Merge branch 'current' into next

2017-09-21 21:23:50 -07:00 · 2017-09-21 21:23:50 -07:00 · 1b1bf59c0c
commit 1b1bf59c0c
parent 6ad0942d10 3f4a820ec2
43 changed files with 311 additions and 230 deletions
--- a/source/_docs/ecosystem/backup/backup_github.markdown
+++ b/source/_docs/ecosystem/backup/backup_github.markdown
@ -50,37 +50,17 @@ Before creating and pushing your Home Assistant configuration to GitHub, please

 Creating a `.gitignore` file in your repository will tell git which files NOT to push to the GitHub server. This should be used to prevent publishing sensitive files to the public. It should contain a list of filenames and pattern matches. This list should include at least your `secrets.yaml` file, device configuration files, and the Home Assistant database/directory structure.  The `.gitignore` file should be placed in your Home Assistant directory.

-Here is a sane example, but yours should be based on the files in your structure:
+Here is an example that will include your `.gitignore` file, a `scenes` directory, and all .yaml files except for `secrets.yaml` and `known_devices.yaml`. All other files will be excluded.

 `.gitignore`

 ```bash
-*.pid
-*.xml
-*.csr
-*.crt
-*.key
-www
-OZW_Log.txt
-home-assistant.log
-home-assistant_v2.db
-*.db-journal
-lib
-deps
-tts
+*
+!*.yaml
+!scenes
+!.gitignore
 secrets.yaml
 known_devices.yaml
-*.conf
-plex.conf
-phue.conf
-harmony_media_room.conf
-pyozw.sqlite
-.*
-!/.gitignore
-!/.travis.yml
-html5_push_registrations.conf
-ip_bans.yaml
-/icloud/*
 ```

 More information on the layout of the file can be found in the [.gitignore manual](https://git-scm.com/docs/gitignore).
--- a/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown
+++ b/source/_docs/ecosystem/certificates/tls_self_signed_certificate.markdown
@ -10,25 +10,39 @@ footer: true
 redirect_from: /cookbook/tls_self_signed_certificate/
 ---

-If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. [Let's encrypt]({{site_root}}/blog/2015/12/13/setup-encryption-using-lets-encrypt/) will only work if you have a DNS entry and remote access is allowed. The solution is to use a self-signed certificate. As you most likely don't have a certification authority (CA) your browser will conplain about the security. If you have a CA then this will not be an issue.
+If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. 
+[Let's encrypt]({{site_root}}/blog/2015/12/13/setup-encryption-using-lets-encrypt/) will only work if you have a DNS entry and remote access is allowed. 
+The solution is to use a self-signed certificate. As you most likely don't have a certification authority (CA) your browser will conplain about the security. If you have a CA then this will not be an issue.

-To create locally a certificate you need the [OpenSSL](https://www.openssl.org/) command-line tool.
+To create a certificate locally, you need the [OpenSSL](https://www.openssl.org/) command-line tool.

-Change to your Home Assistant [configuration directory](/getting-started/configuration/) like `~/.homeassistant`. This will make it easier to backup your certificate and the key. Run the command shown below.
+Change to your Home Assistant [configuration directory](/getting-started/configuration/) like `~/.homeassistant`. This will make it easier to backup your certificate and the key. Run the command shown below. 
+
+The certificate **must** be `.pem` extension.
+
+If you are going to use this certificate with the iOS app, you need to ensure you complete **all** fields during the cetificate creation process, then:
+
+* Send **only** the `certificate.pem` file to the iOS device, using airdrop or other transfer method.
+* Open the `.pem` file on the iOS device, follow the prompts to trust and install it.
+* If you are using iOS 10.3 or newer then [additional steps](https://support.apple.com/en-us/HT204477) are needed.

 ```bash
-$ openssl req -new -x509 -sha256 -newkey rsa:4096 -nodes -keyout privkey.pem -days 730 -out fullchain.pem
+$ openssl req -sha256 -newkey rsa:4096 -nodes -keyout privkey.pem -x509 -days 730 -out certificate.pem
 ```

-For details about the parameters, please check the OpenSSL documentation. Provide the requested information during the generation process. At the end you will have two files called `privkey.pem` and `fullchain.pem`. The key and the certificate.
+For details about the parameters, please check the OpenSSL documentation. Provide the requested information during the generation process. 
+
+At the end you will have two files called `privkey.pem` and `certificate.pem`. The key and the certificate.

 Update the `http:` entry in your `configuration.yaml` file and let it point to your created files. 

 ```yaml
 http:
  api_password: YOUR_SECRET_PASSWORD
-  ssl_certificate: /home/fab/.homeassistant/fullchain.pem
-  ssl_key: /home/fab/.homeassistant/privkey.pem
+  ssl_certificate: /home/your_user/.homeassistant/certificate.pem
+  ssl_key: /home/your_user/.homeassistant/privkey.pem
 ```

+A restart of Home Assistant is required for the changes to take effect.
+
 A tutorial "[Working with SSL Certificates, Private Keys and CSRs](https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs)" could give you some insight about special cases.