[ale] Home Assistant / Docker / Network Security

Raj Wurttemberg rajaw at c64.us
Tue Jul 24 13:38:54 EDT 2018


(From my notes...)

This is how I update my HA:

Upgrade:

sudo systemctl stop home-assistant at homeassistant.service
sudo su -s /bin/bash homeassistant
source /srv/homeassistant/bin/activate
pip3 install --upgrade homeassistant
exit
sudo systemctl start home-assistant at homeassistant.service

/Raj

-----Original Message-----
From: Ale <ale-bounces at ale.org> On Behalf Of Derek Atkins via Ale
Sent: Tuesday, July 24, 2018 1:23 PM
To: DJ-Pfulio <DJPfulio at jdpfu.com>; Atlanta Linux Enthusiasts <ale at ale.org>
Subject: Re: [ale] Home Assistant / Docker / Network Security

H,

On Tue, July 24, 2018 1:04 pm, DJ-Pfulio via Ale wrote:
> Wouldn't a VPN be more secure? I know nothing about HomeAssist protocols.
>
> I use VPN (openvpn AES256) or an ssh-SOCKS proxy to access a LAN-only 
> Plex server.

Much harder to set up on my Android and iOS devices in order to monitor the
house when I'm out.

> Patching?  Is that not done, like how Asterisk is generally deployed 
> commercially?

Patching requires code updates that solve the problem... Which requires
developers who acknowledge there is a problem and then fix it.

Based on the (10-page) thread I read, there does seem to be a problem, but
it's unclear if it's based on SAMBA, a combination of proxy, trust, and
x-forward-for, or some other bug.  There certainly isn't a "Best Practice"
that I can find.

I suspect securing the docker instance would be much harder than securing
a base OS running HA natively.   On the other hand, upgrading the native
HA is probably harder as it's not as simple as clicking a button and loading
the new docker image.  (I honestly have no clue how to update a
"pip-installed" thing).

-derek




More information about the Ale mailing list