jeena/home-assistant.github.io
1
0
Fork 0
Code Issues Pull requests Projects Packages Wiki Activity Actions

Site updated at 2017-11-12 10:06:54 UTC

Browse source
This commit is contained in:
Travis CI 2017-11-12 10:06:54 +00:00
parent 9b986aa207
commit b0c4bebd4c
230 changed files with 2321 additions and 1823 deletions
Download patch file Download diff file Expand all files Collapse all files

147
blog/categories/how-to/atom.xml
View file

@ -4,7 +4,7 @@
<title><![CDATA[Category: How-To | Home Assistant]]></title>
<link href="https://home-assistant.io/blog/categories/how-to/atom.xml" rel="self"/>
<link href="https://home-assistant.io/"/>
<updated>2017-11-12T08:16:24+00:00</updated>
<updated>2017-11-12T09:58:41+00:00</updated>
<id>https://home-assistant.io/</id>
<author>
<name><![CDATA[Home Assistant]]></name>
@ -13,6 +13,103 @@
<generator uri="http://octopress.org/">Octopress</generator>
<entry>
<title type="html"><![CDATA[Secure remote access to Home Assistant using Tor]]></title>
<link href="https://home-assistant.io/blog/2017/11/12/tor/"/>
<updated>2017-11-12T08:00:00+00:00</updated>
<id>https://home-assistant.io/blog/2017/11/12/tor</id>
<content type="html"><![CDATA[Routers and gateways provided by broadband internet providers are very often limited regarding features and configuration possibilities. Most of these limitations affect the opportunities that allow users to set up port-forwarding, DMZ, and DHCP reservations since the suppliers figured that average user does not want (or should not) deal with these. Making your Home Assistant instance available remotely (and securely), in this case, becomes more difficult. Are you one of those unlucky ones?
There are a couple of options available to achieve a remote (and secure) accessible Home Assistant instance. However, almost all of them require you to: open one or more ports on your router, expose a public IP address, and require you to reserve a fixed IP in your DHCP server (or set up a static IP address). Examples of these are:
- Combination of [DuckDNS](/components/duckdns/) (or similar), [Let's Encrypt](/docs/ecosystem/certificates/lets_encrypt/) (SSL), DHCP reservation, and forwarding a port to your device running Home Assistant.
- Setup a VPN, which often requires more hardware and software. Additionally, it also requires port-forwarding, DHCP reservation and most likely [DuckDNS](/components/duckdns/) (or similar).
- [SSH tunnel-ing](/blog/2017/11/02/secure-shell-tunnel/). Which still requires port-forwarding, DHCP reservation and most likely (yeah, you've guessed it) [DuckDNS](/components/duckdns/) (or similar).
There is, however, another option available that most people do not realize: [Tor](https://www.torproject.org). [Tor](https://www.torproject.org) offers a capability that they refer to as [Tor's Hidden Services](https://www.torproject.org/docs/hidden-services.html.en), which allows you to securely access your Home Assistant installation *without* the need for all these things. No need to forward and open ports, no need to expose your public IP, no DNS entry, no need for SSL certificates, and you do not have to assign a fixed IP to the device running your Home Assistant.
The most amazing part? It is super easy to set up!
<!--more-->
## <a class='title-link' name='setting-up-tor' href='#setting-up-tor'></a> Setting up Tor
Our [documentation](/docs/ecosystem/tor/) provides an detailled guide about seting up a [Tor's Hidden Service](https://www.torproject.org/docs/hidden-services.html.en). The setup is straight-forward:
1. Install Tor. On a Debian-based system: `$ sudo apt-get install tor`. On Fedora: `$ sudo dnf install tor`
2. Modify Tor's main configuration file `/etc/tor/torrc` to include the following lines:
```bash
############### This section is just for location-hidden services ###
## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
...
HiddenServiceDir /var/lib/tor/homeassistant/
HiddenServicePort 80 127.0.0.1:8123
...
```
3. Restart Tor: `$ sudo systemctl restart tor`
4. The Tor-generated hostname file contains the hostname you need to access your installation.
```bash
$ sudo cat /var/lib/tor/homeassistant/hostname
abcdef1234567890.onion
```
## <a class='title-link' name='tor-add-on-for-hassio' href='#tor-add-on-for-hassio'></a> Tor add-on for Hass.io
[Franck Nijhof (@frenck)](https://github.com/frenck) created the [Tor add-on](https://github.com/hassio-addons/addon-tor) for [Hass.io](/hassio/). This add-on makes the installation and the setup extremely simple. Go to the **Hass.io** panel, then to the **Store**, copy `https://github.com/hassio-addons/repository` into the text box of **Add-On Repositories** and save it.
A new entry **Tor** will show-up in the list of add-ons. Click on it to install it. The configuration is done in **Options**. Please refer to the [Configuration documentation](https://github.com/hassio-addons/addon-tor#configuration) for further details. A possible configuration could look like the sample below (which is the default configuration).
```json
{
"log_level": "info",
"socks": false,
"hidden_services": true,
"stealth": false,
"client_names": [],
"ports": [
"8123:80"
]
}
```
When you are done, press **Save** and then **Start**. In the **Logs** section, you can see what the add-on is doing. Watch out for an entry like the one below, which will tell you your hostname on the Tor network.
```bash
INFO: -----------------------------------------------------------
INFO: Your Home Assistant instance is available on Tor!
INFO: Address: abcdef1234567890.onion
INFO: -----------------------------------------------------------
```
Don't worry if you missed it, restarting the add-on will display it again. The details are also stored and available in the `/ssl/tor/hidden_service/hostname` file.
## <a class='title-link' name='tor-clients' href='#tor-clients'></a> Tor clients
To access you Home Assistant via the Tor Hidden Service, you will need a Tor client. There are multiple clients, for different devices and platforms, available. The [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) is by far the simplest option, which is available for Windows, MacOS & Linux.
Simply download and install the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en), start it, and enter the "dot onion" address you've gained from the earlier steps (`abcdef1234567890.onion` in this case). Voila!
Some other clients:
- [Orbot](https://guardianproject.info/apps/orbot/) for Android
- [Orfox](https://play.google.com/store/apps/details?id=info.guardianproject.orfox&hl=nl) for Android
- [Onion Browser](https://mike.tig.as/onionbrowser/) for iOS
## <a class='title-link' name='cranking-up-security' href='#cranking-up-security'></a> Cranking up security
The setup described in this blog post is easy and relatively secure, but anyone who knows your `.onion` address can still connect to your Home Assistant instance (Remember to use passwords!). With all of the [discussion](https://blog.torproject.org/quick-simple-guide-tor-and-internet-things-so-far) about putting your IoT on the Tor Network, maybe you want to add an extra layer of defense, especially if youre going to be the only one that uses it. Tor offers an additional layer of security, called "Hidden Service Authentication", usually referred to as "Stealth"-mode.
This "Stealth"-mode adds an extra layer of security to your Hidden Service by only responding to a client that passes a unique secret cookie as it connects. Obviously, this requires additional configuration on the Tor client applications.
Additional information can be found in the [Tor documentation](/docs/ecosystem/tor/) and the [Tor add-on repository](https://github.com/hassio-addons/addon-tor), including how to setup the "Stealth"-mode. The Tor Project itself provides details about a variaty of topics in their [documentation](https://www.torproject.org/docs/documentation.html.en).
]]></content>
</entry>
<entry>
<title type="html"><![CDATA[Home Assistant and The Things Network (TTN)]]></title>
<link href="https://home-assistant.io/blog/2017/11/10/ttn-with-mqtt/"/>
@ -456,54 +553,6 @@ The physical sensor reads the current voltage of the pin. A [template sensor](/c
Hide the serial sensor if you don't want to see the raw data in the frontend and you are done. The whole setup with a Digispark is not very reliable because there is no hardware USB support. As a showcase and if you don't build your automation rules around it does the sensor what it should for a very small price.
]]></content>
</entry>
<entry>
<title type="html"><![CDATA[Effortless encryption with Let's Encrypt and DuckDNS]]></title>
<link href="https://home-assistant.io/blog/2017/09/27/effortless-encryption-with-lets-encrypt-and-duckdns/"/>
<updated>2017-09-27T00:05:00+00:00</updated>
<id>https://home-assistant.io/blog/2017/09/27/effortless-encryption-with-lets-encrypt-and-duckdns</id>
<content type="html"><![CDATA[When Let's Encrypt launched we were estatic: finally an easy and free way for our users to securely access their homes remotely. Let's Encrypt signifianctly lowered the bar to get and renew SSL certificates. However, this process could still be quite an obstacle for our users. It required opening ports on the router and remembering to renew the certificate every so often.
Thanks to a [blog post][splitbrain] by Andreas Gohr I realized that DuckDNS supports setting TXT records, making it compatible with the DNS-01 challenge of Let's Encrypt. The DNS-01 challenge is using the DNS record of the domain instead of interacting with the server. This means that it's not needed for the user to open any ports!
I have worked together with [Pascal Vizeli][pvizeli] on updating the DuckDNS add-on for Hass.io and today we're proud to announce it now includes automatic generation and updating of Let's Encrypt certificates for your DuckDNS domain. The only thing that you have to add to your DuckDNS configuration is that you accept the Let's Encrypt [terms of service][terms] and point Home Assistant at the generated certificates and you're good to go. No other work is required.
To get started today, start with making sure that you have [Hass.io installed][hassio]. After that, go to the Hass.io panel in Home Assistant, open the add-on store, scroll down to DuckDNS and install it. In the DuckDNS settings change "accept_terms" to true and start it.
Next up is to configure Home Assistant with the config below and restart it. You're now good to go! Make sure to use the right protocol when browsing to your instance: `https://<your_domain>.duckdns.org`. Happy secure controlling your house!
```yaml
# Example configuration.yaml entry for the HTTP component
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
```
If you're not using Hass.io, check out the [blog post][splitbrain] by Andreas for instructions.
If you enjoy the free service provided by DuckDNS and Let's Encrypt, consider donating to their cause:
- [Become a Patreon of DuckDNS](https://www.patreon.com/user?u=3209735)
- [Donate to Let's Encrypt](https://letsencrypt.org/donate/)
More information:
- [Hass.io][hassio]
- [Installing Hass.io][hassio-install]
- [DuckDNS add-on][addon-duckdns]
- [DuckDNS][duckdns]
- [Let's Encrypt][le]
[splitbrain]: https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt
[terms]: https://letsencrypt.org/repository/
[pvizeli]: https://github.com/pvizeli
[hassio]: /hassio/
[hassio-install]: /hassio/installation/
[addon-duckdns]: /addons/duckdns/
[duckdns]: http://www.duckdns.org/
[le]: https://letsencrypt.org/
]]></content>
</entry>

27
blog/categories/how-to/index.html
View file

@ -79,6 +79,27 @@
<h2>2017</h2>
<article>
<div class="grid">
<div class="grid__item one-fifth palm-one-whole">
<time datetime="2017-11-12T08:00:00+00:00" pubdate>
<span class='month'>Nov</span> <span class='day'>12</span>
</time>
</div>
<div class="grid__item four-fifths palm-one-whole">
<h1 class="gamma"><a href="/blog/2017/11/12/tor/">Secure remote access to Home Assistant using Tor</a></h1>
<footer class="meta">
<span>
<i class="icon-tags"></i>
<ul class="tags unstyled">
<li>How-To</li>
</ul>
</span>
</footer>
<hr class="divider">
</div>
</div>
</article>
<article>
<div class="grid">
<div class="grid__item one-fifth palm-one-whole">
<time datetime="2017-11-10T12:00:00+00:00" pubdate>
<span class='month'>Nov</span> <span class='day'>10</span>
@ -718,6 +739,9 @@
<section id="recent-posts" class="aside-module grid__item one-whole lap-one-half">
<h1 class="title delta">Recent Posts</h1>
<ul class="divided">
<li class="post">
<a href="/blog/2017/11/12/tor/">Secure remote access to Home Assistant using Tor</a>
</li>
<li class="post">
<a href="/blog/2017/11/10/ttn-with-mqtt/">Home Assistant and The Things Network (TTN)</a>
</li>
@ -730,9 +754,6 @@
<li class="post">
<a href="/blog/2017/11/02/secure-shell-tunnel/">Home Assistant and SSH</a>
</li>
<li class="post">
<a href="/blog/2017/10/28/demo/">Home Assistant Demo</a>
</li>
</ul>
</section>
</div>