I’m running my own HA locally, in my house, but I would like to be able to access it also when I’m not home. So I’ve put it on my Zerotier One VPN, which works fine. Except for two things:
-
HA no longer knows when I’m home - it thinks I’m always home;
-
Other people in my household would also like to have remote access, but it’s unrealistic to have them install and use the VPN.
So - can I just open it up, and rely on long, complex passeords? Or is that a complete no-go?
Layers
HA has it’s own built in IP ban function with the HTTP(S) Integration, but that might only see NAT’d addresses (ie the entire internet has the same address as far as HA is concerned), and is really only intended for protection from someone already on your network.
You should also have some other form of external facing brute-force protection with HAproxy, nginx, fail2ban, etc.
You should have a firewall somewhere, maybe a function on your router, maybe a separate box. If possible also use geographical IP ranges to only allow your region(s).
All of that can either be at home, or on a VPS if you wanted to bounce all your traffic via a fixed location, perhaps with an outbound VPN from your home to the VPS.
Also use other network presence detection (ie ICMP ping, GPS, etc) to determine if you’re at home.
Or… as others mention… support the devs with their solution.