this post was submitted on 04 Oct 2024
14 points (100.0% liked)
homeassistant
12019 readers
15 users here now
Home Assistant is open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. Available for free at home-assistant.io
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Very different solutions.
Wireguard all the way. Exposing just a VPN endpoint that can't be connected to without the right cryptographic keys is a much more secure and maintainable attack surface.
BTW I assume that's what you meant by "DuckDNS". Using that service is orthogonal to making HA visible externally, but is (I think) the common pairing.
Thanks, wireguard sound much better then for just accessing HA, wonder why is duckdns so popular then
Because DuckDNS means you don't have to buy your own domain. I don't know their product offerings; they might offer VPN services, like Mullvad.
Wireguard doesn't provide you with a DNS entry. Without a domain name, you'll have to always either edit your hosts file on every computer you use, or access your services via IP (
https://65.147.69.34:8080/
), whether or not you have Wireguard. DuckDNS lets you createhttp://pafha.duck.dns
(or whatever). Using subdomains also helps with reverse proxying, because routing rules are usually configured by host name. For example, your proxy server can route pafha.duck.dns requests to port 8124, which is where your Home Assistant is listening; while pafmympd.duck.dns proxies to port 8091 which is where your MyMPD server is listening. If you own your own domain, you don't need DuckDNS. If you don't, it's very useful.Wireguard gives you a VPN. It's for creating encrypted subnetworks. Security, and privacy. It doesn't solve the DNS problem.
@paf @wewbull maybe also have a look at Tailscale
Will check that, thanks