this post was submitted on 04 Oct 2024
14 points (100.0% liked)

homeassistant

12066 readers
3 users here now

Home Assistant is open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. Available for free at home-assistant.io

founded 1 year ago
MODERATORS
 

Hi everyone

So, that's a 2 in 1 post. First a more general question then looking for advice for a friend.

  • What is your preferred way to access HA from outside (and why)?

  • a friend of mine use duckdns and I often read (recently) that some people are having issue with it. Is wireguard a better way or another solution that is not too techy to deal with?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 month ago (2 children)

Different services for different use cases.

I use nginx reverse proxy behind Duckdns for anything that requires public access, or that I use very frequently, like jellyfin or immich

I use Wireguard for everything else, to expose as little as possible.

If anything, I would say that Duckdns is harder to setup than Wireguard. You will need something like nginx reverse proxy if you want to host multiple services, and also deal with SSL certificates.

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (1 children)

Can you explain why you don't use wireguard for jellyfish/lmmich?

(Network things are something I never get to fully understand)

[–] [email protected] 5 points 1 month ago (2 children)

To use Wireguard, you need to:

  1. provision a client tunnel for every device, or at least every person who needs to access your network
  2. have Wireguard downloaded and installed on every device, with the tunnels all imported.

Basically, Wireguard works really well for services that only you use, on your own devices. You set it up once per device, and you have access to every service you host on your network.

For the DuckDNS / reverse proxy route, you need to configure the reverse proxy for every service you want to expose, but don't need to configure anything on the end user's device.

For Jellyfin, since I have users that are not me, it is impractical to expect them to go through all the hoops to get Wireguard running just to watch some movie or tv show. I also don't want to make new Wireguard client tunnels for every single friend that I add to my jellyfin server. This also means I can access jellyfin on devices that aren't my own such as a friend's TV.

For immich, my phone is a bit wonky with keeping Wireguard connected in the background, and I just don't want to worry about if I'm connected to my vpn just so my photos will get backed up.

[–] [email protected] 2 points 1 month ago

I just realized that this is the homeassistant community and not something more generic.

Specifically for homeassistant, Wireguard should be fine, unless you plan to do some more advanced stuff like use Alexa without a nabu casa subscription.

The times where you need access to your HA instance without being able to connect to Wireguard should be pretty limited.

[–] [email protected] 1 points 1 month ago
[–] [email protected] 1 points 1 month ago

I consider myself a novice but this is how I do it too (ngnx reverse proxy handling SSL in conjunction with Duckdns domain. Wireguard for remote access to everything else). Both Nginx & duckdns are fairly straightforward to set up through Docker/Portainer.

Should the need arise I'll look at Tailscale.

I dont use HA yet, it's something I'd like to get into if I can figure out VLAN in order to keep IoT stuff away from the rest of the network.