform do you wanna see it on? There is no way to do one size fits all 🤔
@shaunwhiteley35443 жыл бұрын
@@EverythingSmartHome Sorry I don’t know enough about it to answer that 😢
@miguelgarcia-vg1fh3 жыл бұрын
Do the vlan
@pmurfster30073 жыл бұрын
When using 2FA, will this stop any snapshots from being uploaded to my Google drive? Many thanks
@EverythingSmartHome3 жыл бұрын
Do you mean 2FA on your Google Account?
@paulmurphy37353 жыл бұрын
@@EverythingSmartHomeMany thanks for your reply! Sorry for not explaining more clearly. If I add this extra security to HA, will it stop HA from upload any backup snapshots to my Google drive or will it work as normal? Thanks for your great tutorials 👍
@EverythingSmartHome3 жыл бұрын
No problem just wanted to check! No there should be no issue at all that I can see but of course be sure to double check! Thanks, appreciate you 🙏
@paulmurphy37353 жыл бұрын
@@EverythingSmartHome Thanks very much for your time and replying back to me. ✌
@EverythingSmartHome3 жыл бұрын
Anytime!
@GnobarEl3 жыл бұрын
A nice tutorial would be how to setup duckdns and MQTT. Since I configured duck DNS my MQTT is no longer working and I'm not sure why.
@EverythingSmartHome3 жыл бұрын
That's strange, what changes did you make? Did you end up using DNSmasq?
@GnobarEl3 жыл бұрын
@@EverythingSmartHome Hello, I think it was a wrong configuration on my side. Everything looks working now. Thanks for your support.
@EverythingSmartHome3 жыл бұрын
Glad you got it!
@ScottSchramm3 жыл бұрын
Timestamps would help.
@egil-andrenessmortensen30373 жыл бұрын
I got the 403 access denied, not able to connect to HA even locally. Think it might be tip no 5. What to do?
@EverythingSmartHome3 жыл бұрын
If you blocked yourself them edit the IP block file inside the config folder to fix
@egil-andrenessmortensen30373 жыл бұрын
@@EverythingSmartHome thanks for replying😁 however not able to log inn to gui, can i use console? Have no clue how to do that if possible at all
@EverythingSmartHome3 жыл бұрын
Your welcome! Do you have SSH?
@egil-andrenessmortensen30373 жыл бұрын
@@EverythingSmartHome Have not installed that - so probably not. So Im screwed? :)
@EverythingSmartHome3 жыл бұрын
Join the discord I'm sure we can help you out!
@hillebrandstreet18826 ай бұрын
Hi is it possible to add my Local IP address not to get banned please
@WeedRa13 жыл бұрын
after restart the server for ip_ban my home assistant stop works, now i'm stucked on the page "unable to connect to HA" :(
@EverythingSmartHome3 жыл бұрын
Did you check your config before restarting?
@WeedRa13 жыл бұрын
@@EverythingSmartHome yes and no error so i have restarted ha...